Open MuxZeroNet opened 6 years ago
If you using the same .onion address for every hosted site, then it's possible to list which other sites you hosting by checking that address in other sites peer list. If I understand correctly, then the authentication feature does not improve this.
This is a proposal.
ZeroNet has an "onion pooling" feature, creating "fake" identities to resist some basic fingerprinting attacks. There is a safer way to do this -- Stealth or Basic Authentication.
https://lists.torproject.org/pipermail/tor-talk/2017-November/043797.html
Use basic authentication, so that you don't need to generate additional RSA keys. For basic authentication, the acceptable passwords can be the addresses of the sites which the onion service claims to be hosting.
There is certainly "implementation overhead." I recommend you use the
stem
control library. Fun fact: it does not need any dependency if you don't use its fanciest features.API for creating these authenticated onion services:
stem.control.Controller.create_ephemeral_hidden_service