Create a Hidden Service: Tor Site for Anonymous Website/Server
Understanding Tor Hidden Services
Tor is a network designed to provide anonymity and security for its users. It enables individuals to browse the internet privately, concealing their IP addresses and locations.
While commonly used for accessing existing websites anonymously, Tor also facilitates the creation of hidden services. These are websites accessible only through the Tor network.
The Benefits of a Hidden Service
A hidden service operates entirely within the Tor network, effectively masking the identity of its creator and operator. This provides a significant layer of protection.
Access to these sites is restricted to users who are also utilizing the Tor network, ensuring a high degree of privacy for both the host and the visitor.
Hidden services are particularly valuable for individuals requiring anonymity, such as political activists operating in environments with strict censorship.
Beyond Websites: Versatility of Hidden Services
The functionality of Tor hidden services extends beyond traditional websites. It’s possible to host various server types anonymously.
You can establish secure connections like SSH servers or communication platforms like IRC servers, all while maintaining anonymity through the Tor network.
Setting Up a Hidden Tor Site on Windows
This guide will demonstrate the process of creating a hidden Tor site using the Savant web server, which is recommended by the Tor Project.
The instructions provided are specifically tailored for a Windows environment, but the core principles can be adapted for use with other operating systems and web servers.
The following steps will outline the configuration necessary to launch your own anonymous website within the Tor network.
Step 1: Tor Installation
The initial step involves downloading and installing the Tor software onto your computer. Should you already have Tor installed, this stage can be bypassed. Typically, the Tor installation process includes the Tor Browser Bundle, which features a customized Firefox browser.
A green onion icon will appear in your system tray once a connection to the Tor network is established.
After installation is complete, you can test a sample hidden service by entering duskgytldkxiuqc6.onion into the address bar of your Tor browser.
For the hidden service to remain accessible, Tor needs to be consistently running on your system. If your computer is powered down, lacks internet connectivity, or Tor is not active, access to the hidden service’s Tor side will be unavailable.
This operational requirement carries certain anonymity considerations; it is theoretically possible to determine if your computer is hosting the hidden service by checking for its accessibility when the computer is offline.
Installing and Configuring a Web Server
A web server is essential for delivering the content of your hidden service. While commonly used servers like Apache are available, Tor’s documentation suggests alternatives. Specifically, Savant is recommended for Windows users, and thttpd is advised for Mac OS X, Linux, and other UNIX-based systems.
Tor’s documentation highlights potential risks with Apache, noting its size and the possibility of revealing identifying information, such as your IP address, particularly on error pages. However, it also acknowledges similar vulnerabilities might exist in Savant.
Therefore, careful web server configuration is paramount. If you are operating a highly sensitive hidden Tor site, a thorough review of your server’s settings is crucial to prevent unintentional leakage of identifying data.
Savant Configuration Example
We will demonstrate the configuration process using Savant, but the principles apply to other web servers as well. Begin by launching the Savant application and selecting the “Configuration” button.
Within the configuration window, set the “Server DNS Entry” field to “localhost”. This restricts access to your website to your local computer only.
This prevents direct access via the regular web and ensures your hidden service remains concealed.
Also, take note of the port number currently in use by the server.
Adding Your Website Content
Once the web server is configured, you can populate it with your website’s files. Savant, by default, utilizes the C:\Savant\Root directory for website content. You can modify this location within the Paths tab of the configuration settings.
Replace the existing index.html file in this directory with the HTML file you intend to use as your homepage.
Testing Your Configuration
To verify that your setup is functioning correctly, enter localhost into the address bar of your web browser. If you have configured the server to use a port other than the default port 80 – for example, port 1000 – then type localhost:1000 instead.
Configuring the Hidden Service
With Tor installed and a web server operational, the next step involves informing Tor about the service. While the Vidalia graphical user interface should facilitate adding this information to the torrc file, manual configuration may be necessary due to potential errors.
Initially, ensure Tor is shut down if it is currently running.
Subsequently, locate the torrc file. For those utilizing the Tor Browser Bundle, it resides within the Tor Browser\Data\Tor directory. Open this file using a text editor like Notepad.
Append the following section to the end of the torrc file:
# Hidden Service
HiddenServiceDir C:\Users\Name\tor_service
HiddenServicePort 80 127.0.0.1:80
Remember to replace C:\Users\Name\tor_service with the full path to a directory where Tor possesses both read and write permissions. This directory must be distinct from the one housing your website files; it should be empty.
Adjust the :80 portion to reflect the port number your web server is utilizing. For instance, if your server operates on port 5000, the line should read HiddenServicePort 80 127.0.0.1:5000.
Save the modified file. Also, create the directory you specified if it doesn't already exist.
Restart Tor following these changes. After restarting, examine the Message Log for any reported errors.
If the Message Log indicates no errors, the configuration is successful. Inspect the hidden service directory you created. Tor will have generated two files within: hostname and private_key. Protect the private_key file; its compromise would allow others to impersonate your hidden service.
Open the hostname file with a text editor. This file contains the address of your newly established hidden service. Input this address into your Tor browser to view your website. Share this address with others who wish to access your site, remembering that Tor browser usage is required for access.
Finally, review our Tor browser safety recommendations and explore instructions for setting up and utilizing Tor on Android devices.
Image Credit: Blurred Silhouette via Shutterstock
Related Posts
Timeline Tips: Hidden Features & Weekly Facebook Advice
4 Ways You're Accidentally Giving Away Your Privacy
ShortStack - Design Facebook Pages, Apps, Contests & Forms
Health Hazards of Tablet Use - Infographic
Dropbox RSS Feed: Get Notified of File Changes
