Ben Tasker's Blog

A guide to designing Account Security Mechanisms

The history of the Internet is rife with examples of compromises arising both from poor security hygiene, and also from misguided attempts to "make it more secure" without first considering the implications of changes.

In this post, I'll be detailing some of the decisions you should be making when designing account security and user management functionality.

There's likely little in here that hasn't already been stated elsewhere, but I thought it might be helpful to put it all together in one post.

The post itself is quite long, so headings are clicky links to themselves. For those with limited time, there's a Cheat Sheet style summary towards the bottom.

Read more ...

Don't Use Web2Tor/Tor2Web (especially

Web2Tor and Tor2Web are reverse proxies which allows clearnet users to access Tor Onion Sites (AKA Hidden Services), and there are a variety of services available online (such as,, and onion direct) running this service.

This post details why using these is such a bad idea, as well as detailing some of the changes I'm making to the site to help discourage use of these services.

Read more ...

Building a Tor Hidden Service CDN

Last year I started experimenting with the idea of building a Hidden Service CDN.

People often complain that Tor is slow, though my domain sharding adjustments to the onion have proven fairly effective in addressing page load times.

On the clearnet, the aim traditionally, is to try and direct the user to an edge-node close to them. That's obviously not possible for a Tor Hidden service to do (and even if it were, the users circuit might still take packets half-way across the globe). So, the primary aim is instead to spread load and introduce some redundancy.

One option for spreading load is to have a load balancer run Tor and then spread requests across the back-end. That, however, does nothing for redundancy if the load-balancer (or it's link) fails.

The main aim was to see what could be achieved in terms of scaling out a high traffic service. Raw data and more detailed analysis of the results can be seen here. Honestly speaking, It's not the most disciplined or structured research I've ever done, but the necessary information should all be there.

This document is essentially a high-level write up along with some additional observations

Read more ...

Scheduled Downtime

This site will be unavailable for a short period later whilst the hosting company performs some essential hardware maintenance on my origin server.

As a result, some pages on the site may be unavailable. will also be unavailable as a result, other subdomains (such as should remain available, although service may be limited.


Update 12:50 16/12

The maintenance has now been completed successfully and all services should be back online. Anyone experiencing issues should Contact me

The State of Mobile Banking (in the UK)

News recently broke that Tesco Bank's Android App refuses to run when Tor is also installed on the handset, presumably in the name of security.

So, out of morbid curiousity, I thought I'd take a quick look at just how effectively various banking apps were secured. Banks, after all, should be at the forefront of security (even if they often aren't)

To start with a disclaimer - personally, I think using banking services on any mobile device is a bad idea from the outset, and some of the results definitely support that idea. I've only taken a cursory look, and not made any attempt to dis-assemble any of the apps.


Read more ...