It amazes me that onion sites aren’t everywhere. They are easy to spin up, you don’t have to pay anything and can run it from your own home. No need to purchase a domain, worry about expiration, have an open port. Built-in DoS protection. Anonymity and authentication by default. No need to configure HTTPS. Sure, uptime is on you and there is some latency/bandwidth limits to be considered, but once you are over that, onions are a solution to many problems and the benefits are enormous.
Last time I tried onion it was 5+ years ago and slow as fuck. Has the performance improved?
Depends on your location and standards. Lots of the Tor relays are in Europe, so if you are here the connectivity is pretty good. Bandwidth is usually up to 2 MB/s and latency usually goes from 300ms - 1.5 seconds. Initial connections to a server might take longer (5-7 seconds). For browsing the web and playing non-HD videos it’s fine in my opinion.
As someone who just stumbled on here from ALL, I’m vaguely familiar with Onion sites and TOR more generally, but what resources would you recommend to learn more about setting one up for myself to play around with?
It’s easy. Just edit your Tor configuration file (torrc) to enable an onion service. This one forwards from the onion service on port 80 (so users don’t have to specify a port number in the URL) to a local HTTP server running on your machine on port 8000:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8000
Change the directory path based on your operating system. Specify a directory that doesn’t exist yet so Tor can set the correct permissions on it. Next, start or restart Tor. Then just read the onion service’s hostname in the hostname file created in that hidden services directory.
You can then run any HTTP server on localhost:8000 and anyone connecting to your onion service can access it. In Python this might be as simple as python3 -m http.server --bind localhost 8000 --directory . to share the files current directory (but be aware that there are some security considerations, like symbolic links, to be aware of. Just use this for testing.) For production servers you will want a “real” http server.
Probably the tor project.
and can run it from your own home.
A risk most people aren’t willing to take lightly?
Running an onion service is generally much less risky legally speaking than a Tor exit node.
Is it legality or security? I personally wouldn’t want a public facing service on my home network without extensive hardening
You don’t. The tor service connects out to a node. This is also nice because it means you can run it behind nat and firewall and whatnot without problems.
Sorry but for someone who knows just what the Wikipedia intro says about TOR, and having used it like once, I just thought it takes forever to load broken sites just for the benefit of some allegedly improved privacy. I figured it is only useful to people who want to browse illegal sites, but does this mean that any hidden website is illegal? Just for the sake of argument if someone hosts an old-fashioned HTML site about his fucking hobby, will they face legal repercussions just for serving it as a hidden webpage? I can’t fathom that.
If you don’t share the onion link with others and just use it for yourself, no one ever discovers it, unlike the public internet where you get crawled by port scanners all the time. Also there is a public key whitelist feature if you want to restrict who connects.
That’s actually a really useful feature for me, how much processor does it need? Can a raspberry pi run it?
Primarily because I can’t use an onion for my email domain so I can’t like have me at znoonkblahblahblah.onion (protonmail)
