Fullstack IT Nerd

Lessons learned: TOR Onion Service

An onion service is basically just a website that you cannot visit in the normal way. In order to access this site, you must first connect to the TOR network. Sometimes such a service is also called a “hidden service”.

What is the TOR network?

The TOR network (TOR stands for “The Onion Router”) is a network of servers that make it possible to hide a user’s IP address and thus protect the privacy of website users.

The network is particularly useful for people who live in countries where freedom of expression is restricted or who are afraid that their activities on the Internet will be monitored by governments or other organizations.

You can find more information here: https://www.torproject.org/

How do I access an Onion Service?

The first step is to download the special TOR browser. You can download it here. As soon as you have installed and started the browser, you are automatically connected to the TOR network and can surf the Internet and visit Onion Services anonymously.

The addresses of onion services look a little more complicated because they are the result of cryptographic operations. If you want to access this site as an onion service, the address will look like this: http://thackba7mvjj3tgoiebbu7xm4w5rbrk5g3bwgndsfuala3kxmhclbgad.onion

How do I host an Onion Service myself?

There are many ways to host an onion service. You can find a good guide here: https://community.torproject.org/onion-services/setup/

I am currently using a Docker container that establishes the connection to the TOR network. Here is a small example of a docker-compose.yaml:

version: '3.8'
services:
  tor:
    container_name: tor
    hostname: tor
    image: docker.io/osminogin/tor-simple:latest
    restart: always
    user: root
    volumes:
      - config:/etc/tor
      - data:/var/lib/tor

volumes:
  config:
  data:

How are the host names generated?

When an Onion Service is started for the first time, a new host name is created (if there is no configuration) and the necessary cryptographic keys are created. However, if you want to have a specific host name or if you want it to start with a specific character string, the only option is to create the data repeatedly. However, there are programs to simplify this. I use this one: https://github.com/cathugger/mkp224o

Miscellaneous
Github | Mastodon | BlueSky | LinkedIn | Status