Use Stealth or Basic Authentication

[MuxZeroNet]

This is a proposal.

ZeroNet has an "onion pooling" feature, creating "fake" identities to resist some basic fingerprinting attacks. There is a safer way to do this -- Stealth or Basic Authentication.

https://lists.torproject.org/pipermail/tor-talk/2017-November/043797.html

Use basic authentication, so that you don't need to generate additional RSA keys. For basic authentication, the acceptable passwords can be the addresses of the sites which the onion service claims to be hosting.

>>> Hosting? I host addr_1, addr_2 and addr_3. >>> Give me some addr_4 stuff! Authentication failed. Access denied.

There is certainly "implementation overhead." I recommend you use the stem control library. Fun fact: it does not need any dependency if you don't use its fanciest features.

API for creating these authenticated onion services: stem.control.Controller.create_ephemeral_hidden_service

[HelloZeroNet]

If you using the same .onion address for every hosted site, then it's possible to list which other sites you hosting by checking that address in other sites peer list. If I understand correctly, then the authentication feature does not improve this.