Building a Tor Hidden Service From Scratch - Part 4 - Conclusion

You may not be finished

Although we've examined designing and implementing Tor Hidden Service in quite some depth, some users will likely find that there are still additional considerations that they need to make.

For example, whilst we discussed the risks of traffic leakage, we did very little to avoid it - one solution, assuming you have out-of-band access to the host system, is to add iptables rules to ensure that all TCP and DNS traffic is redirected to the ports operated by the Tor Daemon.

You'd still then need to look at filtering out other protocols (including UDP on all other ports) in case someone discovers a means to have your host system send arbitrary traffic.

Similarly, we haven't discussed the impact of your Guard being compromised, those with serious concerns may need to look at running their own guards to help reduce the effectiveness of common Hidden Service de-anonymisation attacks

It's also important to remember that this documentation may not cover threats which have not been discovered yet, security is a continuous exercise.

 

Measure Twice, Cut Once

Some of the changes we made in Part One may have seemed redundant - why rebind Nginx to the loopback interface if we're firewalling the port? We're all human and make mistakes, if there's a change that can be made to mitigate a potential future mistake, it's well worth considering.

 

Protect Your Users

We live in a fairly unstable world, and you can be reasonably sure that however harmless your hidden service (or clearnet website is) there will be someone who will take issue with it. Taking pro-active measures to keep the identity of your server hidden helps to limit your attack surface to only the elements that you're willing exposing to the public.

The threat will not always be against you directly, but against your users. For example, Christians do not fare well in certain countries, a fact which may be important if you're providing a faith based hidden service. Failing to properly secure your server and protect it's identity could mean that you become the conduit via which aggressors identify your users.

Tor Hidden Services have the potential to allow your userbase a level of privacy that they cannot otherwise obtain on the clearnet, but the anonymous nature of Tor doesn't make you, as the site operator, any less responsible for taking measures to protect the data that your users entrust you with.

 

Overview of Hidden Service From Scratch