On Fri, Mar 7, 2014 at 7:39 PM, Rich Jones <rich@openwatch.net> wrote:

> Given enough time, your hidden service can be deanonymized

> As I stated in a previous thread, I think the key is likely to be to
> a) redundancy and b) constant movement.

c) Don't get too big, too complicated, or too fancy. Keep your pages or your apps or your web services tightly focused, and not integrated with anything that can be stripped out. If you have multiple services, separate them logically if not physically, and do not provide the convenience feature of automatically logging a user into a second if logs into a first. Don't bring in outside JavaScript or stylesheets or images that you can avoid.

This is not specific to hidden TOR services, or to the blacknet, or to selling drugs by mail.


--
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209