back to article Cloudflare experiments with hidden Tor services

Cloudflare has added a Tor hidden service to its DNS services. Launching the service, the company explained that while it wipes logs and doesn't write client IP addresses to disk, “exceptionally privacy-conscious folks might not want to reveal their IP address to the resolver at all, and we respect that.” The resolver's …

  1. Am I Paranoid Enough?

    Two things...

    Time to find out how to install TOR for all connections from my Linux box. and....

    Would this help defeat the Windows slurp that by-passes all other efforts including MS remote access when they feel the need?

    As this is down the list of priorities, any pointers gratefully received.

    1. Anonymous Coward
      Anonymous Coward

      Re: Two things...

      Clearly, you've never heard of Tails.

      https://tails.boum.org/

      If you already own a tin foil hat and a thumb drive, you need to try running Tails!

  2. Anonymous Coward
    Anonymous Coward

    If you do, I hope you picked a flavour without systemd, as "Zee Poot" seems to have a specific opinion on how your DNS is supposed to work...

    https://github.com/systemd/systemd/issues/7182

    1. Anonymous Coward
      Anonymous Coward

      Ah, systemd at play again...

      "If you do, I hope you picked a flavour without systemd, as "Zee Poot" seems to have a specific opinion on how your DNS is supposed to work...

      https://github.com/systemd/systemd/issues/7182"

      Thanks for the heads-up on this one AC!

  3. Anonymous Coward
    Anonymous Coward

    Hmmm, I'll see if pi-hole can use it ....

  4. tentimes

    Confused

    What does this actually mean, in practice, for me using the TOR browser? Can I integrate cloudflare with it and then just type in "dreammarket.onion" or something like that?

    1. Ben Tasker Silver badge

      Re: Confused

      Currently, not that much.

      So far, they've only launched Hidden Service support for their DNS over HTTPS (DoH) service.

      What it means is that rather than transiting the open internet (whether directly or passing through Tor first), your lookups can go to their resolver without leaving the Tor network. That's a good thing (reduces usage of the limited exit node bandwidth, provides strong authentication that you're talking to an authorised server etc).

      What they haven't launched (I suspect the word yet applies here) is support for hosting hidden services via Cloudflare. Though why anyone would want to....

  5. Paul Hovnanian Silver badge

    Cloudflare

    ... is a rather large business with several large investors and numerous customers. It has quite a large attack surface for various government agencies to work on. So it's not inconceivable that they might choose to build back doors when requested rather than just go out of business.

  6. JohnFen Silver badge

    No source?

    I couldn't find the source for cloudflared. Without the source, this is a nonstarter, as it requires trusting Cloudflare.

    1. Anonymous Coward
      Anonymous Coward

      Re: No source?

      Mmmm Trust Cloudflare.... what could possibly go wrong??

  7. Anonymous Coward
    Anonymous Coward

    a TOR point in the process

    Spies could just setup and intermediate server as a participant in TOR and you would route thru them.

    The country you use can see you connect to TOR regardless of Cloudfare.

    Teclo's can watch local TOR Points with a TOR browser, logging them as they pop up, including Cloudfare links.

    So good luck with the anonymous folks

  8. shreyasonline

    Cloudflare DNS over Tor option made easy to use

    A new free open source tool is available created by me called Technitium DNS Server which supports Cloudflare's DNS over Tor option directly in its settings. Just install the software go to settings and select the option and its done. Works with Windows, Linux and MacOS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019