No. As I clarified previously, I recommend against running a hidden service for others to use as you are likely to be legally reasonable for their content.
On September 17, 2014 6:45:47 AM EST, "Артур Истомин" <art.is...@yandex.ru> wrote: >On Wed, Sep 10, 2014 at 12:26:03AM -0400, Griffin Boyce wrote: >> Kyle Maxwell wrote: >> >Griffin Boyce wrote: >> >>Actually, no, I *am* surprised that they decided to not even >> >>bother trying to gift malware to Mac or Linux users. >> > >> >Probably just playing the odds, I'd suspect. Though they could've >> >examined the access logs at some point - do we know either way on >that? >> >> Hey Kyle, >> >> With Freedom Hosting, I actually don't know. It seems like few >technical >> details have come out of that case. However, I *do* know that they'd >been >> hacked at various points, and the service had very poor security >overall. >> The restrictions in place did not actually prevent php files from >creating >> *other* types of scripts... Their sandboxing was reputedly quite >bad, and >> for years they had no restrictions on resources that users could >utilize. >> So creating an app designed to expand to occupy all resources on the >server >> until it crashed was highly effective. The server itself may not >even have >> kept access logs. It's unclear. >> >> With SilkRoad[2], supposedly investigators imaged the entire drive, >so >> this should still be possible. In any case, I think it's important >to avoid >> taking the investigators' statements at face value. Weev mentioned >that >> investigators made dubious technical statements in some places, and >while I >> haven't read all of the documents to come out about this case, that's >> certainly within the realm of possibility. >> >> There are likely still details that haven't come out yet about both >cases >> (though I can't know for sure) and it's not entirely clear what level >of >> technical expertise various people have. >> >> Things that are important to note for hidden service operators: >> - Firewall rules are really useful for keeping out unwarranted >scrutiny. >> - Don't hardcode your IP address in any links (though this is one >of the >> least-likely theories). >> - Having a pseudonym isn't a replacement for excellent security >practices. >> - Don't run a hidden service host. >> - For best security, run your own services rather than relying on >someone >> else's security. I feel like this is often overlooked in the name of >> "easiness" but it's really important IMO. [1] > >Is it does not contradict with previous statement about "don't run a >hidden service host"? >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- "Hackers are not rockstars. You know who are rockstars? ROCKSTARS." ~Dan Kaminsky -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
