[bragr]

>do not bind your onion service on 0.0.0.0

Good advice

>they do provide privacy against snooping exit node

onion services don't use exit nodes. Your client and the service build circuits to nominated middle relays so https only offers very marginal increases in privacy. However, you are right to assume than any exit node may (or probably is) monitored.

[nick__m]

Since I never ran a hidden service I never challenged my assumptions that they connected to an exit node, but it make sense that an hidden service would be routed through a middle relay without going through an exit node.

Thanks for the clarification.