Proposal for Tor Hidden Services

The purpose of hidden services is not to protect its users, but content providers, so I don't see a reason for existing platforms such as Twitter, Blogspot or Rapidshare to also provide a hidden service interface (as suggested by Phobos at Torproject): Users can already maintain their own blog on existing platforms using Tor. More importantly, we need to protect the platforms themselves (besides authors). We need are blog and file sharing engines readily "ported" to offer anonymity. I imagine a very simple interface where you can create your own blog just by writing your first post - no need to register. What about a file dump, where anyone can upload files, including a short description, on a hidden service?

Why do you need to modify existing software? Because both publisher and hoster need to stay anonymous. If the hidden server allows its users to execute server side scripts, anonymity is endangered. Is it good enough to just bind Apache to a local interface and block it from accessing the external network directly using a firewall (such as iptables)? Can I use a single Apache installation for both public and hidden services, using different virtual server configurations? What about other server variables or directory structure that can be easily read? The timestamp alone can be used to narrow the search. Also, we need to provide preconfigured web servers (and other software) that does not log IP addresses. It only takes a few minutes to modify an Apache configuration appropriately, but most users don't know how to do it (and don't really want to know). Most publishing platforms have IP-based logging mechanisms that need to be removed. I wonder if the Tor2Web "Freedom Hoster" is protected against attacks "from within".

If you offer free, Tor-prepared software packages, and simple guides to set up secure servers, more people will set up hidden services, and eventually, journalists will use them.