Clandestine Group Development With Tor’s Hidden Service Protocol


Sometimes you have a great software project you want to work on for the benefit of the community. It is so great in fact, that engaging in development is outright illegal, and the company who’s patents you are infringing upon is not afraid to come after you with a lawsuit. So you are left with a very hot programming endeavour, and the need to have a cooperative effort with others in the community to make it happen within a short period of time.

This is exactly what Tor’s Hidden Service Protocol was created for! I kid…it was created for worthy goals like promoting free speech and political dissent in oppressive regimes, but its all the same for our goals.

The Setup of the Hidden Service

Setting up a hidden repository with git and tor is pretty simple:

  1. First, you open up torrc and type in the port and directory for your hidden service.
  2. Make sure that the user/directory for your hidden service exists and is accessible.
  3. Modify your sshd_config to not accept connections from anywhere but localhost.
  4. Install and configure gitolite normally.
  5. Run tor.
  6. Locate your hidden_service directory and note what the hostname for the hidden service is. Ex: xxxxasas.onion
  7. Distribute tor service hostname anonymously.
  8. A good method could be having users post public keys in a forum that you can check anonymously.

Example of key directory for a working repo:

The Setup of client (Windows)

In order for the contributors to be able to access your repository they need to take the following steps:

1. Modify the .ssh/config file as follows:

Host hostname.onion
User g
PreferredAuthentications publickey
Compression yes
ProxyCommand /bin/connect.exe -S %h %p
IdentityFile "C:\Documents and Settings\Administrator\.ssh\YOURKEY"

2. Clone the repo-git clone g@hostname.onion:RepoName

These instructions assume that YOURKEY is a valid key that the repository owner has already added to the repo.

Clones and updates of the repository through the service will be subject to increased latency, like pretty much anything else you do through tor.  Its part of the deal, deal with it.


Learning how to use the tor hidden service protocol is probably one of the easiest, most useful things you’ll ever learn.  Use it carefully and effectively and you will be able to promote solidarity in the community.  Use it recklessly and carelessly and you might just find yourself facing that lawsuit you intended to avoid in the first place.

NOTE: As with every encryption technology, nothing is 100% safe.  Use at your own risk and don’t come crying to me if something goes wrong.  At the end of the day look on the bright side-at least you’re not risking getting killed if it fails, like some other people are.



Leave a Reply

Your email address will not be published. Required fields are marked *