Hidden Services, Current Events, and Freedom Hosting
A Hidden service is a server – often delivering web pages – that is reachable only through the Tor network. While most people know that the Tor network with its thousands of volunteer-run nodes provides anonymity for users who don´t want to be tracked and identified on the internet, the lesser-known hidden service feature of Tor provides anonymity also for the server operator.
Anyone can run hidden services, and many do. We use them internally at The Tor Project to offer our developers anonymous access to services such as SSH, IRC, HTTP, and our bug tracker. Other organizations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse-recovery. Whistleblowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example.
Hidden service addresses, aka the dot onion domain, are cryptographically and automatically generated by the tor software. They look like this http://idnxcnkne4qt76tg.onion/, which is our torproject.org website as a hidden service.
There is no central repository nor registry of addresses. The dot onion address is both the name and routing address for the services hosted at the dot onion. The Tor network uses the .onion-address to direct requests to the hidden server and route back the data from the hidden server to the anonymous user. The design of the Tor network ensures that the user can not know where the server is located and the server can not find out the IP-address of the user, except by intentional malicious means like hidden tracking code embedded in the web pages delivered by the server. Additionally, the design of the Tor network, which is run by thousands of volunteers, ensures that it is impossible to censor or block certain .onion-addresses.
them if we can.
As for now, one of multiple hidden service hosting companies appears to be down. There are lots of rumors and speculation as to what's happened. We're reading the same news and threads you are and don't have any insider information. We'll keep you updated as details become available.
EDIT: See our next blog post for more details about the attack.
Here's how it is:
This is an issue which has been pointed out many times, to no avail. The reasoning behind this insane decision by Torproject is apparently to make non-techs "feel at home" with TBB, i.e. everything works just like using a normal browser including malicious scripts! Which makes the whole concept of a secure, "ready tweaked" browser bundle for non-techs useless!
"everything works just like using a normal browser including malicious scripts! "
What about malicious images?
You are not making sense.
I guess I'll be the first to say it, and to the anon a few posts back who said that "these ??'s have been asked/answered over and over ... ..." Thank you and can't believe it took so long for someone to say it. Kudos
I am not here to bad mouth the torproject or anything else but try to learn a bit but I have to say, all the stuff this poster mentioned is true and while I do understand not making things too technical, I struggle with a lot of it but thats just part of it, not to mention rewarding when it all clicks. I believe that this "ease of use, and JS issue is due to most(not all) Windows users just not wanting to learn or make any sacrafices in the name of security/privacy/anonymity. I've seen it over and over, in all sorts of settings. While not perfect either, why anyone would chose TBB over Tails is beyond me. I see this as more of a "dumb it down for M$ users" than an overall usability issue. I have almost no issues with heavy use of NoScript and never have JS enabled and other than "Captcha's" and a few other confirmation stuff I almost never have issues. I let the shit I want in, I decide how functional a site is with my configs and if the trade-off is needed or worth it when I make an exception. I have no problems and if you think that Tor is slow, you are just spoiled, young, or both. Small price to pay. All that being said, I don't think this can't happen to Tails and Linux users and more tech savy users of any OS, only that much of the dumbing down is for people who claim to care about censorship, surveilance, and privacy rights and here they are using a lowsy proprietary OS that I treat as malware. Go FOSS and don't believe that linux is hard, it's not. Dumbing down is never the answer. Thank you to the Tor Dev's and all the helpful people who are less known than the big public names.