On 28 Jun 2016, at 10:45, Moritz Bartl moritz@torservers.net wrote:

On 06/28/2016 02:36 AM, Tim Wilson-Brown - teor wrote:

...

...

Can I run a hidden service from the same server as a tor

relay (which openly exposes the IP address)? From the same server, yes. If you use the same tor process, it's possible to tell which tor process is hosting both the relay and the hidden service.

Likely also if you just use the same server: there will be downtimes that affect both the relay and other services on the same machine, so someone who monitors both consensus and onion service availability can easily correlate the events.

Yes, Moritz is right - you can correlate server downtimes when services run on the same server.

When tor runs both a relay and onion service, you can correlate at least: guards, event loop delays, and server downtime. I think there are also other security issues involved, which is why we don't recommend this configuration.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n

On 28 June 2016 at 04:26, Ivan Markin twim@riseup.net wrote:

Worth mentioning that there is a proposal [1] for "single onion services" (read non-anonymous onion services) exactly for the case when you want to get only cryptographic identity and not anonymity. At the moment you can setup an anonymous onion service and destroy it's anonymity (the only issue is performance).

So for several months www.facebookcorewwwi.onion has been running a beta-test patch (by Teor!) to implement Single Onion Services.

It works fine, and provides comparable performance to accessing Facebook over Tor in the normal way / through via exit node; possibly even slightly faster.

Flipchan:

Most Common is that an attacker gets root access or finds an rce bug on ur system and useage that to login to ur sys and by that gettin the ip,u can ofc run the site with a usr account and proxy all connections through tor with ip tables

What