[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?



>You plan to
>deploy on a locally run user site yet you claim to be conscious of
>breaking the production server. It does not follow.

More typo. You stated somewhere you intend to deploy to a test site
run locally. Something to that effect. I hope I'm not quoting you out
of context. Which would mean you have both a production server and
development server on which to take measurements and instrument as you
please. Those measurements are what gets it done.

And while I'm here:
So you're running both via some sort of multi-homing. As you've said
you don't care about hiding the server. Great, that simplifies your
deployment. You just need to be concerned with ensuring trust of your
site by not doing anything silly. Such as selling their data,
embedding exploitable code, not caring that your client really doesn't
want to use javascript, etc. All the things you would do with a HS
anyway. Without the constraint of hiding like the worst of tor.
Congratulations on giving your clients a choice and for being a good
model of tor use.

A counter example where you might actually want to hide the HS origin:
I was thinking of setting up a Christianity oriented site accessible
by onion in [redacted]. Although I don't care about attacks on the
www-front, I definitely don't want to have traffic on the HS be
correlated by side channel attack on www-front. Because then the
people who use the HS might experience severe persecution not just
(potentially) for using obfuscated bridges but also because of the
content. I'm glad this doesn't apply to you though.

--leeroy
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk