So, what I understand is that hidden services can easily be deanonymized. People using tor only as a proxy are safe, provided they do not download big files (who want to do that anyway, given how slow it is?).
As a Tor user, I'm quite glad to read that, actually. Tor hidden services are the reason why Tor has this ugly and well-deserved reputation of being a tool for everything illegal and morally unacceptable. As someone who just want strong privacy, I see hidden services as problematic neighbors and I would be glad to see them go.
Well sample size of 1 and all that but I can attest to at least my legit use case.
I'm hosting some friends-and-family small services from home and front them with a couple Hidden Services. That gives me some measure of mutual privacy from my users as well as strict access control via auth being baked in the transport protocol.
The alternative would have been providing a dynamic DNS type URL, mucking around with LetsEncrypt and the DNS provider periodically and then implementing all access control in the servers. I'm lazy, Tor works for this use case and I'm lucky my users understand the 3 steps to configure their Tor browser so I'm sold on the usefulness of this mechanism!
Oh yes, indeed, I'm not implying that all hidden services are objectionable, but that those who are are many and a major reputation problem - to the point where we would be better off without hidden services.
I love how you used it for relatives group privacy, though, that sounds cool.
As a Tor user, I'm quite glad to read that, actually. Tor hidden services are the reason why Tor has this ugly and well-deserved reputation of being a tool for everything illegal and morally unacceptable. As someone who just want strong privacy, I see hidden services as problematic neighbors and I would be glad to see them go.