1) What if an adversary tells your electricity provider to temporarily power off your electricity to check if it manages to shut down a particular hidden service ? How do you ensure that your hidden service running at home remains accessible even without the main electrical input ?
-> Protect against intentional electrical downtimes with a UPS for your homeserver:
http://blog.nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion/servers/failovers/index.html
2) Your ISP connection comes with a closed-source router. What makes you think that your ISP isn't giving access to it to an adversary so that he may be able to spy on your home network ? How do you protect against that? That same adversary suspects that you are running a hidden service from home. That adversary makes your ISP shut down your internet connection to check if you are actually running it or not. How do you ensure your hidden service keeps running ?
-> Protect against intentional Internet connection downtimes for your homeserver with a Dual-WAN failover setup, with a pfsense VM while also protecting against any local network spying from closed-source routers:
http://blog.nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion/servers/failover-wan/index.html
As usual, any feedback is appreciated :) Make sure to point out what is wrong if you see any obvious security flaw along with what you suggest so that I may update my tutorials accordingly, but keep in mind that i won't bother if you're too vague about it.
/u/asfaleia · N/A votes · 7th April, 2024 - 20:45 · Link
Homeserver = jail. No need to kill the electricity. Switching off the cable internet and jammer is enough. And in some cases you discover it just by monitoring the network.
/u/nihilist1 · N/A votes · 9th April, 2024 - 11:28 · Link
so you suggest running sensitive services on a cloud provider that doesn't know about it first-hand ? Not sure what's your suggestion there, because cloud providers definitely have much more checks in place to detect .onion hidden services since they have full visibility on what's happening inside of all VPSes and Dedicated servers. Whereas at home the only threat I see is the router provided by the ISP that may spy on your local traffic, but as mentionned in my tutorial, this should be taken care of. So mind explaining what are the exact threat vectors ? > Switching off the cable internet and jammer is enough yea that will be mentionned in my next tutorial on how to scale out operations with endgame, one backend server per location, to ward off the scenario where your backend server is completely cut off from the network or powered off. > in some cases you discover it just by monitoring the network. How so ? you found a way to drecrypt tor traffic ? Seriously though i think this problem is taken care of if you put your service behind a pfsense router to avoid the ISP spying on it from the ISP router. I could probably mention to put a local tor bridge between the service and the pfsense router aswell, but not sure if this would change anything. would be glad to know what you're talking about exactly.
/u/asfaleia · N/A votes · 9th April, 2024 - 12:26 · Link
[pending moderation]