| 1 |
On Tue, Apr 24, 2018 at 2:10 PM, Hubert Hauser <hubot@××××.com> wrote: |
| 2 |
> I want to run a few Tor hidden services. My home network is behind a |
| 3 |
> carrier gateway NAT so I can't make server from Raspberry Pi. I consider |
| 4 |
> run Tor hidden services on VPS. What do you think about it? Is cgNAT |
| 5 |
> obstacle if I want to run Tor hidden services? |
| 6 |
> |
| 7 |
|
| 8 |
A hidden service listens to connections from a Tor daemon. The |
| 9 |
recommended setup has both on the same machine, so the web service is |
| 10 |
only accepting connections from the machine it is run on. It does not |
| 11 |
need to be outwardly accessible. |
| 12 |
|
| 13 |
Tor will work even if you are behind NAT, assuming you do not run it |
| 14 |
in a mode where it accepts Tor to Tor connections or Internet to Tor |
| 15 |
connections. |
| 16 |
|
| 17 |
|
| 18 |
Running a hidden service on a VPS, assuming you are not breaking the |
| 19 |
laws in your jurisdiction, is likely the better idea. It will have |
| 20 |
higher bandwidth and if an attacker succeeds in resolving its location |
| 21 |
(which is possible to do and rather easy) they will get a datacenter, |
| 22 |
not your neighborhood. |
| 23 |
|
| 24 |
If you are breaking laws in your jurisdiction of residence I would |
| 25 |
highly recommend moving. Whether or not it is a better idea to |
| 26 |
self-host in this case is a tossup. On one hand, if you self-host and |
| 27 |
the authorities resolve your hidden service's location, they get you, |
| 28 |
but you may have a chance to destroy evidence. On the other hand, if |
| 29 |
you VPS-host and the authorities resolve your hidden service's |
| 30 |
location, they may subpoena the datacenter and get your details and |
| 31 |
also the information on the server. |
| 32 |
|
| 33 |
Cheers, |
| 34 |
R0b0t1 |
Archives