Hidden Service Evangelism

The following is a boilerplate email, based on an initial version supplied by Colin Mahns. This can be used to lobby sites to run their own sites as hidden services. Providing hidden services means that people do not need to exit the Tor network to access these services, providing some protection against location discovery and traffic analysis/monitoring/altering.

==begin==

Dear , I would like to discuss the possibility with you of running a Tor hidden service.

Sites such as DuckDuckGo (http://3g2upl4pq6kufc4m.onion/), Facebook(https://facebookcorewwwi.onion/) and Blockchain (https://blockchainbdgpzk.onion/) provide hidden services for their sites. The reasons why I believe your website would benefit from running a Tor hidden service are as follows:

• Location anonymity -- A user would not leave a trace of where geographically they are mapped to, or that they are using a Tor exit.
• Censorship resistance -- Certain countries (like ) do censor access to . A Tor exit located in this country or others who filter, would be unable to access . While it could be fixed by switching your Tor circuit, not every user might do this.
• Security -- Blockchain recently ran into an issue of a malicious Tor exit running sslstrip against connections to Blockchain. As a result of this attack on their users, they decided to run a Tor hidden service to protect their user's privacy and security.

If you need more information about Tor hidden services https://www.torproject.org/docs/hidden-services.html.en is a great place to start reading about how they work from a technical level. Facebook has published an article on why they decided to run a Tor hidden service which can be read at https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237.

Regards,

==end==

If you use this email then please present the outcome on the tor-talk (https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk/) email list.