Using Tor hidden services for good

Getting good stories for Tor successes is tricky, because if Tor is doing its job, nobody notices. I know a lot of people who have really interesting Tor success stories and have no interest in telling the world who they are and how they managed (until that moment when everybody is reading about them, that is) to stay safe.

Still, there are a bunch of other stories out there that haven't been documented as well. For example, I really like Nasser's story about his experiences in Mauritania:

Hidden services have gotten less broad attention from the Tor user base, since most people who install Tor have a website in mind like twitter or indymedia that they want to visit safely. Some good use cases that we've seen for hidden services in particular include:

- I know people (for example, in countries that have been undergoing revolutions lately) who run popular blogs but their blogs kept getting knocked offline by state-sponsored jerks. The common blogging software they used (like Wordpress) couldn't stand up to the ddos attacks and breakins. The solution was to split the blog into a public side, which is static html and has no logins, and a private side for posting, which is only reachable over a Tor hidden service. Now their blog works again and they're reaching their audiences. And as a bonus, the nice fellow hosting the private side for them doesn't need to let people know where it is, and even if somebody figures it out, the nice fellow hosting it doesn't have any IP addresses to hand over or lose.

- Whistleblowing websites want to provide documents from a platform that is hard for upset corporations or governments to censor. See e.g.

- Google for 'indymedia fbi seize'. When Indymedia offers a hidden service version of their website, censoring organizations don't know which data centers to bully into handing over the hardware.

- Data retention laws in Europe (and soon in the US too at this rate) threaten to make centralized chat networks vulnerable to social network analysis (step one, collect all the data; step two, get broken into by corporations, criminals, external governments, you name it; step three comes identity theft, stalking, targeted scam jobs, etc etc). What if you had a chat network where all the users were on hidden services by default? Now there's no easy central point to learn who's talking to who and when. Building one and making it usable turns out to be hard. But good thing we have this versatile tool here as a building block.

That's a start. It is certainly the case that we (Tor) spend most of our time making the technology better, and not so much of our time figuring out how to market it and change the world's perception on whether being safe online is worthwhile. Please help. :)

You might also like

This blog post was adapted from an email to tor-talk by Roger. See the original email at

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

pls start a forum soon!!!

First, thank you all for providing one of best proxy services TOR project that i am using for months.
Second, I as one of users of this program have some suggestions:
1. Its boring to download the whole program files each time a tiny update is added, particularly for those who use low speed internet access, downloading a 20 mg file just for some kb updates is panic. Best update technic is automatic update through the program itself without need of manually download a big file and update should be just for the new files updated not the whole program.
2. The browser integrated is not powerful and famous as those Firefox, Chrome. Users should have an option to use other browsers as well. But TOR pops up Aurora when it stats and remain active until Aurora is open. If user shift to another browser and closes Aurora, then, TOR is shut down.
Since I know TOR has been developed to facilitate users, so it would be better users can use their favorite browsers with TOR without encountering problem.

Aurora is an unbranded Firefox. The instance in the browser bundle also has some additional security patches. You can use Chrome/Chromium with Tor, just point Chrome's proxy settings at the SOCKS port of the running tor instance.

Dear Tor Users and Hidden Service Fans :)

Please consider using onioncat ( ).
Onioncat provides a transparent IPv6 tunnel over Hidden Services, you could think
of it as a point-to-multipoint VPN.

It is easy to set up ( follow the instructions on our website ) and you'll get a unique IPv6 address that is only valid within
onioncat. All traffic you exchange over it will never leave the tor network as the packets are only routed between hidden services.

You may provide Web Services, eMail, DNS (although we are working on a better solution in respect to the latency) or whatever you want so that we all together grow an ecosystem of location hidden and easy to use services.

Get in touch with us if there are any questions on how to use onioncat,
you'll find our details on the website mentioned above.

all the best,


Excellent work Creo & team! :) Thanks!

We have published this article on our website in the hope to expand the chances you may get assistance. You correctly identify the reason it's hard to get a 'real story that matters'; I could tell you many more than one, but people would have to be dead first.

To explain that in these paranoid times - I owe legal professional privilege and cannot even start to describe the circumstances, without it becoming obvious to whom! Now I've told you that much, I cannot even tell you the website, either! LOL

"Your comment has been queued for moderation by site administrators and will be published after approval.".....

Please do set up a forum!

Why's the firefox browser not starting up when I click the Start Tor Browser... Vidalia says "connected to the tor network" but the browser does not pop up as usual?

I agree with other posters here that we need a forum for tor talk

I agree too. I think there is no problem to add forum on Drupal, but acctualy there is a problem, who will manage and administrate it 24x7

no need to administrate it 24/7. Who administrates the blog? The same people who administrate the blog should be able to administrate the forum. The forum can have the same functions enabled: requiring anonymous posts to be verified before they are posted.

i downloaded new Tor Browser Bundles ,when i attempt to run it,an alert message occur:"Vidalia detected that the tor software exited unexpectedly.please check the message log for recent warning or error messages".i changed different version Tor browser bundles,but still can't,can you help me ?thank you!

I believe that beside good stories Tor developers need to offer to the people:
1)forum, for discussion and technical help, million times I wanted to ask something and I must ask in some comment at topic of blog which has nothing with my question. You don't need crowd of people to administrate forum, better any (slow) help than no help. Now: Tor has no technical help section and that's big failure for any software. If you want people to use your software, you must have technical help. Good stories are not enough.
2)better technical explanations/documentations, just read your instructions for tor hidden service, your explanation will be understood only by computer professionals, if ordinary person follow your instructions, he will never succeed to setup/install tor hidden service.

Beside this, tor developers need to make better advertising of tor (especially Tor Relays), so, we can get bigger Tor network. There are freelancers websites where people from India can be paid some small money to make articles about tor all over internet. I don't have debit/credit card so I can not employ people, and I am without job, so, I can't pay people to advertise Tor.


im unable to to view chat when using tor ,can any one suggest a solution please

A forum is a very good idea I think. I was wondering if using print pdf addon with tor exposes my identity ?

When downloading files, is that as safe as in will you still be anonymous while downloading files?

The story about the half-public, half-hidden blog was interesting, but without a technical explanation of how it was done and what software was used, the average "civilian," even someone with a general knowledge of computers and UNIX, can't easily duplicate it. And you don't really want to go asking others for help or assistance in setting it up, since that would compromise the whole idea of keeping parts of it secret.

So yes, there is a need for a forum or question and answer site or Wiki for people interested in using Tor to get some technical help.

I'd like to ask questions like:

-- Can you put hidden services on the same server as open services? Do you need to install two HTTP servers? Do you need two IP addresses?

-- Are hidden service URLs one-to-one to dotted-quad IP addresses? Or can you have more than one dot-onion URL per dotted-quad IP address if you specify it in the httpd.conf file? (If you can't separate this stuff out, you'd have to put all your hidden services under a single dot-onion URL, which would reveal that they are operated by the same person, not so good.)

The technical explanations of Tor hidden services on this website are inadequate. Fair enough. You guys are understaffed and very busy and doing a great job. So that is exactly why we need a forum. If someone else wants to set it up somewhere, let us know here in the comments!

why not combine both between tor+onion cat integrated inside tor bundle. that way can make us the user a lot of save from headache. now about is it truly anonymously for I had a greatest secret about to be unfold. This scandal is huge and ugly.

I want contact to some website with single IP in a cretain country evermore.
How can I configure my sightly IP?
Thank you

I'm not sure if this is the correct place to post this question, but judging by some of the website links called when I visit certain websites, the site seems to know my geographical location. The IP address allocated by Tor is not in my country, and yet I receive ads specific to my country. Is there something I'm missing?


Syndicate content Syndicate content