Onion Services Guides

From Whonix
Jump to navigation Jump to search

About this Onion Services Guides Page
Contributor maintained wiki page.
Support Status stable
Difficulty medium
Contributor HulaHooparchive.org
Support Support

Collection of various Onion Services Guides

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

None of the following guides are adjusted to work with Whonix. [1]

Introduction[edit]

To make your service better known it can be listed on ahmia.fiarchive.org - a public directory of Onion sites that works closely with The Tor Project.

General Tips[edit]

Some very useful information on scaling onion sites was published in an article series on the Tor blog, see: Cooking with Onions: Finding the Onionbalancearchive.org.

For creating a production level onion mirror of your clearnet site, refer to some tips in this tor-talk forum discussion: New Document: Building a "Proof of Concept" Onion Sitearchive.org.

Onion Services Guides[edit]

GlobaLeaks[edit]

Project main sitearchive.org

warning Security warning: Adding a third party repository and/or installing third-party software allows the vendor to replace any software on your system. Including but not limited to the installation of malware, deleting files and data harvesting. Proceed at your own risk! See also Foreign Sources for further information. For greater safety, users adding third party repositories should always use Multiple Whonix-Workstation to compartmentalize VMs with additional software.

Installation Guide from GlobaLeaks third party repositoryarchive.org

This is a guide to help you set up your own secure and anonymous whistle blowing platform. Note that this is a standalone node and not part of a network, although you can optionally list yourself in the Leaks Directoryarchive.org.

To decide between GlobaLeaks and SecureDrop read thisarchive.org detailed comparison written by a Tor Project developer.

Multiplayer Onion Gaming[edit]

See: Onion Gaming.

SecureDrop[edit]

SecureDrop is another widely used whistle-blowing platform installed at many news organizations. To set it up please refer to the official guidearchive.org. To use SecureDrop as a source, refer to this documentationarchive.org and for using SecureDrop as a journalist go herearchive.org. For general information and project code go to their main GitHub pagearchive.org.

If you are a news or whistle-blowing site operator you may be interested in having your Onion Service address listed at the Freedom of The Press Foundationarchive.org.

Sparkleshare[edit]

For a private and anonymous DropBox alternative you can run Sparkleshare as a Onion Servicearchive.org. To ensure that only you and the intended parties can access the service you need to set up Onion Service Authentication, see instructions.

SSH[edit]

Secure Shell is the dominant protocol for secure remote login and system administration. It is a critical component of server and internet infrastructure. Revelations from the Snowden documents and further analysis [2] has uncovered weaknesses in some of the included cipher-suites, allowing abuses by resourceful nation-state adversaries. If you run SSH in this day and age, it should be done from behind a Tor Onion Service.

Advantages:

  • protection by Tor
  • robust access control provided by Onion Services authentication [3]
  • NAT traversal
  • no need for services like DynDNSarchive.org
  1. Setup Onion Service Authentication.
  2. Run SSH like normal or follow this guidearchive.org if you are a beginner.

Stormy[edit]

Stormy is a simple Onion Service blog setup script. The developer hopes to have it packaged for Debian at some point, but it is under heavy development at the time of writing (only suitable for developers). To learn more, see: GitHubarchive.org.

See Also[edit]

References[edit]

  1. https://forums.whonix.org/t/onion-services-guides/6587/12archive.org
  2. https://stribika.github.io/2015/01/04/secure-secure-shell.htmlarchive.org
  3. Shields SSH from brute-force attacks and exploit attacks against the SSH server daemon.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!