Interview with madamenull

An interview exploring Tor hidden service directories, privacy, and responsibility with the admin of hidden-services.today.

Directories of Tor hidden services occupy a difficult space between privacy, risk, and public misunderstanding. While often reduced to sensational narratives, they also serve as navigational tools in an ecosystem defined by anonymity and constant change.

hidden-services.today is a long-running directory that aims to document what exists on the Tor network without hype or mythologizing. In this interview, we speak with its administrator about the project’s purpose, how they approach curation and responsibility, and what maintaining such a resource reveals about privacy, security, and harm reduction. The discussion focuses on high-level perspectives rather than operational detail, with the goal of promoting a more informed understanding of hidden services.

This interview is presented for informational and journalistic purposes only. It does not endorse, promote, or encourage illegal activity. The views expressed are those of the interviewee alone, and no responsibility is assumed for how readers interpret or use the information discussed.

Background & Purpose

How would you describe the original motivation behind hidden-services.today?

  • I wanted to build something solid inside Tor – not just another link dump, but a curated, long-term project. At the time, link directories were constantly collapsing: hacked, abandoned, flooded with phishing URLs, or quietly taken over and poisoned. Even well-known indexes were full of fake mirrors and scam links.

    So I decided to create a directory that I would personally maintain – stable, hardened, and manually curated. The goal was simple: list services that are active, reasonably verified, and valuable, without exposing users to obvious traps.

What problem did you feel wasn’t being addressed elsewhere at the time you launched it?

  • Most directories were quantity over quality. Dead links everywhere. No moderation. No responsibility for what was being promoted. Overloaded with ads. Zero operational guidance for newcomers.

    There was no clear, minimal, maintained entry point into Tor – no signal in the noise. I wanted to fix that by combining curation with context: not just links, but some orientation on how to navigate Tor safely and consciously.

Has the mission of the site changed since its early days? If so, how?

  • The mission hasn’t changed. The site remains clean, minimal, and focused on usability. I add new services, remove dead ones, and actively monitor listed markets for exit scams or suspicious behavior.

    Tor is dynamic, so staying current is a constant process. But the core idea is unchanged: build the directory I would have wanted when I first entered Tor – something stable, transparent, and responsibly maintained.

What audience did you originally have in mind-and who do you think actually uses it today?

  • Originally: beginners looking for a safe entry point. Also experienced users who want a secondary verification source for links.

    Today, I think it’s both. Some users tell me they started their Tor journey through this directory. Others have been in Tor for years and just discovered it. The server stats show consistent traffic – whether that’s humans or bots is another question.

Curation, Trust & Information Quality

How do you decide which hidden services are listed and which are excluded?

  • Curation is the hardest part.

    I generally list active services that are not directly offering unverified financial or crypto services. Financial services are high-risk and difficult to independently validate without exposing users to potential fraud.

    If a service is very new, I wait. Many projects appear, then disappear within weeks. I prefer to observe whether the operator maintains it consistently before listing it.

I add services that:

  • Are active and maintained.
  • Provide real utility or value.
  • Do not expose users to immediate risk on first contact.
  • Show signs of continuity.

What are the biggest challenges in keeping information current in an ecosystem that’s constantly shifting?

  • Time. Tor moves fast.

    I’m involved in multiple projects, some public, some not. I travel frequently. Maintaining quality requires discipline.

    The long-term stability of the directory actually comes from selective listing. I don’t chase every new service. Many valuable services remain stable for years. The ecosystem is dynamic, but high-quality additions are relatively rare.

    Community feedback helps a lot. Users report dead links, suggest new services, or flag issues. That collective intelligence improves the directory.

How do you think about trust in an environment where anonymity is the default?

  • Trust in Tor is identity continuity + cryptographic proof.

    For me, that means a PGP key tied to a consistent identity. Over time, reputation is built through behavior. If someone has operated for years without scams or manipulation, that track record becomes part of their credibility.

    But trust is always conditional. Anyone can pivot overnight. Exit scams happen. That’s true in Tor and on the surface web.

    So trust is never blind – it’s probabilistic and continuously reassessed.

Have you noticed patterns in how users evaluate credibility or legitimacy of onion services?

  • Time and consistency.

    Longevity + uptime + stable communication + community feedback. That’s usually enough for users to build confidence.

Security, OpSec & Harm Reduction

From your perspective, what are the most common misconceptions people have about Tor and hidden services?

  1. That Tor is exactly what Hollywood shows – a marketplace of horrors.
  2. That everyone inside Tor is “on the same team.”
  3. That Tor automatically guarantees full anonymity.

Tor is just infrastructure. Your behavior defines your exposure.

What does “good OpSec” mean to you at a conceptual level?

Separation and understanding.

  • Separation of identities, habits, and digital footprints between your real-world life and your Tor persona.

    And deep technical understanding:
  • How Tor circuits work.
  • Browser fingerprinting.
  • Network-layer risks.
  • Router/firewall behavior.
  • What VPNs do and do not do.
  • What metadata leaks mean.

Good OpSec is risk modeling:

  • Define your objective.
  • Identify threats.
  • Assess exposure.
  • Plan failure scenarios.

Tools don’t give anonymity. Operational discipline does.

Where do you see users most often underestimating risk?

  • Overconfidence.

    Believing tools alone guarantee anonymity. Acting without preparation. Ignoring adversary capability. Underestimating law enforcement. Assuming they’re smarter than everyone else.

    Humans are always the weakest link.

How do you balance providing information with avoiding unintended harm?

  • Judgment and restraint.

    Before publishing anything, I ask:
  • Who could misuse this?
  • Who could be harmed?
  • What is the worst-case scenario?

If I’m unsure, I research more. Sometimes I don’t publish at all. Curation is also about omission.

Ethics & Responsibility

What ethical responsibilities do you believe come with maintaining a directory in this space?

  • Integrity.

    You are influencing traffic. That carries responsibility. Listing something means you are implicitly signaling a baseline of legitimacy.

Are there types of services or content you’ve chosen not to list on principle?

Yes:

  • Gambling.
  • Pornography.
  • Unverified financial services.
  • Services with no reputation or obvious scam indicators.

How do you personally draw the line between censorship and responsibility?

  • The line moves slightly depending on context, but the intent matters.

    My filtering is about reducing user harm – not suppressing ideas. I avoid content that primarily exposes users to financial or security risk.

Do you think directories like yours make the ecosystem safer, riskier, or just more transparent?

  • More transparent and generally safer.

    Multiple independent directories increase cross-verification. If several reputable sources list the same onion address, users can compare and detect phishing or domain swaps.

    Monopoly is dangerous. Diversity of verification is healthy.

Threats, Pressure & Resilience

What kinds of threats-technical or otherwise-do projects like yours typically face?

Common threats:

  • DDoS.
  • Exploitation of misconfiguration.
  • Attempted compromise to replace links with phishing mirrors.

For a directory, link tampering is a bigger risk than takedown.

How do you think about resilience and continuity in an environment prone to takedowns and disruption?

  • Hardened configuration.
  • Monitoring.
  • Alerting.
  • Backups.
  • Disaster recovery planning.

Uptime and integrity are critical.

Without going into specifics, how has operating this site changed your view of digital risk?

  • It hasn’t fundamentally changed it.

    I worked with web infrastructure before this project – both defensive and offensive security. Risk is constant. Failure is always possible. You just try to reduce probability and impact.

The Broader Hidden Service Ecosystem

How have hidden services evolved over the past few years?

  • Not dramatically in structure. Stability matters more than constant redesign.

    If you saw the directory ten years ago, you’d recognize it today. Small refinements. No radical shifts. Consistency builds trust.

What trends do you see emerging-good or bad?

Negative:

  • Markets that launch as scams from day one.
  • Fake financial services (mixers, swaps) designed purely to extract funds.

Positive:

  • More blogs.
  • More community-driven projects.
  • Independent platforms that are less algorithmically manipulated than the mainstream web.

Do you think the “dark web” label helps or harms public understanding?

  • It harms understanding.

    The term is branding. In practice, much of Tor resembles the early internet – before it became hyper-commercialized and algorithmically polluted.

How do you see the relationship between privacy tools and mainstream internet culture evolving?

  • Privacy awareness is slowly increasing.

    But we are at a crossroads. Either privacy becomes normalized, or control mechanisms become more refined and socially accepted.

    Privacy will exist – but only where people deliberately choose it.

Law, Surveillance & Society

How do you view the tension between privacy, security, and law enforcement?

  • Privacy and security benefit both good and bad actors. Law enforcement has legitimate goals, but also potential for abuse.

    It’s complex and political.

    At minimum, users should understand the systems they live in and make informed choices about exposure and privacy.

What do you think policymakers consistently misunderstand about anonymous networks?

  • That most users are ordinary people seeking privacy – not criminals.

    Anonymous infrastructure is not inherently malicious. It’s neutral.

Do you think society is moving toward more privacy-or just different forms of control?

  • Likely different forms of control – rebranded and normalized.

    I would prefer a privacy-forward future, but structurally that seems unlikely without major shifts.

Personal Reflections

What has surprised you most about running this project?

  • The engagement of strangers.

    People contribute links, report issues, and genuinely want the directory to remain useful.

What lessons would you share with people interested in privacy advocacy?

  • Understand how systems work.

    Choose service providers consciously. If a business model depends on harvesting your metadata, you are the product.

Is there something you wish people asked more often about hidden services?

  • I’d prefer fewer sensational questions – and more practical ones.

Closing

What would you like readers to understand after this interview?

  • Don’t blindly trust me.

    Verify everything. Cross-check links. Use multiple sources. Learn the fundamentals.

    If you want to operate safely in Tor, understand the basics before diving deeper.

    And don’t believe everything you hear about Tor in movies, politics, or social media.

Where can people follow updates or verify they’re seeing the legitimate project?

  • Cross-check onion addresses across multiple independent directories.
  • Use community platforms like Dread / Pitch / forums for discussion and reputation signals.
  • Verify identities via PGP keys.
  • Never rely on a single source of truth.

Trust, but verify.

Knowledge is power!

More interesting projects of madamenull

Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.