Tor is an anonymous, secure network that allows anyone to access websites with anonymity. People normally use Tor to access normal websites, but they don’t have to. If you want to set up your own anonymous website, you can create a hidden service Tor site. Your hidden service website runs entirely within Tor, so no one will know who created and runs the website. Only people using Tor can access it, though. Hidden service Tor sites are ideal for anyone who wants to set up a website anonymously, such as political activists in repressive countries.
Not all hidden services have to be websites. You could create an SSH server, IRC server, or any other type of server and offer it as a hidden service on Tor. This tutorial will focus on setting up a hidden Tor site using the Savant web server – which Tor recommends – on Windows. The steps can also be applied to other operating systems and web servers.
Step 1: Install Tor
To get started, you’ll have to download and install Tor on your computer. If you already have it installed, you can skip this step. By default, Tor installs the Tor browser bundle, which includes a specially configured Firefox browser.
You’ll see a green onion icon in your system tray when you’re connected to the Tor network.
Once it’s installed, you can check out an example hidden service by plugging duskgytldkxiuqc6.onion into your Tor web browser’s address bar.
Tor must always be running on your system for the hidden service to be accessible. If your computer is off, disconnected from the Internet, or if Tor isn’t running, the hidden service Tor side won’t be accessible. This does have some anonymity implications – it’s theoretically possible to infer whether or not your computer is running the hidden service by seeing whether it’s accessible when your computer is off.
Step 2: Install & Configure A Web Server
You’ll need a web server to serve the hidden service site from your system. Tor’s official documentation recommends against using the common Apache web server. Instead, Tor recommends using the Savant web server on Windows or the thttpd Web server on Mac OS X, Linux and other UNIX-like operating systems. Tor’s documentation notes that Apache “[is] big and has lots of places where it might reveal your IP address or other identifying information, for example in 404 pages” but also notes that “Savant probably has these problems too“.
The takeaway is that web server configuration is very important. If you’re running a very sensitive hidden Tor site, you’ll want to go through your web server’s settings and ensure it isn’t leaking any information that could be used to identify you, such as your IP address.
We’ll use Savant as an example here, but you can set the same options in other web servers. To configure Savant, launch its main window and click the Configuration button.
From the configuration window, you’ll need to set the “Server DNS Entry” box to “localhost” to bind Savant to localhost. This ensures your website is only accessible from your local computer, so people can’t access it over the normal Web and see you’re hosting the hidden service Tor site.
You’ll also have to note the port number you’re using.
After the web server is configured, you’ll want to add your content. By default, Savant uses the C:\Savant\Root directory (you can change this from the Paths tab). Ensure you replace the index.html file in this directory with the file you want as your homepage.
You can verify it works by typing localhost into your main browser’s address bar. If you set a different port instead of 80 – say, port 1000 – type localhost:1000 instead.
Step 3: Configure The Hidden Service
Now that Tor’s installed and a web server is running, all you have to do is tell Tor about it. You should be able to add this information to the torrc file through the Vidalia graphical user interface, but I experienced errors and had to do this by hand.
First, shut down Tor if it’s running.
Next, locate your torrc file. If you installed the Tor Browser Bundle, you’ll find it in the Tor Browser\Data\Tor directory. Open this file with Notepad or another text editor.
Add the following section to the end of the file:
# Hidden Service
HiddenServicePort 80 127.0.0.1:80
Replace C:\Users\Name\tor_service with the path to a directory Tor can read and write to on your system. Do not use the directory that already contains your website. This should be an empty directory.
Replace the :80 with the port the web server is using on your system. For example, if the web server is running on port 5000, you’d use the line HiddenServicePort 80 127.0.0.1:5000.
Save the file after editing it. You’ll also have to create the directory you specified, if it doesn’t already exist.
Restart Tor after you do this. Once you have, you’ll want to check the Message Log to see if there are any error messages.
If the Message log is free of errors, you’re good to go. Check out the hidden service directory you created. Tor will have created two files in the directory – hostname and private_key. Don’t give anyone the private_key file or they’ll be able to impersonate your hidden service Tor site.
You’ll want to open the hostname file in Notepad or another text editor. It will tell you the address of your new hidden service Tor site. Plug this address into your Tor web browser and you’ll see your website. Give the address to others so they can access your site. Remember, people must be using Tor to access your hidden service site.
Image Credit: Blurred Silhouette via Shutterstock