Browse code

Change hidden service to onion service. (See #24285)

kat authored on16/11/2017 19:08:34
Showing15 changed files
... ...
@@ -36,7 +36,7 @@ href="http://cryptocracy.net/">personal website</a>.</dd>
36 36
 management, travel, and other projects.</dd>
37 37
 
38 38
 <dt>Domenik Bork</dt><dd> Worked on
39
-Configuration of Hidden Services with User Authorization in Vidalia as
39
+Configuration of Onion Services with User Authorization in Vidalia as
40 40
 part of Google Summer of Code 2008.</dd>
41 41
 <dt>Benedikt Boss</dt><dd>Worked during the 2007 Google Summer of Code on <a
42 42
 href="https://svn.torproject.org/svn/topf/trunk/README">TOPF</a>,
... ...
@@ -182,7 +182,7 @@ proxying approach for Tor clients on Windows.</dd>
182 182
 Tor is based on, so we didn't have to start from scratch.</dd>
183 183
 
184 184
 <dt>Robert Ransom</dt><dd>Found and fixed a bunch of Tor bugs, mostly in
185
-Tor's hidden service code, and added several security and usability
185
+Tor's onion service code, and added several security and usability
186 186
 features to Tor and Tor Browser Bundle.</dd>
187 187
 
188 188
 <dt>Johannes Renner</dt><dd> Worked during the 2007 Google Summer of
... ...
@@ -236,7 +236,7 @@ Bundle build process, especially on Windows.</dd>
236 236
 <dt>Kyle Williams</dt><dd>Developer for JanusVM, a VMWare-based
237 237
 transparent Tor proxy that makes Tor easier to set up and use.</dd>
238 238
 <dt>Christian Wilms</dt><dd> Worked on
239
-Performance Enhancing Measures for Tor Hidden Services (<a
239
+Performance Enhancing Measures for Tor Onion Services (<a
240 240
 href="https://svn.torproject.org/cgi-bin/viewvs.cgi/tor/branches/hidserv-perf/">svn</a>) as part of Google Summer of Code 2008.</dd>
241 241
 <dt>Jillian C. York</dt><dd><a href="http://jilliancyork.com/">Jillian C. York</a> is a writer, blogger, and activist.</dd>
242 242
 </dl>
... ...
@@ -204,7 +204,7 @@
204 204
     </p>
205 205
     
206 206
     <ul>
207
-      <li><h4><a href="https://ahmia.fi/gsoc/">Ahmia.fi - Search Engine for Hidden Services</a> by Juha Nurmi</h4></li>
207
+      <li><h4><a href="https://ahmia.fi/gsoc/">Ahmia.fi - Search Engine for Onion Services</a> by Juha Nurmi</h4></li>
208 208
       <li><h4><a href="http://ilv.github.io/gettor_proposal.html">Revamp GetTor</a> by Israel Leiva</h4></li>
209 209
       <li><h4><a href="https://sites.google.com/site/sreenathadev/gsoc-2014-weather-rewrite">Weather Rewrite</a> by Sreenatha Bhatlapenumarthi</h4></li>
210 210
       <li><h4><a href="http://kostas.mkj.lt/gsoc2014/gsoc2014.html">BridgeDB Distributor</a> by Kostas Jakeliunas</h4></li>
... ...
@@ -46,7 +46,7 @@
46 46
     Individuals use Tor to keep websites from tracking them and their family
47 47
     members, or to connect to news sites, instant messaging services, or the
48 48
     like when these are blocked by their local Internet providers.  Tor's <a
49
-    href="<page docs/hidden-services>">hidden services</a>
49
+    href="<page docs/hidden-services>">onion services</a>
50 50
     let users publish web sites and other services without needing to reveal
51 51
     the location of the site. Individuals also use Tor for socially sensitive
52 52
     communication: chat rooms and web forums for rape and abuse survivors,
... ...
@@ -280,17 +280,17 @@
280 280
     operations, as well as protecting themselves from physical harm.
281 281
     </li>
282 282
 
283
-    <li><strong>Hidden services:</strong>
284
-    When the Internet was designed by DARPA, its primary purpose was to be able to facilitate distributed, robust communications in case of
285
-    local strikes.  However, some functions must be centralized, such as command and control sites.  It's the nature of the Internet protocols to
286
-    reveal the geographic location of any server that is reachable online.  Tor's hidden services capacity allows military command and
287
-    control to be physically secure from discovery and takedown.
288
-    </li>
289
-    <li><strong>Intelligence gathering:</strong>
290
-    Military personnel need to use electronic resources run and monitored by insurgents. They do not want the webserver logs on an insurgent website
291
-    to record a military address, thereby revealing the surveillance.
292
-    </li>
293
-    </ul>
283
+    <li><strong>Onion services:</strong>
284
+	When the Internet was designed by DARPA, its primary purpose was to be able
285
+	to facilitate distributed, robust communications in case of local strikes.
286
+	However, some functions must be centralized, such as command and control
287
+	sites.  It's the nature of the Internet protocols to reveal the geographic
288
+	location of any server that is reachable online.  Tor's onion services
289
+	capacity allows military command and control to be physically secure from
290
+	discovery and takedown.  </li> <li><strong>Intelligence gathering:</strong>
291
+	Military personnel need to use electronic resources run and monitored by
292
+	insurgents. They do not want the webserver logs on an insurgent website to
293
+	record a military address, thereby revealing the surveillance.  </li> </ul>
294 294
 
295 295
     <a name="itprofessionals"></a>
296 296
     <h2><a class="anchor" href="#itprofessionals">IT Professionals use Tor</a></h2>
... ...
@@ -353,14 +353,14 @@ using technology?</a></li>
353 353
     <h3><a class="anchor" href="#RemoveContent">I want some content removed from a .onion address.</a></h3>
354 354
     <p>The Tor Project does not host, control, nor have the ability to
355 355
     discover the owner or location of a .onion address.  The .onion address is
356
-    an address from <a href="<page docs/hidden-services>">a hidden
357
-    service</a>.  The name you see ending in .onion is a hidden service descriptor.
356
+    an address from <a href="<page docs/hidden-services>">an onion
357
+    service</a>.  The name you see ending in .onion is an onion service descriptor.
358 358
     It's an automatically generated name which can be located on any Tor
359
-    relay or client anywhere on the Internet.  Hidden services are designed
359
+    relay or client anywhere on the Internet.  Onion services are designed
360 360
     to protect both the user and service provider from discovering who they
361
-    are and where they are from.  The design of hidden services means the
361
+    are and where they are from.  The design of onion services means the
362 362
     owner and location of the .onion site is hidden even from us.</p>
363
-    <p>But remember that this doesn't mean that hidden services are
363
+    <p>But remember that this doesn't mean that onion services are
364 364
     invulnerable. Traditional police techniques can still be very effective
365 365
     against them, such as interviewing suspects, writing style analysis,
366 366
     technical analysis of the content itself, sting operations, keyboard taps,
... ...
@@ -191,11 +191,11 @@ relay.</a></li>
191 191
     run my own?</a></li>
192 192
     </ul>
193 193
 
194
-    <p>Tor hidden services:</p>
194
+    <p>Tor onion services:</p>
195 195
 
196 196
     <ul>
197
-    <li><a href="#AccessHiddenServices">How do I access hidden services?</a></li>
198
-    <li><a href="#ProvideAHiddenService">How do I provide a hidden service?</a></li>
197
+    <li><a href="#AccessOnionServices">How do I access onion services?</a></li>
198
+    <li><a href="#ProvideAnOnionService">How do I provide an onion service?</a></li>
199 199
     </ul>
200 200
 
201 201
     <p>Development:</p>
... ...
@@ -1817,7 +1817,7 @@ versions.
1817 1817
     <p>
1818 1818
     Note also that not every circuit is used to deliver traffic outside of
1819 1819
     the Tor network. It is normal to see non-exit circuits (such as those
1820
-    used to connect to hidden services, those that do directory fetches,
1820
+    used to connect to onion services, those that do directory fetches,
1821 1821
     those used for relay reachability self-tests, and so on) that end at
1822 1822
     a non-exit node. To keep a node from being used entirely, see
1823 1823
     <tt>ExcludeNodes</tt> and <tt>StrictNodes</tt> in the
... ...
@@ -3001,15 +3001,16 @@ diversity,
3001 3001
 
3002 3002
     <hr>
3003 3003
 
3004
-<a id="TorHiddenServices"></a>
3005
-<h2><a class="anchor">Tor hidden services:</a></h2>
3004
+# Leaving in old ids to accomodate incoming links.
3005
+<a id="TorOnionServices"></a><a id="TorHiddenServices"></a>
3006
+<h2><a class="anchor">Tor onion services:</a></h2>
3006 3007
 
3007
-    <a id="AccessHiddenServices"></a>
3008
-    <h3><a class="anchor" href="#AccessHiddenServices">How do I access
3009
-    hidden services?</a></h3>
3008
+    <a id="AccessOnionServices"></a><a id="AccessHiddenServices"></a>
3009
+    <h3><a class="anchor" href="#AccessOnionServices">How do I access
3010
+    onion services?</a></h3>
3010 3011
 
3011 3012
     <p>
3012
-    Tor hidden services are named with a special top-level domain (TLD)
3013
+    Tor onion services are named with a special top-level domain (TLD)
3013 3014
     name in DNS: .onion. Since the .onion TLD is not recognized by the
3014 3015
     official root DNS servers on the Internet, your application will not
3015 3016
     get the response it needs to locate the service. Currently, the Tor
... ...
@@ -3020,7 +3021,7 @@ diversity,
3020 3021
 <p>
3021 3022
  Therefore, your application <b>needs</b> to pass the .onion hostname to
3022 3023
  Tor directly. You can't try to resolve it to an IP address, since there
3023
- <i>is</i> no corresponding IP address: the server is hidden, after all!
3024
+ <i>is</i> no corresponding IP address.
3024 3025
 </p>
3025 3026
 
3026 3027
     <p>
... ...
@@ -3044,10 +3045,10 @@ diversity,
3044 3045
     <p>
3045 3046
     For applications that do not support HTTP proxy, and so cannot use
3046 3047
     Polipo, <a href="http://www.freecap.ru/eng/">FreeCap</a> is an
3047
-    alternative. When using FreeCap set proxy protocol  to SOCKS 5 and under
3048
+    alternative. When using FreeCap set proxy protocol to SOCKS 5 and under
3048 3049
     settings set DNS name resolving to remote. This
3049 3050
     will allow you to use almost any program with Tor without leaking DNS
3050
-    lookups and allow those same programs to access hidden services.
3051
+    lookups and allow those same programs to access onion services.
3051 3052
     </p>
3052 3053
 
3053 3054
     <p>
... ...
@@ -3056,13 +3057,13 @@ diversity,
3056 3057
 
3057 3058
     <hr>
3058 3059
 
3059
-    <a id="ProvideAHiddenService"></a>
3060
-    <h3><a class="anchor" href="#ProvideAHiddenService">How do I provide a
3061
-    hidden service?</a></h3>
3060
+    <a id="ProvideAnOnionService"></a><a id="ProvideAHiddenService"></a>
3061
+    <h3><a class="anchor" href="#ProvideAnOnionService">How do I provide an
3062
+    onion service?</a></h3>
3062 3063
 
3063 3064
     <p>
3064 3065
     See the <a href="<page docs/tor-hidden-service>">
3065
-    official hidden service configuration instructions</a>.
3066
+    official onion service configuration instructions</a>.
3066 3067
     </p>
3067 3068
 
3068 3069
     <hr>
... ...
@@ -3951,7 +3952,7 @@ and clients need to predict all the packets they will want to send in
3951 3952
 a session before picking their exit node!
3952 3953
 </li>
3953 3954
 <li>The Tor-internal name spaces would need to be redesigned. We support
3954
-hidden service ".onion" addresses by intercepting the addresses when
3955
+onion service ".onion" addresses by intercepting the addresses when
3955 3956
 they are passed to the Tor client. Doing so at the IP level will require
3956 3957
 a more complex interface between Tor and the local DNS resolver.
3957 3958
 </li>
... ...
@@ -4002,7 +4003,7 @@ their path length.</a></h3>
4002 4003
 <p>
4003 4004
  Right now the path length is hard-coded at 3 plus the number of nodes in
4004 4005
  your path that are sensitive. That is, in normal cases it's 3, but for
4005
- example if you're accessing a hidden service or a ".exit" address it could be 4.
4006
+ example if you're accessing an onion service or a ".exit" address it could be 4.
4006 4007
 </p>
4007 4008
 <p>
4008 4009
  We don't want to encourage people to use paths longer than this &mdash; it
... ...
@@ -2,78 +2,75 @@
2 2
 # Revision: $Revision$
3 3
 # Translation-Priority: 3-low
4 4
 
5
-#include "head.wmi" TITLE="Tor: Hidden Service Protocol" CHARSET="UTF-8"
5
+#include "head.wmi" TITLE="Tor: Onion Service Protocol" CHARSET="UTF-8"
6 6
 <div id="content" class="clearfix">
7 7
   <div id="breadcrumbs">
8 8
     <a href="<page index>">Home &raquo; </a>
9 9
     <a href="<page docs/documentation>">Documentation &raquo; </a>
10
-    <a href="<page docs/hidden-services>">Hidden Services</a>
10
+    <a href="<page docs/hidden-services>">Onion Services</a>
11 11
   </div>
12 12
   <div id="maincol">
13
-    <h2>Tor: Hidden Service Protocol</h2>
13
+    <h2>Tor: Onion Service Protocol</h2>
14 14
     <hr>
15 15
 
16 16
     <p>
17 17
     Tor makes it possible for users to hide their locations while offering
18 18
     various kinds of services, such as web publishing or an instant
19 19
     messaging server.  Using Tor "rendezvous points," other Tor users can
20
-    connect to these hidden services, each without knowing the other's
21
-    network identity. This page describes the technical details of how
22
-    this rendezvous protocol works. For a more direct how-to, see our <a
23
-    href="<page docs/tor-hidden-service>">configuring hidden services</a>
24
-    page.
25
-    </p>
20
+	connect to these onion services, formerly known as hidden services, each
21
+	without knowing the other's network identity. This page describes the
22
+	technical details of how this rendezvous protocol works. For a more direct
23
+	how-to, see our <a href="<page docs/tor-hidden-service>">configuring onion
24
+	services</a> page.  </p>
26 25
 
27 26
     <p>
28
-    A hidden service needs to advertise its existence in the Tor network before
27
+    An onion service needs to advertise its existence in the Tor network before
29 28
     clients will be able to contact it. Therefore, the service randomly picks
30 29
     some relays, builds circuits to them, and asks them to act as
31 30
     <em>introduction points</em> by telling them its public key. Note
32 31
     that in the following figures the green links are circuits rather
33 32
     than direct connections. By using a full Tor circuit, it's hard for
34
-    anyone to associate an introduction point with the hidden server's IP
35
-    address. While the introduction points and others are told the hidden
33
+    anyone to associate an introduction point with the onion server's IP
34
+    address. While the introduction points and others are told the onion
36 35
     service's identity (public key), we don't want them to learn about the
37
-    hidden server's location (IP address).
36
+    onion server's location (IP address).
38 37
     </p>
39 38
 
40
-    <img alt="Tor hidden service step one" src="$(IMGROOT)/THS-1.png">
39
+    <img alt="Tor onion service step one" src="$(IMGROOT)/THS-1.png">
41 40
     # maybe add a speech bubble containing "PK" to Bob, because that's what
42 41
     # Bob tells to his introduction points
43 42
 
44 43
     <p>
45
-    Step two: the hidden service assembles a <em>hidden service
46
-    descriptor</em>, containing its public key and a summary of each
47
-    introduction point, and signs this descriptor with its private key.
48
-    It uploads that descriptor to a distributed hash table. The descriptor will be
49
-    found by clients requesting XYZ.onion where XYZ is a 16 character
50
-    name derived from the service's public key. After
51
-    this step, the hidden service is set up.
52
-    </p>
44
+	Step two: the onion service assembles an <em>onion service descriptor</em>,
45
+	containing its public key and a summary of each introduction point, and
46
+	signs this descriptor with its private key.  It uploads that descriptor to
47
+	a distributed hash table.  The descriptor will be found by clients
48
+	requesting XYZ.onion where XYZ is a 16 character name derived from the
49
+	service's public key. After this step, the onion service is set up.  </p>
53 50
 
54 51
     <p>
55 52
     Although it might seem impractical to use an automatically-generated
56 53
     service name, it serves an important goal: Everyone &ndash; including
57
-    the introduction points, the distributed hash table directory, and of course the
58
-    clients &ndash; can verify that they are talking to the right hidden
59
-    service. See also <a href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's
60
-    conjecture</a> that out of Decentralized, Secure, and Human-Meaningful,
61
-    you can achieve at most two. Perhaps one day somebody will implement a <a
62
-    href="http://www.skyhunter.com/marcs/petnames/IntroPetNames.html">Petname</a>
63
-    design for hidden service names?
64
-    </p>
65
-
66
-    <img alt="Tor hidden service step two" src="$(IMGROOT)/THS-2.png">
54
+	the introduction points, the distributed hash table directory, and of
55
+	course the clients &ndash; can verify that they are talking to the right
56
+	onion service. See also <a
57
+	href="https://en.wikipedia.org/wiki/Zooko%27s_triangle">Zooko's
58
+	conjecture</a> that out of Decentralized, Secure, and Human-Meaningful, you
59
+	can achieve at most two. Perhaps one day somebody will implement a <a
60
+	href="http://www.skyhunter.com/marcs/petnames/IntroPetNames.html">Petname</a>
61
+	design for onion service names?  </p>
62
+
63
+    <img alt="Tor onion service step two" src="$(IMGROOT)/THS-2.png">
67 64
     # maybe replace "database" with "DHT"; further: how incorrect
68 65
     # is it to *not* add DB to the Tor cloud, now that begin dir cells are in
69 66
     # use?
70 67
 
71 68
     <p>
72
-    Step three: A client that wants to contact a hidden service needs
69
+    Step three: A client that wants to contact an onion service needs
73 70
     to learn about its onion address first. After that, the client can
74 71
     initiate connection establishment by downloading the descriptor from
75 72
     the distributed hash table. If there is a descriptor for XYZ.onion
76
-    (the hidden service could also be offline or have left long ago,
73
+    (the onion service could also be offline or have left long ago,
77 74
     or there could be a typo in the onion address), the client now
78 75
     knows the set of introduction points and the right public key to
79 76
     use. Around this time, the client also creates a circuit to another
... ...
@@ -81,49 +78,49 @@
81 78
     by telling it a one-time secret.
82 79
     </p>
83 80
 
84
-    <img alt="Tor hidden service step three" src="$(IMGROOT)/THS-3.png">
81
+    <img alt="Tor onion service step three" src="$(IMGROOT)/THS-3.png">
85 82
     # maybe add "cookie" to speech bubble, separated from the surrounded
86 83
     # "IP1-3" and "PK"
87 84
 
88 85
     <p>
89 86
     Step four: When the descriptor is present and the rendezvous
90 87
     point is ready, the client assembles an <em>introduce</em> message
91
-    (encrypted to the hidden service's public key) including the address
88
+    (encrypted to the onion service's public key) including the address
92 89
     of the rendezvous point and the one-time secret. The client sends
93 90
     this message to one of the introduction points, requesting it be
94
-    delivered to the hidden service. Again, communication takes place
91
+    delivered to the onion service. Again, communication takes place
95 92
     via a Tor circuit: nobody can relate sending the introduce message
96 93
     to the client's IP address, so the client remains anonymous.
97 94
     </p>
98 95
 
99
-    <img alt="Tor hidden service step four" src="$(IMGROOT)/THS-4.png">
96
+    <img alt="Tor onion service step four" src="$(IMGROOT)/THS-4.png">
100 97
 
101 98
     <p>
102
-    Step five: The hidden service decrypts the client's introduce message
99
+    Step five: The onion service decrypts the client's introduce message
103 100
     and finds the address of the rendezvous point and the one-time secret
104 101
     in it. The service creates a circuit to the rendezvous point and
105 102
     sends the one-time secret to it in a rendezvous message.
106 103
     </p>
107 104
 
108 105
     <p>
109
-    At this point it is of special importance that the hidden service sticks to
106
+    At this point it is of special importance that the onion service sticks to
110 107
     the same set of <a
111 108
     href="<wikifaq>#Whatsthisaboutentryguardformerlyknownashelpernodes">entry
112 109
     guards</a> when creating new circuits. Otherwise an attacker
113
-    could run his own relay and force a hidden service to create an arbitrary
110
+    could run his own relay and force an onion service to create an arbitrary
114 111
     number of circuits in the hope that the corrupt relay is picked as entry
115
-    node and he learns the hidden server's IP address via timing analysis. This
112
+    node and he learns the onion server's IP address via timing analysis. This
116 113
     attack was described by &Oslash;verlier and Syverson in their paper titled
117 114
     <a href="http://freehaven.net/anonbib/#hs-attack06">Locating Hidden
118 115
     Servers</a>.
119 116
     </p>
120 117
 
121
-    <img alt="Tor hidden service step five" src="$(IMGROOT)/THS-5.png">
118
+    <img alt="Tor onion service step five" src="$(IMGROOT)/THS-5.png">
122 119
     # it should say "Bob connects to Alice's ..."
123 120
 
124 121
     <p>
125 122
     In the last step, the rendezvous point notifies the client about successful
126
-    connection establishment. After that, both client and hidden service can
123
+    connection establishment. After that, both client and onion service can
127 124
     use their circuits to the rendezvous point for communicating with each
128 125
     other. The rendezvous point simply relays (end-to-end encrypted) messages
129 126
     from client to service and vice versa.
... ...
@@ -132,21 +129,21 @@
132 129
     <p>
133 130
     One of the reasons for not using the introduction circuit
134 131
     for actual communication is that no single relay should
135
-    appear to be responsible for a given hidden service. This is why the
136
-    rendezvous point never learns about the hidden service's identity.
132
+    appear to be responsible for a given onion service. This is why the
133
+    rendezvous point never learns about the onion service's identity.
137 134
     </p>
138 135
 
139 136
     <p>
140
-    In general, the complete connection between client and hidden service
137
+    In general, the complete connection between client and onion service
141 138
     consists of 6 relays: 3 of them were picked by the client with the third
142
-    being the rendezvous point and the other 3 were picked by the hidden
139
+    being the rendezvous point and the other 3 were picked by the onion
143 140
     service.
144 141
     </p>
145 142
 
146
-    <img alt="Tor hidden service step six" src="$(IMGROOT)/THS-6.png">
143
+    <img alt="Tor onion service step six" src="$(IMGROOT)/THS-6.png">
147 144
 
148 145
     <p>
149
-    There are more detailed descriptions about the hidden service protocol than
146
+    There are more detailed descriptions about the onion service protocol than
150 147
     this one. See the
151 148
     <a href="<svnprojects>design-paper/tor-design.pdf">Tor design paper</a>
152 149
     for an in-depth design description and the
... ...
@@ -52,7 +52,7 @@
52 52
            'txt'  => 'Configuring a Relay graphically',
53 53
           },
54 54
           {'url'  => 'docs/tor-hidden-service',
55
-           'txt'  => 'Configuring a Hidden Service',
55
+           'txt'  => 'Configuring an Onion Service',
56 56
           },
57 57
           {'url'  => 'docs/bridges',
58 58
            'txt'  => 'Understanding bridges',
... ...
@@ -22,7 +22,7 @@
22 22
     <p>Even though Tor Browser comes with a regular Tor, it will only run
23 23
     as long as you keep Tor Browser open. The following instructions will
24 24
     set up Tor without graphical interface or a browser. Many people prefer
25
-    this over TBB when they host hidden services or relay traffic for other Tor
25
+    this over TBB when they host onion services or relay traffic for other Tor
26 26
     users.  <hr>
27 27
     <a id="installing"></a>
28 28
     <h2><a class="anchor" href="#installing">Step One: Install a package manager</a></h2>
... ...
@@ -2,32 +2,32 @@
2 2
 # Revision: $Revision$
3 3
 # Translation-Priority: 3-low
4 4
 
5
-#include "head.wmi" TITLE="Tor Project: Hidden Service Configuration Instructions" CHARSET="UTF-8"
5
+#include "head.wmi" TITLE="Tor Project: Onion Service Configuration Instructions" CHARSET="UTF-8"
6 6
 <div id="content" class="clearfix">
7 7
   <div id="breadcrumbs">
8 8
     <a href="<page index>">Home &raquo; </a>
9 9
     <a href="<page docs/documentation>">Documentation &raquo; </a>
10
-    <a href="<page docs/tor-hidden-service>">Tor Hidden Service</a>
10
+    <a href="<page docs/tor-hidden-service>">Tor Onion Service</a>
11 11
   </div>
12 12
   <div id="maincol">
13
-    <h1>Configuring Hidden Services for <a href="<page index>">Tor</a></h1>
13
+    <h1>Configuring Onion Services for <a href="<page index>">Tor</a></h1>
14 14
     <hr>
15 15
 
16
-    <p>Tor allows clients and relays to offer hidden services. That is,
16
+    <p>Tor allows clients and relays to offer onion services. That is,
17 17
     you can offer a web server, SSH server, etc., without revealing your
18 18
     IP address to its users. In fact, because you don't use any public address,
19
-    you can run a hidden service from behind your firewall.
19
+    you can run an onion service from behind your firewall.
20 20
     </p>
21 21
 
22
-    <p>If you have Tor installed, you can see hidden services in action
22
+    <p>If you have Tor installed, you can see onion services in action
23 23
     by visiting this <a href="http://duskgytldkxiuqc6.onion/">sample
24 24
     site</a>.
25 25
     </p>
26 26
 
27 27
     <p>
28
-    This page describes the steps for setting up your own hidden service
29
-    website. For the technical details of how the hidden service protocol
30
-    works, see our <a href="<page docs/hidden-services>">hidden service
28
+    This page describes the steps for setting up your own onion service
29
+    website. For the technical details of how the onion service protocol
30
+    works, see our <a href="<page docs/hidden-services>">onion service
31 31
     protocol</a> page.
32 32
     </p>
33 33
 
... ...
@@ -57,10 +57,10 @@
57 57
 
58 58
     <p>
59 59
     First, you need to set up a web server locally. Setting up a web
60
-    server can be complex. We're not going to cover how to setup a web
60
+    server can be complex. We're not going to cover how to set up a web
61 61
     server here. If you get stuck or want to do more, find a friend who
62 62
     can help you. We recommend you install a new separate web server for
63
-    your hidden service, since even if you already have one installed,
63
+    your onion service, since even if you already have one installed,
64 64
     you may be using it (or want to use it later) for a normal website.
65 65
     </p>
66 66
 
... ...
@@ -69,7 +69,7 @@
69 69
     information about you, your computer, or your location. Be sure to
70 70
     bind the web server only to localhost (if people could get to it
71 71
     directly, they could confirm that your computer is the one offering
72
-    the hidden service). Be sure that its error messages don't list
72
+    the onion service). Be sure that its error messages don't list
73 73
     your hostname or other hints. Consider putting the web server in a
74 74
     sandbox or VM to limit the damage from code vulnerabilities.
75 75
     </p>
... ...
@@ -85,10 +85,10 @@
85 85
 
86 86
     <hr>
87 87
     <a id="two"></a>
88
-    <h2><a class="anchor" href="#two">Step Two: Configure your hidden service</a></h2>
88
+    <h2><a class="anchor" href="#two">Step Two: Configure your onion service</a></h2>
89 89
     <br>
90 90
 
91
-    <p>Next, you need to configure your hidden service to point to your
91
+    <p>Next, you need to configure your onion service to point to your
92 92
     local web server.
93 93
     </p>
94 94
 
... ...
@@ -102,21 +102,21 @@
102 102
 
103 103
     <p>
104 104
     This section of the file consists of groups of lines, each representing
105
-    one hidden service. Right now they are all commented out (the lines
106
-    start with #), so hidden services are disabled. Each group of lines
105
+    one onion service. Right now they are all commented out (the lines
106
+    start with #), so onion services are disabled. Each group of lines
107 107
     consists of one <var>HiddenServiceDir</var> line, and one or more
108 108
     <var>HiddenServicePort</var> lines:</p>
109 109
     <ul>
110
-    <li><var>HiddenServiceDir</var> is a directory where Tor will store information
111
-    about that hidden service.  In particular, Tor will create a file here named
112
-    <var>hostname</var> which will tell you the onion URL.  You don't need to
113
-    add any files to this directory. Make sure this is not the same directory
114
-    as the hidserv directory you created when setting up thttpd, as your
115
-    HiddenServiceDir contains secret information!</li>
116
-    <li><var>HiddenServicePort</var> lets you specify a virtual port (that is, what
117
-    port people accessing the hidden service will think they're using) and an
118
-    IP address and port for redirecting connections to this virtual port.</li>
119
-    </ul>
110
+	<li><var>HiddenServiceDir</var> is a directory where Tor will store
111
+	information about that onion service.  In particular, Tor will create a
112
+	file here named <var>hostname</var> which will tell you the onion URL.  You
113
+	don't need to add any files to this directory. Make sure this is not the
114
+	same directory as the hidserv directory you created when setting up thttpd,
115
+	as your HiddenServiceDir contains secret information!</li>
116
+	<li><var>HiddenServicePort</var> lets you specify a virtual port (that is,
117
+	what port people accessing the onion service will think they're using) and
118
+	an IP address and port for redirecting connections to this virtual
119
+	port.</li> </ul>
120 120
 
121 121
     <p>Add the following lines to your torrc:
122 122
     </p>
... ...
@@ -126,17 +126,15 @@
126 126
     HiddenServicePort 80 127.0.0.1:8080
127 127
     </pre>
128 128
 
129
-    <p>You're going to want to change the <var>HiddenServiceDir</var> line, so it points
130
-    to an actual directory that is readable/writeable by the user that will
131
-    be running Tor. The above line should work if you're using the OS X Tor
132
-    package. On Unix, try "/home/username/hidden_service/" and fill in your own
133
-    username in place of "username". On Windows you might pick:</p>
134
-    <pre>
135
-    HiddenServiceDir C:\Users\username\Documents\tor\hidden_service
136
-    HiddenServicePort 80 127.0.0.1:8080
137
-    </pre>
129
+	<p>You're going to want to change the <var>HiddenServiceDir</var> line, so
130
+	it points to an actual directory that is readable/writeable by the user
131
+	that will be running Tor. The above line should work if you're using the OS
132
+	X Tor package. On Unix, try "/home/username/hidden_service/" and fill in
133
+	your own username in place of "username". On Windows you might pick:</p>
134
+	<pre> HiddenServiceDir C:\Users\username\Documents\tor\hidden_service
135
+	HiddenServicePort 80 127.0.0.1:8080 </pre>
138 136
 
139
-    <p>Note that since 0.2.6, both <var>SocksPort</var> and <var>HiddenServicePort</var> support Unix socket. 
137
+    <p>Note that since 0.2.6, both <var>SocksPort</var> and <var>HiddenServicePort</var> support Unix sockets. 
140 138
     This means that you can point the <var>HiddenServicePort</var> to a Unix socket:</p>
141 139
     <pre>
142 140
     HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
... ...
@@ -145,22 +143,22 @@
145 143
 
146 144
     <p>Now save the torrc and restart your tor.</p>
147 145
 
148
-    <p>If Tor starts up again, great. Otherwise, something is wrong. First look at
149
-    your logfiles for hints. It will print some warnings or error messages. That
150
-    should give you an idea what went wrong. Typically there are typos in the torrc
151
-    or wrong directory permissions (See <a href="<page docs/faq>#Logs">the
152
-    logging FAQ entry</a> if you don't know how to enable or find your
153
-    log file.)
154
-    </p>
146
+	<p>If Tor starts up again, great. Otherwise, something is wrong. First look
147
+	at your logfiles for hints. It will print some warnings or error messages.
148
+	That should give you an idea what went wrong. Typically there are typos in
149
+	the torrc or wrong directory permissions (See <a href="<page
150
+	docs/faq>#Logs">the logging FAQ entry</a> if you don't know how to enable
151
+	or find your log file.) </p>
155 152
 
156
-    <p>When Tor starts, it will automatically create the <var>HiddenServiceDir</var>
157
-    that you specified (if necessary), and it will create two files there.</p>
153
+	<p>When Tor starts, it will automatically create the
154
+	<var>HiddenServiceDir</var> that you specified (if necessary), and it will
155
+	create two files there.</p>
158 156
 
159 157
     <dl>
160 158
     <dt><var>private_key</var></dt>
161
-    <dd>First, Tor will generate a new public/private keypair for your hidden
159
+    <dd>First, Tor will generate a new public/private keypair for your onion
162 160
     service. It is written into a file called "private_key". Don't share this key
163
-    with others -- if you do they will be able to impersonate your hidden
161
+    with others -- if you do they will be able to impersonate your onion
164 162
     service.</dd>
165 163
     <dt><var>hostname</var></dt>
166 164
     <dd>The other file Tor will create is called "hostname". This contains
... ...
@@ -175,7 +173,7 @@
175 173
     to view these files.</p>
176 174
 
177 175
     <p>Now that you've restarted Tor, it is busy picking introduction points
178
-    in the Tor network, and generating a <em>hidden service
176
+    in the Tor network, and generating an <em>onion service
179 177
     descriptor</em>. This is a signed list of introduction points along with
180 178
     the service's full public key. It anonymously publishes this descriptor
181 179
     to the directory servers, and other people anonymously fetch it from the
... ...
@@ -197,9 +195,9 @@
197 195
     want to make a backup copy of the <var>private_key</var> file somewhere.
198 196
     </p>
199 197
 
200
-    <p>If you want to forward multiple virtual ports for a single hidden
198
+    <p>If you want to forward multiple virtual ports for a single onion
201 199
     service, just add more <var>HiddenServicePort</var> lines.
202
-    If you want to run multiple hidden services from the same Tor
200
+    If you want to run multiple onion services from the same Tor
203 201
     client, just add another <var>HiddenServiceDir</var> line. All the following
204 202
     <var>HiddenServicePort</var> lines refer to this <var>HiddenServiceDir</var> line, until
205 203
     you add another <var>HiddenServiceDir</var> line:
... ...
@@ -214,12 +212,12 @@
214 212
     HiddenServicePort 22 127.0.0.1:22
215 213
     </pre>
216 214
 
217
-    <p>Hidden services operators need to practice proper operational security
215
+    <p>Onion services operators need to practice proper operational security
218 216
     and system administration to maintain security. For some security
219 217
     suggestions please make sure you read over Riseup's <a
220
-    href="https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices">"Tor
221
-    hidden services best practices" document</a>. Also, here are some more
222
-    anonymity issues you should keep in mind:
218
+	href="https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices">"Tor
219
+	Hidden (Onion) Services Best Practices" document</a>. Also, here are some
220
+	more anonymity issues you should keep in mind:
223 221
 
224 222
     </p>
225 223
     <ul>
... ...
@@ -227,27 +225,26 @@
227 225
     identifying information about you, your computer, or your location.
228 226
     For example, readers can probably determine whether it's thttpd or
229 227
     Apache, and learn something about your operating system.</li>
230
-    <li>If your computer isn't online all the time, your hidden service
228
+    <li>If your computer isn't online all the time, your onion service
231 229
     won't be either. This leaks information to an observant adversary.</li>
232
-    <li>It is generally a better idea to host hidden services on a Tor client
230
+    <li>It is generally a better idea to host onion services on a Tor client
233 231
     rather than a Tor relay, since relay uptime and other properties are
234 232
     publicly visible.</li>
235
-    <li>The longer a hidden is online, the higher the risk that its
233
+    <li>The longer an onion service is online, the higher the risk that its
236 234
     location is discovered. The most prominent attacks are building a
237
-    profile of the hidden service's availability and matching induced
235
+    profile of the onion service's availability and matching induced
238 236
     traffic patterns.</li>
239 237
     </ul>
240 238
 
241 239
     <p>Another common issue is whether to use HTTPS on your relay or
242 240
     not. Have a look at this <a
243
-    href="https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs">post</a>
244
-    on the Tor Blog to learn more about these issues.
241
+    href="https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs">post</a> on the Tor Blog to learn more about these issues.
245 242
     </p>
246 243
 
247 244
     <p>Finally, feel free to use the <a
248 245
     href="https://lists.torproject.org/pipermail/tor-onions/">[tor-onions]
249 246
     mailing list</a> to discuss the secure administration and operation of
250
-    Tor hidden services.</p>
247
+    Tor onion services.</p>
251 248
 
252 249
   </div>
253 250
   <!-- END MAINCOL -->
... ...
@@ -53,7 +53,7 @@
53 53
            'txt'  => 'Configuring a Relay graphically',
54 54
           },
55 55
           {'url'  => 'docs/tor-hidden-service',
56
-           'txt'  => 'Configuring a Hidden Service',
56
+           'txt'  => 'Configuring an Onion Service',
57 57
           }, 
58 58
           {'url'  => 'docs/bridges',
59 59
            'txt'  => 'Configuring a Bridge Relay',
... ...
@@ -88,7 +88,7 @@
88 88
           </li>
89 89
           <li>
90 90
             <p><strong>I would like to know more about how Tor works,
91
-            what hidden services are, or how to run a relay.</strong></p>
91
+            what onion services are, or how to run a relay.</strong></p>
92 92
             <p><a href="<page docs/faq>"
93 93
             target="_blank">This Tor Project FAQ</a> has answers to all
94 94
             those questions, and more.</p>
... ...
@@ -14,7 +14,7 @@
14 14
     <ol>
15 15
     <li>Please consider <a href="<page docs/tor-doc-relay>">running
16 16
     a relay</a> to help the Tor network grow.</li>
17
-    <li>Tell your friends! Get them to run relays. Get them to run hidden
17
+    <li>Tell your friends! Get them to run relays. Get them to run onion
18 18
     services. Get them to tell their friends.</li>
19 19
     <li>If you like Tor's goals, please <a href="<page donate/donate>">take a moment
20 20
     to donate to support further Tor development</a>. We're also looking
... ...
@@ -378,12 +378,12 @@ meetings around the world.</li>
378 378
 
379 379
     <p>
380 380
     <b>Project Ideas:</b><br />
381
-    <i><a href="#improveHiddenServices">Help improve Tor hidden services</a></i><br />
381
+    <i><a href="#improveOnionServices">Help improve Tor onion services</a></i><br />
382 382
     <i><a href="#torFuzzing">Fuzzing coverage of Tor</a></i><br />
383 383
     <i><a href="#relayCryptoParallelism">Relay crypto parallelism</a></i><br />
384 384
     <i><a href="#anonymousLocalCountStatistics">Anonymous local count statistics</a></i><br />
385 385
     <i><a href="#improveSocks5Variant">Improved SOCKS5 variant</a></i><br />
386
-    <i><a href="#hiddenServiceCryptoParallelism">Hidden service crypto parallelism</a></i><br />
386
+    <i><a href="#onionServiceCryptoParallelism">Onion service crypto parallelism</a></i><br />
387 387
     <i><a href="#supportAllDNS">Support all kinds of DNS in Tor</a></i><br />
388 388
     <i><a href="#improveIpv6Support">Improve IPv6 support</a></i>
389 389
     </p>
... ...
@@ -765,28 +765,29 @@ meetings around the world.</li>
765 765
 
766 766
     <ol>
767 767
 
768
-    <a id="improveHiddenServices"></a>
768
+	#Keep old ids in case of incoming links.
769
+    <a id="improveOnionServices"></a><a id="improveHiddenServices"></a>
769 770
     <li>
770
-    <b>Help improve Tor hidden services</b>
771
+    <b>Help improve Tor onion services</b>
771 772
     <br>
772 773
     Language: <i>C</i>
773 774
     <br>
774 775
     Likely Mentors: <i>George (asn), David Goulet (dgoulet)</i>
775 776
     <br><br>
776 777
     <p>
777
-The hidden services team is busy implementing <a
778
+The onion services team is busy implementing <a
778 779
 href="https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt">proposal
779
-224</a> but we are always open to mentoring fun and exciting hidden
780
+224</a> but we are always open to mentoring fun and exciting onion
780 781
 service projects.
781 782
     </p>
782 783
 
783 784
     <p>
784
-In the past, we've mentored a wide variety of projects related to hidden
785
+In the past, we've mentored a wide variety of projects related to onion
785 786
 services, ranging from <a
786 787
 href="https://lists.torproject.org/pipermail/tor-dev/2016-April/010832.html">onion
787 788
 search engines</a>, <a
788 789
 href="https://lists.torproject.org/pipermail/tor-talk/2015-May/037966.html">to
789
-scaling techniques for hidden services</a>,
790
+scaling techniques for onion services</a>,
790 791
 and also various approaches
791 792
 of making onion services more <a
792 793
 href="https://lists.torproject.org/pipermail/tor-dev/2012-June/003588.html">usable</a>
... ...
@@ -892,24 +893,25 @@ For more information <a href="https://trac.torproject.org/projects/tor/ticket/12
892 893
     </p>
893 894
     </li>
894 895
 
895
-    <a id="hiddenServiceCryptoParallelism"></a>
896
+	#Keep old ids in case of incoming links.
897
+    <a id="onionServiceCryptoParallelism"></a><a id="hiddenServiceCryptoParallelism"></a>
896 898
     <li>
897
-    <b>Hidden service crypto parallelism</b>
899
+    <b>Onion service crypto parallelism</b>
898 900
     <br>
899 901
     Likely Mentors: <i>Nick (nickm), David Goulet (dgoulet)</i>
900 902
     <br><br>
901 903
     <p>
902
-Hidden services, hidden service clients, hidden service directories,
904
+Onion services, onion service clients, onion service directories,
903 905
 and introduction points all need to do a few public-key operations as
904 906
 they operate.  But right now, these operations are all done on the
905 907
 main thread.  It would be good to have these run across multiple cores.
906 908
     </p>
907 909
 
908 910
     <p>
909
-This could probably be done in a way similar to how we currently hand
911
+This could probably be done in a way similar to how we currently handle
910 912
 circuit extension handshakes in onion.c and cpuworker.c, but we'd need
911
-to extend the state machine for hidden services to add an additional
912
-state.  It could help hidden services operate much more efficiently.
913
+to extend the state machine for onion services to add an additional
914
+state.  It could help onion services operate much more efficiently.
913 915
     </p>
914 916
 
915 917
     <p>
... ...
@@ -1060,13 +1062,13 @@ For more information <a href="https://trac.torproject.org/projects/tor/ticket/17
1060 1062
 
1061 1063
     <a id="ahmiaSearch"></a>
1062 1064
     <li>
1063
-    <b>Ahmia - Hidden Service Search</b>
1065
+    <b>Ahmia - Onion Service Search</b>
1064 1066
     <br>
1065 1067
     Language: <i>Python, Django</i>
1066 1068
     <br>
1067 1069
     Likely Mentors: <i>Juha Nurmi (numes), George (asn)</i>
1068 1070
     <p>
1069
-    Ahmia is open-source search engine software for Tor hidden service deep
1071
+    Ahmia is open-source search engine software for Tor onion service deep
1070 1072
     dark web sites. You can test the running search engine at ahmia.fi. For
1071 1073
     more information see our <a
1072 1074
     href="https://blog.torproject.org/category/tags/ahmiafi">blog post about
... ...
@@ -1075,7 +1077,7 @@ For more information <a href="https://trac.torproject.org/projects/tor/ticket/17
1075 1077
 
1076 1078
     <p>
1077 1079
     Ahmia is a working search engine that indexes, searches, and catalogs
1078
-    content published on Tor Hidden Services. Furthermore, it is an environment
1080
+    content published on Tor Onion Services. Furthermore, it is an environment
1079 1081
     to share meaningful insights, statistics, insights, and news about the Tor
1080 1082
     network itself. In this context, there is a lot of work to do.
1081 1083
     </p>
... ...
@@ -1098,7 +1100,7 @@ For more information <a href="https://trac.torproject.org/projects/tor/ticket/17
1098 1100
           <li>Remove these sites from the search results</li>
1099 1101
         </ul>
1100 1102
       </li>
1101
-      <li>Add hidden services funtion (very important)<br />
1103
+      <li>Add onion services function (very important)<br />
1102 1104
         <ul>
1103 1105
           <li>You can add onions using HTML form</li>
1104 1106
           <li>Call the crawler immidiately when a new site is added</li>
... ...
@@ -45,7 +45,7 @@
45 45
         <ul>
46 46
           <li><a href="<page donate/donate-foot>">Donate</a></li>
47 47
           <li><a href="<page docs/documentation>#MailingLists">Mailing Lists</a></li>
48
-          <li><a href="<page docs/hidden-services>">Hidden Services</a></li>
48
+          <li><a href="<page docs/hidden-services>">Onion Services</a></li>
49 49
           <li><a href="<page getinvolved/translation>">Translations</a></li>
50 50
 #          <li><a href="<page getinvolved/open-positions>">Careers</a></li>
51 51
         </ul>
... ...
@@ -72,16 +72,16 @@
72 72
     <h2>How can I run my own private TorDNSEL?</h2>
73 73
 
74 74
     <p>You can learn all about the code for TorDNSEL by visiting the <a
75
-    href="http://p56soo2ibjkx23xo.onion/">official hidden service</a> through
75
+    href="http://p56soo2ibjkx23xo.onion/">official onion service</a> through
76 76
     Tor.</p>
77 77
 
78 78
     <p>You can download the latest source release from the <a
79
-    href="http://p56soo2ibjkx23xo.onion/dist/tordnsel-0.0.6.tar.gz">hidden
79
+    href="http://p56soo2ibjkx23xo.onion/dist/tordnsel-0.0.6.tar.gz">onion
80 80
     service</a> or from a
81 81
     <a href="/tordnsel/dist/tordnsel-0.0.6.tar.gz">
82 82
     local mirror</a>. It's
83 83
     probably wise to check out the current revision from the darcs repository
84
-    hosted on the aforementioned hidden service.</p>
84
+    hosted on the aforementioned onion service.</p>
85 85
 
86 86
     <p>For more information or to report something useful, please email
87 87
 the