> If your hidden service isn't a clusterfuck of unpatched Apache and sketchy PHP scripts, then it's not likely to get taken down or located. I agree with your meaning, but not your conclusion. Sketchy PHP and idiot sysadmins (and methylenedioxypyrovalerone) are certainly the primary reason for the recent rash of high profile 0wnage which has been going on lately, that doesn't mean that avoiding those problems will cover your ass in any way. Given enough time, your hidden service can be deanonymized, as shown here: [1]http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf As I stated in a previous thread, I think the key is likely to be to a) redundancy and b) constant movement. R References 1. http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf