How to Protect your Internet Anonymity and Privacy/TOR Hidden Service for Anonymous Websites

TOR Hidden Service for Anonymous Websites

TOR Hidden Service allows you to host a website, without revealing where the website is, and hence protects the identity of the publisher/webmaster. Other than the speed, the downside is the special .onion address. You have to install TOR to access these "hidden" websites. But with intermediate services like tor2web, the public have immediate access to these websites. With a hidden service in the cloud, the security and availability are increased.

TOR Hidden Service Setup
If you have a TOR node setup successfully as in other sections, you only need to add two lines to your torrc file:


 * HiddenServiceDir /home/ubuntu/hidden_service
 * HiddenServicePort 80 127.0.0.1:80

Currently, for Ubuntu instants on EC2, the default user name is ubuntu. From the Hidden Service Directory, you can find your .onion address and the encryption keys that you may want to backup.

The Hidden Service Port allows the .onion URL to have a port number, the same as ordinary full URL's. The requests are redirected, or binded, to the real host. In this case the real host is also the local machine, 127.0.0.1, at port 80, default for http.

The Hidden Service is independent on the other service provided on your TOR node. But for anonymity and bandwidth considerations, the only combinations that make sense are hidden service plus a private bridge or intermediate node. Entry nodes and exit nodes require that you node IP be published.

Setting up a secure web server
Apache is the default web server on Linux machines, but as the TOR developers suggest, no web servers were designed with hidden services in mind. There are successors of Apache with security in mind, faster, and support also the full LAMP stack of software. But the installation are not yet as simple as an apt-get.

The TOR developers recommend thttpd, which you can install in Ubuntu by:
 * sudo apt-get install thttpd

This web server may not start if it detects other web servers already present, and it is disabled by default, in contrast to other web servers. To find and kill other web servers:
 * ps aux | grep apache
 * sudo killall apache2

To enable thttpd, edit the file /etc/default/thttpd, and change:
 * ENABLED=yes

There are minimum configurations on /etc/thttpd/thttpd.conf to be a hidden service:
 * port=80
 * host=127.0.0.1
 * dir=/var/www

Here the location of the webpages are set to the default as other web servers, at /var/www.

The port number and host IP agrees with the TOR setup. In addition, thttd will only accept requests from the localhost, where the TOR node is operating. Without binding the host, you can get the same pages direct from the IP address of the host, and from the Hidden Service, proving that they are in fact one. Of course, your adversary need to be suspicious about a particular IP address that is hosting the content. Not hosting your hidden website via your home or office ISP adds security.

Given the suspicion of a particular IP, the other way to detect the hidden service is to use traffic analysis. When you request a webpage from the hidden service, there should be outgoing traffic at the suspicious IP pretty soon. But the outgoing traffic can be hidden by operating the TOR node at the same time, as some sort of high capacity node.