{{Header}} {{#seo: |description=Anonymous Hosting, Comparison Table of Tor Onion Services, VPN with Remote Port Forwarding, PageKite and Anonymous Third Party Hosts |image=Deep-web-1106648640.jpg }} [[image:Deep-web-1106648640.jpg|thumb]]
* [[Onion Services]] * [[Hosting Location Hidden Services]]
{{intro| Anonymous Hosting, Comparison Table of Tor Onion Services, VPN with Remote Port Forwarding, PageKite and Anonymous Third Party Hosts }} = Introduction = This page discusses and compares the different kinds of hosting options utilizing location/IP hidden servers. It is possible to host anonymous services such as web sites either: * at home using Tor [[Onion Services]]; * at servers you physically own; or * using (free) services provided by third parties, such as free .onion web space, VPS servers, web space and so on. The five most common methods of running location hidden servers includes: Tor Onion Services, using a VPN provider with remote port forwarding, local host tunneling such as [https://pagekite.net/ PageKite] (which makes your local host a server), .onion webspace, and via anonymous third party hosts. An overview of these methods and a comparison table is provided below. Readers who are unsure of which method to use are recommended to review Tor [[Onion Services]], since they are the easiest to configure and provide the strongest anonymity. = Anonymous Hosting Overview = == Tor Onion Services == Onion Services provide a number of benefits. First, they are censor resistant which means that nobody can take the .onion domain offline unless they compromise the host and / or perform a successful flood attack. See [https://github.com/Attacks-on-Tor/Attacks-on-Tor Thirteen years of Tor Attacks] for a description of flood and other attacks against Tor. In addition, Onion Services are accessible over tor2web over http, although this is not as censor-resistant as the .onion domain itself. Onion Services are also free and do not require any registration to run (no sign up is required). Further, they do not require any additional software other than the server software that will be run anonymously. Onion Services are flexible insofar as they can easily be run at home, on any server physically owned, or on (anonymous) third party hosts. == VPN with Remote Port Forwarding == The level of censorship resistance afforded by VPNs depends on the specific provider used. While services will be reachable by a wider audience (clients) because Tor is not required, there are probably no free VPN services providing [https://security.stackexchange.com/questions/16627/does-portforwarding-present-a-risk-to-anonymity Remote Port Forwarding]. Unlike Onion Services, registration/sign up is very likely required which is a challenge to maintaining anonymity. On the upside, this configuration can be run at home, on any server physically owned, or on (anonymous) third party hosts. == PageKite == [https://pagekite.net/ PageKite] is another alternative service which has been tested inside {{project_name_workstation_long}}, and is functional out of the box (although less tested by {{project_name_long}} developers). PageKite is a subscription-based service, but is free for Free Software authors; application for a free account is required. Further, it is necessary to comply with the [https://pagekite.net/humans.txt PageKite terms of service], register, and provide an (anonymous) [[E-Mail]] address. Besides this entry, there is no documentation for pairing PageKite with {{project_name_short}}. However, it is relatively simple to use and their service is well documented; see [https://pagekite.net/wiki/Howto/PageKiteOverTor/ Running PageKite over Tor] and the footnotes. * Instead of localhost it is possible to use the {{project_name_gateway_long}} IP 10.152.152.10 and a custom port such as 9159, that is replace "''--torify=localhost:9050''" with "''--torify=10.152.152.10:9159''". * Alternatively, the "''--torify''" switch can be dropped and the default PageKite GNU/Linux tutorial instructions followed, since ''misc traffic'' in {{project_name_workstation_short}} is automatically routed through Tor's TransPort. * See [[Stream Isolation]] for an explanation of ''misc traffic'', custom Socks Ports, and Tor's TransPort in {{project_name_short}}. == Anonymous Third Party Hosts == There are many so-called offshore or anonymous hosting companies. Most of these hosting companies do not really offer anonymity because they usually require valid registration data (real name etc.), forbid registration over Tor and/or do not offer anonymous payment methods. The ones listed in the following list are Tor user-friendly, accept anonymous registration and can be paid anonymously with Bitcoin or prepaid cards. ([https://forums.whonix.org/t/abolishing-third-party-hosting-services-in-wiki List deprecated.]) Also note: * There are some free .onion web hosting services, as well as paid ones. * Anonymous VPS servers also exist, but none are free; this necessitates use of [[Money|anonymous money]]. = Comparison Table = '''Table:''' ''Hosting Configuration Comparison'' {| class="wikitable" | ! '''Tor Onion Services''' ! '''VPN with Remote Port Forwarding''' ! '''PageKite''' ! '''.onion Webspace''' ! '''Anonymous Third Party Hosts''' |- ! Accessible over clearnet http(s) | style="background-color: {{Yellow}}"| tor2web only | {{Yes}} | {{Yes}} | style="background-color: {{Yellow}}"| tor2web only | {{Yes}} Yes, if you buy a domain. |- ! Accessible over Tor .onion | {{Yes}} | {{No}} | {{No}} | {{Yes}} | {{Yes}}, if Tor is installed. |- ! Attack against server software (lighttpd, etc.) | {{Fail}} Fail - it would deanonymize you. | {{Fail}} Fail - it would deanonymize you. | {{Fail}} Fail - it would deanonymize you. | {{Safe}} Safe - you are still anonymous. The domain may be lost. | {{Safe}} Safe - you are still anonymous. The domain may be lost. |- ! Attack against Tor (onion services) | {{Fail}} Fail - it would deanonymize you. | {{Fail}} Fail - it would deanonymize you. | {{Fail}} Fail - it would deanonymize you. | {{Safe}} Safe - you are still anonymous. The domain may be lost. | {{Safe}} Safe - you are still anonymous. The domain may be lost. |- ! Clearnet domain censor resistance | style="background-color: {{Red}}"| Depends on tor2web legislation. | style="background-color: {{Red}}"| Depends on domain registrar legislation. | style="background-color: {{Red}}"| * When using PageKite domain: Depends on PageKite legislation. * When using own domain https://pagekite.net/wiki/Howto/CnamePageKites/: Depends on domain registrar legislation. | style="background-color: {{Red}}"| Depends on tor2web legislation. | style="background-color: {{Red}}"| Depends on Anonymous Third Party Hosts legislation. |- ! No anonymous money required | {{Yes}} | {{No}} (?) | style="background-color: {{Blue}}"| Depends | style="background-color: {{Blue}}"| Depends | {{No}} |- ! No need to register | {{Yes}} | {{No}} | {{No}} | {{No}} | {{No}} |- ! .onion domain censor resistance | style="background-color: {{Green}}"| Highest | style="background-color: {{Blue}}"| There is no .onion domain. | style="background-color: {{Blue}}"| There is no .onion domain. | style="background-color: {{Red}}"| Depends on .onion webspace host. The administrator can and will most likely see what users are doing on their server and decide accordingly. | style="background-color: {{Red}}"| Depends on Anonymous Third Party Hosts. The administrator can and will most likely see what users are doing on their server and decide accordingly. |- ! Online, when you are offline | {{No}}, only online as long as your server is online. | {{No}}, only online as long as your server is online. | {{No}}, only online as long as your server is online. | {{Yes}} Besides server downtime, in which case you can do nothing but wait until the host has fixed it. | {{Yes}} Besides server downtime, in which case you can do nothing but wait until the host has fixed it. |- ! Price | style="background-color: {{Green}}"| Free | style="background-color: {{Red}}"| Paid only (?) | style="background-color: {{Blue}}"| Depends | style="background-color: {{Blue}}"| Some are free | style="background-color: {{Red}}"| Paid only |- ! Server administrator cannot take away the clearnet domain. | {{No}}, tor2web can. They must do so, if they are forced by legislation or other reasons. | {{Yes}} | style="background-color: {{Blue}}"| Depends. * Domain by PageKite: No They must do so, if they are forced by legislation or other reasons. * Own domain: Yes | {{No}}, tor2web can. They must do so, if they are forced by legislation or other reasons. | {{No}} They must do so, if they are forced by legislation or other reasons. |- ! Server administrator cannot take away the .onion domain | {{Yes}}, you are the administrator. | style="background-color: {{Blue}}"| There is no .onion domain. | style="background-color: {{Blue}}"| There is no .onion domain. | {{No}}, they must have private keys for .onion domain to make the service work. | {{No}} |- ! Services other than web | {{Yes}} | {{Yes}} | {{Yes}} | {{No}} | {{Yes}} |- ! Further reading | [[Onion Services|Tor Onion Services]] | - | [https://pagekite.net/ PageKite] | - | - |- |} = Conclusion = Based on the preceding overview and comparison table, each method of running location hidden servers has both advantages and disadvantages. Tor onion services provide the greatest number of advantages. It is unnecessary to learn about and obtain anonymous money, which is a difficult endeavor on its own. Further, trust is not placed in third parties; you only need to rely on your own skills in setting up a server. Also nobody can censor the server, and there is no registration nor limiting terms of service. On the downside, if an adversary compromises the onion service it is game over. This can occur via a successful attack against Tor onion services, the server software, and by breaking out of {{project_name_short}}. Onion services are also only accessible over .onion (visitors need Tor) and tor2web is not indexed by search engines. Finally, Tor onion services are only online as long as the server is online. In comparison, a free (or paid) .onion webspace host can steal the domain at any time and take it over. On the other hand, it is unnecessary to worry about server security and successful attacks against the Tor onion service will not lead to your location or IP address. Finally, anonymous third party hosts for VPS hosting involve anonymous money, which is difficult on its own. However, they can provide clearnet domains and/or the service can be used to host Tor onion services. Also, there is no concern about server security and successful attacks against Tor onion services will not lead to your location or IP address. = See Also = * [[Money|Anonymous Money]] * [[Onion_Services|Onion Services]] * [[Onion_Services_Guides|Onion Services Guides]] * [[Surfing Posting Blogging|Surfing Blogging Posting]] = References = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]