[$ ] node/tor hidden service — Tor v3 hidden-service hosting, Iceland and Romania
// NAME
node/tor hidden service — Tor v3 hidden-service hosting, no-KYC crypto billing (XMR / BTC / Lightning / LTC / ETH / USDT via OxaPay), deployed in Iceland and Romania.
Every Tor node ships with a hardened tor.conf, no clearnet listener, and sshd reachable only via onion-auth (rend-spec-v3 §G.5). The shape is opinionated on purpose: a Tor hidden-service VPS that exposes a clearnet sshd is a Tor hidden-service VPS waiting to be deanonymised by traffic correlation.
We don't run exits from these tiers — exit-relay operation is a different legal posture and the brand offers Lokinet for the exit-flavoured workload. These are tuned for hidden services and non-exit middle relays. If you want to add a relay role on top, the manual covers the exact tor.conf delta.
tor-* tiers are the right pick when the workload is a v3 hidden service that must not have a clearnet IP exposed at any point in its lifecycle. The provisioning flow runs the box without ever binding a public IPv4 listener — sshd is reachable only via onion v3 onion-auth (rend-spec-v3 §G); the customer's service binds to 127.0.0.1 and the local Tor daemon publishes the .onion. Vanity-prefix .onion (mkp224o, capped at 8 characters) is included, generated at provisioning before the keys ever leave the box.
tor-* tiers are not the right pick when the workload also needs a clearnet endpoint (use /node/vps with manual Tor configuration), when the workload needs Tor relay throughput rather than hidden-service serving (use /node/vps with the runbook at /docs/run-non-exit-tor-relay), or when the threat model can tolerate a clearnet sshd alongside the hidden service (the tor-* commitment to no-clearnet-listener has costs in operational ergonomics).
Iceland or Romania, customer's pick. The operator's recommendation for high-stakes hidden services is Iceland — Höfundalög nr. 73/1972 lacks a takedown-without-court-order procedure, the practical jurisdictional posture is the strongest in the catalog. Romania (Legea nr. 8/1996) is also supported.
// TIER COMPARISON
$ diff /etc/xmrhost/tiers.d/*
tor-1 (1 vCPU / 2 GB) is sized for a single low-traffic hidden service — a personal blog, a contact-form behind .onion, an XMPP / Matrix homeserver for ≤ 10 users. tor-2 (2 vCPU / 4 GB) is the recommendation for an active mid-traffic hidden service — Discourse forum behind .onion, mid-sized Matrix homeserver, a busy contact-form for a newsroom. tor-4 (4 vCPU / 8 GB) is sized for high-traffic services — a SecureDrop intake, a federated Matrix homeserver behind .onion, a multi-service deployment.
All tiers ship with the same Tor configuration baseline (HardwareAccel 1, SafeLogging 1, ExitPolicy reject *:* — the box is not a relay), the same hardening defaults (KSPP kernel, no clearnet listener, sshd via onion-auth), and 2 onion-auth client keys provisioned by default on tor-2+. Vanity .onion is included on every tier.
// FAQ
$ faq -t tor-hidden-service
Q.Can I host a clearnet site alongside the .onion?
A.Not on the tor-* tiers — those are onion-only by design (the brand commitment). If you need clearnet + .onion, /node/vps with manual Tor configuration is the right pick; the runbook at /docs/provision-tor-hidden-service walks through the setup.
Q.Is mkp224o vanity .onion required?
A.No, optional — generated at provisioning if you ask for a prefix at order time. mkp224o is convenience, not security: a typed-out .onion is hard to verify regardless of prefix, so the rend-spec-v3 onion-bookmark workflow is the actual mitigation for typo-squatting.
Q.Where is the Tor hidden service hosted?
A.Iceland (recommended for high-stakes services) or Romania, customer's pick at order time. Both are RIPE jurisdictions inside the EEA (Iceland is outside the EU but within the EEA for GDPR purposes); the comparison at /vs/iceland-vs-romania-offshore-jurisdiction covers the legal-process differences in detail.
Q.Do you process abuse complaints sent against the .onion?
A.No. The xmrhost operator does NOT run a third-party abuse-report intake — DMCA-format notices, brand-monitoring claims, informal takedown requests against tenant content all receive no action and no acknowledgement. Tenant enforcement under the AUP (/legal/aup) is operator-discretion based on the operator's own observations, not on third-party reports. The only inbound legal channel is a court-issued order from a competent tribunal under Iceland Höfundalög nr. 73/1972 or Romania Legea nr. 8/1996, processed by counsel. CSAM is the explicit hard-prohibition; the operator detects it via its own controls.
Q.Can I run a Tor relay alongside the hidden service?
A.Not preconfigured — the tor-* tiers run a Tor client + hidden service only, not a relay. Co-locating a relay on the same box does not improve hidden-service anonymity (the rendezvous protocol does not involve the local relay) and adds attack surface. Run a relay on a separate /node/vps; the runbook is at /docs/run-non-exit-tor-relay.