Say you wanted to make a politically-based hidden service that would likely come under a lot of scrutiny. What would be the best way to secure it against adversaries?
Say you wanted to make a politically-based hidden service that would likely come under a lot of scrutiny...
Use Hidden Service v3, not v2
Tor Daemon and Hidden Service MUST run on separate (virtual) machines. The service machine must not be connected to the Internet under any circumstances. It only talks to the machine that's running the Tor daemon, over LAN.
This. Also both linux and windows update works through tor
>Tor Daemon and Hidden Service MUST run on separate (virtual) machines. The service machine must not be connected to the Internet under any circumstances. It only talks to the machine that's running the Tor daemon, over LAN.
doesn't qubes-whonix have the same effect?
bump
bump
>politically-based
literally all internet is infrastructural. if the government wanted it down it would be down.
>doesn't qubes-whonix have the same effect?
Yes, Whonix implements this idea
It's probably not the worst choice for a hidden service though I'd rather build a minimal setup from the ground up
The less code you have, the fewer bugs are likely to exist
Regarding the service itself, you should understand every line of code. Don't use web frameworks. They might leak information you did not anticipate. Write a minimal web application in a safe language.
>safe language
such as?
>such as?
Instead of saying "nigger", say black people instead.
Go, Rust, Python, Scheme, Haskell
Anything that doesn't expose pointer arithmetic,
when a NULL pointer dereference could literally land you in jail.
This. Also, create another VM for storing data. The website should be in a bsd jail that way no one can actually modify your website/webserver and potentially fuck over users. Also, use openbsd. It's primary goal is to be secure.
>a NULL pointer dereference could literally land you in jail
A crash will land you in jail? Not likely. The website would just go down. But OP should use a safe language regardless. It will protect data.
Realistically, I wouldn't worry so much. If your website can be static, that will make your life a lot easier. It depends on how paranoid you are I guess.
pfffffthahahahahahahahaha
Pretend to be pedos instead of "racists".
The biggest problem with these sites is giving it traffic
Do you have an exact plan OP?
Jow Forums is the actual mecca for nazi meetups, can you do any better?
i wouldn't be worried about traffic over security. hidden services spread on their own.
kek
Same way you secure any other web application, user.
most security isn't done for anonymity though.
bump
>hidden service
nobody in your country is going to read some faggots tinder blog clone
>best way to secure it
glue a trimmed blog print to the wall at night
Uh don't write a shitty backend? I don't see why anybody would come after you aren't doing anything illegal?
>why would people come after you if it's not illegal
Because some people do not agree with what you are doing.
Keyword 'political'.
You think SJW's are smart enough to take down your site and will even be aware of it's existence?
Im not op so that post was not about his site, it is a fact of reality when one faces adversion.
I wonder how would you moderate such service, since banning IP's is not an option on a anonymous service.
make "anonymous" accounts with some kind of blockchain to discourage duplicate/alternate shill accounts unless you want to dedicate increasing amounts of computing power as the total number of accounts scale.
someone posts illegal shit you blacklist the account.
optionally implement transient/per thread ids so as to limit samefagging
by using i2p
From last /cyb/ thread. Which one to use?
i2p is a meme
all 3 options are 100% retarded
this
What is your recommendation then?
>It's primary goal is to be secure.
Yeah, by writing """""clean code"""""
There's a lot more to security than clean code. They sometimes sacrifice simplicity for security.
See: privilege separation
not having your tor server on your home network.
Your security:
First you should buy a server anonymously.
Use Monero (mine it and even use Tor to connect to the mining pool) and only connect to your server over Tor.
When your hoster doesn't know who you are, he can even get raided and you are safe.
Encrypt your harddrive (dm-crypt) and don't use Windows. Use a Linux distro of your choice.
I prefer Qubes + Whonix. It's pretty secure but remember that 100% security is never possible.
You could also add a hardware firewall (raspberry pi should do it) and only allow connections to guardian-nodes to prevent IP leaks.
Server security:
is right. You should look at Whonix and implement the same idea on your server. Host + 2 VMs.
One is a gateway, one the "workstation" your http server runs on.
Maybe use FreeBSD or TrustedBSD on the workstation VM, so the attacker needs to invest more money?
About Tor:
edwardsnowden.com
>with manual analysis we (NSA) can de-anonymize a very small fraction of Tor user
Tor will safe you against most threats but three-letter agencies with billions of dollars can de-anonymize you if they really want. Mostly they won't, because you are not Osama Bin Laden, a politican or CEO of a Fortune 500 company, who is worth spying.
>virtual machines
>after SMTgate
Senpai, running multiple shit on the same machine is just asking for trouble.
Gah!
not posting about your revolution on Jow Forums
So you're a nazi.
There's no such thing as a "nazi" these days
Neo fascist white racist just doesn't have the same ring to it.
Absolule brainlet:
Wrong, both literally
>npr.org
And figuratively if you go by
Understand what the word actually means, not its mis-appropriated meaning, you stupid bastard
He could also be from Turkey, Russia, China, Iran, Belarus, Ukraine, Saudi-Arabia or nearly every african state who wants to criticize his government.
LOL, panty-fa SJW get out
>panty-fa
What the fuck kind of definition of nazi do you have, if not
>Somebody who was or is a member of the Socialist German Workers' Party
or
>A Neo-fascist white racist
Because those are the only definitions of Nazi I've ever heard used.
I'm going to choose to assume you're just mentally damaged and ever since you played Yahtzee as a child, you've had things horribly mixed up.
elaborate pls
>hidden services spread on their own.
The real SEO is hiding your shit.
No need for a blockchain. Just use HashCash on its own.
How so?
Traveling around in a van and gaining access to some asshole's wifi network so you don't need to use your home connection.
Too complex. Too many attack vectors. Bad idea asking about this on the clearnet just like the owner of Silkroad did.
Do some research you walking penis. Find out the origin of the word and why it was invented.
Panty-fa poofter!