Hosting Location Hidden Services
Donate
Anonymous Hosting, Comparison Table of Tor Onion Services, VPN with Remote Port Forwarding, PageKite and Anonymous Third-Party Web Hosting Providers
Introduction
[edit]This page discusses and compares different hosting options that utilize location/IP hidden servers. It is possible to host anonymous services such as websites either:
- A at home using Tor Onion Services;
- B on servers you physically own; or
- C using (free) services provided by third parties, such as free
.onionweb space, VPS servers, and other web space.
The five most common methods of running location-hidden servers include:
- A Tor Onion Services,
- B using a VPN provider with remote port forwarding,
- C local host tunneling such as PageKite
(which makes your local host a server), - D
.onionwebspace, and via anonymous third-party web hosting providers.
An overview of these methods and a comparison table are provided below. Readers who are unsure of which method to use are recommended to review Tor Onion Services, since they are the easiest to configure and provide the strongest anonymity.
Anonymous Hosting Overview
[edit]Tor Onion Services
[edit]One way to host a location hidden service is Tor Onion Services.
Onion Services provide a number of benefits. First, they are censor-resistant, which means that nobody can take the .onion domain offline unless they compromise the host and/or successfully perform a flood attack. [1] In addition, Onion Services are accessible over tor2web via HTTP, although this is not as censor-resistant as the (Are there still functional tor2web instances nowadays?)
.onion domain itself.
Onion Services are free and do not require any registration to run (no sign-up is required). Further, they do not require any additional software other than the server software that will be run anonymously. Onion Services are flexible insofar as they can easily be run at home, on any server physically owned, or on (anonymous) third-party web hosting providers.
Here is in context of Whonix how Tor Onion Services could be used for the purpose of hosting a location hidden service.
1 Read the Onion Services documentation.
- Instructions: Refer to Onion Services for full setup instructions.
2 Decide where to run the Onion Service.
- At home: Run the service on your own hardware.
- Owned server: Run the service on a server you physically own.
- Third-party hosting: Run the service on a third-party server, if desired.
3 Install the server software inside Whonix-Workstation.
- Web server: For example, a web server such as lighttpd.
- Other services: Onion Services can also publish non-web services.
4 Configure Tor on Whonix-Gateway.
- Configuration: Use the documented Onion Service configuration method from Onion Services.
5 Test reachability over .onion.
- Verification: Confirm that the service is reachable using the generated
.onionaddress.
6 Done.
Notes:
- No registration: Onion Services do not require a sign-up.
- No anonymous money: Onion Services are free to run.
- Visitor requirements: Visitors generally need Tor to access the
.onionaddress. - Server security: If an adversary compromises the host or the server software, this can have serious consequences. See Onion Services for guidance and further reading.
There are also alternatives to Tor Onion Services.
VPN with Remote Port Forwarding
[edit]Hosting location hidden services is not exclusive to Tor Onion Services. Using a VPN with Remote Port Forwarding is a totally different method.
Here is in context of Whonix how a VPN with remote port forwarding could be used for the purpose of hosting a location hidden service.
1 Get anonymous money.
2 Purchase a VPN that supports both remote port forwarding and TCP.
- Why not UDP? See Tor, UDP.
- Which VPN? Undocumented.
3 Install the VPN inside Whonix-Workstation.
4 Open a remote port using the VPN software configuration.
5 Install the server software inside Whonix-Workstation.
6 Done.
The server software should now be reachable on the IP and port provided by the VPN.
Notes:
- Public IP address: Provided by the VPN provider.
- Incoming port: Provided by the VPN provider.
- Tor configuration: Not required for this method. This is because the incoming port would be provided by the VPN and not by Tor.
- Home router port opening: Not required. Reconfiguring the user's home router for this purpose is discouraged.
The level of censorship resistance afforded by VPNs depends on the specific provider used. While services will be reachable by a wider audience (clients) because Tor is not required, there are probably no free VPN services that provide Remote Port Forwarding.
Unlike Onion Services, registration/sign-up is very likely required, which is a challenge to maintaining anonymity. On the upside, this configuration can be run at home, on any server physically owned, or on (anonymous) third-party web hosting providers.
PageKite
[edit]PageKite is another alternative service that has been tested inside Whonix-Workstation™, and it is functional out of the box (although it is less tested by Whonix developers).
PageKite is a subscription-based service, but it is free for Free Software authors; an application for a free account is required. Further, it is necessary to comply with the PageKite terms of service, register, and provide an (anonymous) E-Mail address.
Here is in context of Whonix how PageKite could be used for the purpose of hosting a location hidden service.
1 Decide whether anonymous money is required.
- Free account: PageKite is free for Free Software authors, but an application for a free account is required.
- Paid subscription: If using a paid subscription, obtain anonymous money first.
2 Create a PageKite account and choose how the service will be addressed.
- PageKite domain: Use a PageKite-provided domain / subdomain (subject to PageKite policies and legislation).
- Own domain: Use your own domain, if desired. [2]
3 Install PageKite inside Whonix-Workstation.
4 Install and configure the server software inside Whonix-Workstation.
- Local service: Ensure the web server (or other server software) is reachable locally on the intended IP address and port.
5 Configure PageKite to publish the local service.
- Mapping: Configure PageKite to forward incoming connections to the local IP address and port used by the server software.
6 Start PageKite and verify external reachability.
- Test: Confirm that the service is reachable using the PageKite-provided address (or your own domain, if configured).
Besides this entry, there is no documentation for pairing PageKite with Whonix. However, it is relatively simple to use, and their service is well-documented; see Running PageKite over Tor and the footnotes. [3]
Notes:
- Tor requirement: PageKite can provide a clearnet reachable service without requiring visitors to use Tor.
- Tor routing option: PageKite can optionally be used over Tor; see Running PageKite over Tor and Stream Isolation.
- Registration requirement: Registration is required (including an (anonymous) E-Mail address), which is a challenge to maintaining anonymity.
- Online requirement: The service is only reachable while the local server and PageKite client are running.
Anonymous Web Third-Party Hosting Providers
[edit]| About this Anonymous Third Party Hosts wiki chapter Contributor maintained wiki page. | |
|---|---|
| Support Status | stable |
| Difficulty | medium |
| Contributor | FranklyFlawless
|
| Support | Community support only! / List of Hosting Providers That Accept Cryptocurrencies as Payment
|
There are many so-called offshore or anonymous web hosting companies. Most of these hosting companies do not really offer anonymity because they usually require valid registration data (real name, etc.), forbid registration over Tor, and/or do not offer anonymous payment methods.
The ones listed in the following table are Tor user-friendly, accept anonymous registration, and can be paid anonymously with cryptocurrencies, including stablecoins.
COMMUNITY SUPPORT ONLY :
THIS wiki CHAPTER only
is only supported by the community. Whonix developers are very unlikely to provide free support for this content.
See Community Support for further information, including implications and possible alternatives.
Also note:
- There are some free
.onionweb hosting services, as well as paid ones. - Anonymous VPS servers also exist, but none are free; this necessitates the use of anonymous money.
Warning: The Whonix project does not vet or endorse any of these services. No guarantees are made regarding their trustworthiness, reliability, or policies.
Disclaimer: This list is community-maintained and does not reflect the views or recommendations of the Whonix team. Whonix does not investigate, verify, or endorse any of these services. Users are encouraged to do their own due diligence before engaging with any provider.
Use at your own risk. Third-Party Policies and Non-Endorsement apply! See also project transparency.
| Name | Requirement(s) | Cryptocurrencies | Last Updated |
|---|---|---|---|
1984
|
|
|
January 2026 |
| Cloudzy
|
|
|
January 2026 |
Cockbox
|
|
|
January 2026 |
| IncogNET
|
|
|
January 2026 |
| Kyun
|
|
|
January 2026 |
| Mynymbox
|
|
|
January 2026 |
| NiceVPS
|
|
|
January 2026 |
| Njalla
|
|
|
January 2026 |
| Servers Guru
|
|
|
January 2026 |
| SnowCore
|
|
|
January 2026 |
| VPSBG.eu
|
|
|
January 2026 |
Forum discussion: List of Hosting Providers That Accept Cryptocurrencies as Payment
onion Webspace
[edit]Third-party hosts offering free or paid onion webspace. No research has been done if this still exists. Undocumented.
Comparison Table
[edit]| Tor Onion Services | VPN with Remote Port Forwarding | PageKite | .onion Webspace
|
Anonymous Third-Party Web Hosting Providers | |
|---|---|---|---|---|---|
| Accessible over clearnet http(s) | tor2web only | Yes | Yes | tor2web only | Yes [4] |
Accessible over Tor .onion
|
Yes | No | No | Yes | Yes, if Tor is installed. |
| Attack against server software (lighttpd, etc.) | Fail [5] | Fail [5] | Fail [5] | Safe [6] | Safe [6] |
| Attack against Tor (onion services) | Fail [5] | Fail [5] | Fail [5] | Safe [6] | Safe [6] |
| Clearnet domain censor resistance | Depends on tor2web legislation. | Depends on domain registrar legislation. |
|
Depends on tor2web legislation. | Depends on anonymous third-party web hosting provider's legislation. |
| No anonymous money required | Yes | No (?) | Depends | Depends | No |
| No need to register | Yes | No | No | No | No |
.onion domain censor resistance
|
Highest | There is no .onion domain.
|
There is no .onion domain.
|
Depends on .onion webspace host. [8]
|
Depends on anonymous third-party web hosting provider. [8] |
| Online, when you are offline | No, only online as long as your server is online. | No, only online as long as your server is online. | No, only online as long as your server is online. | Yes [9] | Yes [9] |
| Price | Free | Paid only (?) | Depends | Some are free | Paid only |
| Server administrator cannot take away the clearnet domain. | No, tor2web can. [10] | Yes | Depends.
|
No, tor2web can. [10] | No [10] |
Server administrator cannot take away the .onion domain
|
Yes, you are the administrator. | There is no .onion domain.
|
There is no .onion domain.
|
No, they must have private keys for .onion domain to make the service work.
|
No |
| Services other than web | Yes | Yes | Yes | No | Yes |
| No port forwarding configuration in home router required | Yes | Yes | Yes | Yes | Yes |
| Further reading | Tor Onion Services | - | PageKite
|
- | - |
Conclusion
[edit]Based on the preceding overview and comparison table, each method of running location-hidden servers has both advantages and disadvantages.
Tor Onion Services provide the greatest number of advantages. It is unnecessary to learn about and obtain anonymous money, which is a difficult endeavor on its own. Further, trust is not placed in third parties; you only need to rely on your own skills to set up a server. Also, nobody can censor the server, and there is no registration or limiting terms of service.
On the downside, if an adversary compromises the onion service, it is game over. This can occur via a successful attack against Tor Onion Services, the server software, or by breaking out of Whonix. Onion Services are also only accessible over .onion (visitors need Tor), and tor2web is not indexed by search engines. Finally, Tor onion services are only online as long as the server is online.
In comparison, a free (or paid) .onion webspace host can steal the domain at any time and take it over. On the other hand, it is unnecessary to worry about server security, and successful attacks against the Tor onion service will not lead to your location or IP address.
Finally, anonymous third-party web hosting providers involve anonymous money, which is difficult on its own. However, they can provide clearnet domains and/or the service can be used to host Tor onion services. Also, there is no concern about server security, and successful attacks against Tor onion services will not lead to your location or IP address.
See Also
[edit]References
[edit]- ↑
See Thirteen years of Tor Attacks for a description of flood and other attacks against Tor.
- ↑ https://pagekite.net/wiki/Howto/CnamePageKites/
- ↑
- Instead of localhost, it is possible to use the Whonix-Gateway™ IP
10.152.152.10and a custom port such as 9159, that is, replace--torify=localhost:9050with--torify=10.152.152.10:9159. - Alternatively, the
--torifyswitch can be dropped and the default PageKite GNU/Linux tutorial instructions followed, since "misc traffic" in Whonix-Workstation is automatically routed through Tor'sTransPort. - See Stream Isolation for an explanation of "misc traffic", custom
SocksPorts, and Tor'sTransPortin Whonix.
- Instead of localhost, it is possible to use the Whonix-Gateway™ IP
- ↑ Yes, if you buy a domain.
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 Fail - it would deanonymize you.
- ↑ 6.0 6.1 6.2 6.3 Safe - you are still anonymous. The domain may be lost.
- ↑ https://pagekite.net/wiki/Howto/CnamePageKites/
- ↑ 8.0 8.1 The administrator can and will most likely see what users are doing on their server and decide accordingly.
- ↑ 9.0 9.1 Besides server downtime, in which case you can do nothing but wait until the host has fixed it.
- ↑ 10.0 10.1 10.2 10.3 They must do so, if they are forced by legislation or other reasons.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2026 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!