Hosting Location Hidden Services
|Tor Onion Services||VPN with Remote Port Forwarding||pagekite||.onion webspace||Anonymous Third Party Hosts|
|accessible over Tor .onion||Yes||No||No||Yes||Yes, if you install Tor.|
|.onion domain censor resistance||Highest||There is no .onion domain.||There is no .onion domain.||Depends on .onion webspace host. ||Depends on Anonymous Third Party Hosts. |
|server admin can not take away your .onion domain||Yes, you are the admin.||There is no .onion domain.||There is no .onion domain.||No, he must have private keys for .onion domain to make service work||No|
|accessible over clearnet http(s)||tor2web only||Yes||Yes||tor2web only||Yes |
|clearnet domain censor resistance||Depends on tor2web legislative.||Depends on domain registrar legislative.||
||Depends on tor2web legislative.||Depends on Anonymous Third Party Hosts legislative.|
|server administrator can not take away your clearnet domain||No, tor2web can. ||Yes||Depends.
||No, tor2web can. ||No |
|other services than web||Yes||Yes||Yes||No||Yes|
|price||Free||Paid only (?)||Depends||Some are free||Paid only|
|no anonymous money required||Yes||No (?)||Depends||Depends||No|
|no need to sign up||Yes||No||No||No||No|
|online, when you are offline||No, only online as long as your server is online.||No, only online as long as your server is online.||No, only online as long as your server is online.||Yes ||Yes |
|attack against Tor (onion services)||Fail ||Fail ||Fail ||Safe ||Safe |
|attack against server software (lighttpd, etc.)||Fail ||Fail ||Fail ||Safe ||Safe |
|further reading||Tor Onion Services||-||pagekite [archive]||-||-|
You can either host your own anonymous services (web sites etc.) at home (using Tor Onion Services, at servers you physically own or you can use (free) services (free .onion web space, VPS servers, web space, etc.) provided by third parties.
If you are only interested in Tor onion services, move on to Onion Services. This page discusses and compares different kinds of Location/IP Hidden Servers.
There are three different ways to run location hidden servers. Tor Onion Services, pagekite. .onion webspace, and Anonymous Third Party Hosts. Below is an overview.
If you don't know which one to use, probably Tor Onion Services are most easy and most anonymous. Below is also a conclusion and a comparison table.
Tor Onion Services
- censor resistant, no one can take the .onion domain offline 
- additionally accessible over tor2web over http 
- they are completely free
- no sign up required
- and don't require any additional software besides of course the server software you want to anonymize.
- Can be run at home; on any server you physically own; or on (anonymous) third party hosts.
- Has its own wiki page, see Onion Services.
VPN with Remote Port Forwarding
- censor resistance depends on the VPN provider
- reachable by clients, who do not have to use Tor
- there are probably no free VPN services providing Remote Port Forwarding [archive]
- probably sign up required
- can be run at home, on any server you physically own, or on (anonymous) third party hosts
- alternative service called pagekite [archive]
- must comply with pagekite terms of service [archive]
- requires registration and an (anonymous) E-Mail address
- free for Free Software authors; can apply for a free account; or subscription based service
- known to work inside Whonix-Workstation ™ out of the box
- less tested by Whonix ™ developers
- there is no documentation besides this chapter, however, usage is simple and their service is well documented. See Running PageKite over Tor [archive].
- Instead of localhost you could use the Whonix-Gateway ™ IP 10.152.152.10 and a custom port such as 9159, i.e. replace "--torify=localhost:9050" with "--torify=10.152.152.10:9159".
- Or you could drop the "--torify" switch at all and even follow the default pagekite GNU/Linux tutorial, because misc traffic in Whonix-Workstation ™ gets automatically routed through Tor's TransPort.
- See Stream Isolation for an explanation of misc traffic, custom Socks Ports and Tor's TransPort in Whonix ™.
Anonymous Third Party Hosts
There are many so called offshore or anonymous hosting companies. Most of those hosting companies do not really offer anonymity. Most require valid registration data (real name etc.), forbid registration over Tor and/or do not offer anonymous payment methods.
- There are some free .onion web hosting services. Also paid ones.
- There are also anonymous VPS servers, although no free ones, which would require anonymous money.
Each way to run location hidden servers has its own advantages and disadvantages.
With Tor Onion Services, you don't have to learn and obtain anonymous money, which is difficult on its own. You have to trust no one, but your own skills setting up a server. No one can censor the server, there is no signup, no terms of service. Disadvantage is, if someone compromises your onion service either by an successful attack against Tor onion services are by an successful attack against your server software and breaking out of Whonix ™, it is game over. It is only accessible over .onion (visitors need Tor) and tor2web does not get indexed by search engines. Tor Onion Services are only online as long as your server is online.
A free (or paid) .onion web space host can steal your domain any time and take it over. You don't have to worry about server security and successful attacks against the Tor onion services won't lead to your location or IP address.
Anonymous Third Party Hosts for VPS hosting involve anonymous money, which is difficult on its own. They can provide clearnet domains and/or you can use them to host Tor onion services. You don't have to worry about server security and successful attacks against Tor onion services won't lead to your location or IP address.
- The admin can and will most likely see what users are doing on their server and decide accordingly.
- Yes, if you buy a domain.
- https://pagekite.net/wiki/Howto/CnamePageKites/ [archive]
- They must do so, if they are forced by legislation or other reasons.
- Besides server downtime, in which case you can do nothing but wait until the host has fixed it.
- Fail as in, it would deanonymize you.
- Safe as in, you are still anonymous. The domain may be lost.
- Besides compromising of the host and / or flood attack.
- Which doesn't offer as much censor resistance as the .onion domain does
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)