The second thing you're talking about is HiddenServiceAuthorizeClient in stealth mode, which requires a cookie/key/password to access the hidden service. Descriptors are published using a distributed hash table type system. Donncha explains it well: Source: http://donncha.is/2013/05/trawling-tor-hidden-services/ Yep. In terms of optimizing for performance, the Torservers Wiki has a lot of good info for high bandwidth relays that also applies to hidden services, but in terms of security, there isn't much out there. I have seen one of the Tor developers say that if he ran a hidden service, he would put it in a VM so it doesn't know the public IP address of the server, and other people who have run hidden services support isolation techniques. Beyond that, you are left to figure it out yourself. Agreed. There have been plenty of attempts at starting forums in onionland. Most of them never got more than a few users and went offline pretty quickly. There was Onionforum which lasted about 5 years, but even it had a few thousand users at its height, not tens of thousands like this one. Here's a screenshot of it: http://toxicity.myftp.org/Share/Screenshots/OnionForum.png That was considered the nexus of onionland activity in its day, and we have eclipsed it by one or two orders of magnitude. Despite the spammers and trolls, this is a great forum. Personally, I came for the drugs and stayed for the community.