My goal is to host a hidden service using Tor and Whonix.
My computer is running debian with Whonix on virtual box.
The question is, what is the best practices? Should I allow whonix to hide my Tor usage from the ISP or continue using Tor as when I was not running a hidden service? (Thus, ISP was able to observe that I am connected to Tor network).
In running a hidden service, the major deanonymization risk is poor OPSEC. There's also the attack described in Biryukov et al. (2013). But there, getting your identity from your ISP is the last step.
Still, you may not want to advertise using Tor. I don't.
The EFF (Electronic Frontier Foundation) has an FAQ page which details its legal reccommendations about running Tor. It doesn't specifically mention hidden services, but its advice concerning exit nodes - i.e. be as transparent as possible - is probably similarly relevant.
Their recommendations assume that your ISP is Tor-friendly (or at least Tor-tolerant); if you know yours isn't, then perhaps check the list on the Tor wiki for one that is.
Their advice on subpoenas and DMCA notices might also be of use, though hopefully never needed.
