clarification

doc/tips/peer_to_peer_network_with_tor.mdwn

@@ -132,11 +132,11 @@ Tor hidden services can be quite secure. But this doesn't mean that using
 git-annex over Tor is automatically perfectly secure. Here are some things
 to consider:
 
-* Anyone who learns the address of a peer can connect to that peer,
-  download the whole history of the git repository, and any available
-  annexed files. They can also upload new files to the peer, and even
-  remove annexed files from the peer. So consider ways that the address
-  of a peer might be exposed.
+* Anyone who learns the onion address address and authentication data of a peer
+  can connect to that peer, download the whole history of the git repository,
+  and any available annexed files. They can also upload new files to the peer,
+  and even remove annexed files from the peer. So consider ways that the
+  authentication data of a peer might be exposed.
 
 * While Tor can be used to anonymize who you are, git defaults to including
   your name and email address in git commit messages. So if you want an

doc/tips/peer_to_peer_network_with_tor/comment_2_8180e202fc493ad07999a3367ccd9425._comment

@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2017-03-02T17:24:23Z"
+ content="""
+@dvicory if someone only knows the onion service address, they can do
+nothing to your repository except connect to it and get rejected
+due to failure to authenticate. They need the authentication data too
+in order to do any of those things. That was talking about the
+addresses generated by `git annex peer --gen-addresses`, 
+which include authentication data.
+
+I've improved the wording to avoid confusion between git-annex's addresses
+and onion addresses.
+"""]]