A recent report from SOS Intelligence researcher Amir Hadzipasic highlights a critical misconfiguration in Tor hidden services that can leak the real IP addresses and server data of operators. The Tor network is designed to anonymize both users and website operators by routing traffic through multiple relays, but certain setup errors can undermine this protection.
According to the report, the issue arises when hidden services are not properly configured to use Tor exclusively, allowing direct connections from the server to the internet. This can expose the server's true IP address, defeating the anonymity that Tor provides. Hadzipasic's analysis indicates that such misconfigurations are not uncommon, particularly among less experienced operators.
The findings underscore the importance of following Tor's official guidelines for setting up hidden services. Operators are advised to ensure that their web servers only listen on localhost and that all traffic is routed through Tor. Failure to do so can lead to deanonymization, potentially exposing operators to legal or security risks.
As of June 2026, the Tor Project has not issued a specific security advisory for this misconfiguration, but the report serves as a reminder for operators to audit their setups. The full details of Hadzipasic's research are available from SOS Intelligence.
