Given the US recently made a bid to fast-track multiple censorship bills, KOSA included, and is also trying to kill Section 230 now, which will pose an existential threat to Fediverse instances hosted over the clearnet, how feasible would it be to host said instances over Tor/I2P?
It would work just fine within TOR. Reaching out would be a massive pain as the software is not ready.
I’ve set up the “old” UI - no javascript - on TOR on lemmy.cafe. It works well, but that’s not a real hidden service, as such.
Yes, it is feasible and such instances already exist.
For example, you can run a Mitra instance on Tor, I2P or Yggdrasil. It is a lightweight micro-blogging server similar to Mastodon:
https://codeberg.org/silverpill/mitra
Tor / I2P docs:
- https://codeberg.org/silverpill/mitra/src/branch/main/docs/onion.md
- https://codeberg.org/silverpill/mitra/src/branch/main/docs/i2p.mdWouldnt that mean that users would also have to use tor? Thats not going to happen…
It might if they’re censored off the clearnet.
From a technical pov nothing is stopping it. Tor addresses are valid domains names and you can run your own fediverse in those networks. The problem becomes when you want clearnet instances to send you content. As they aren’t running in tor or i2p they can’t send you stuff.
The other problem is exit nodes are fairly well known for being the source of bad shit and many instances will block them as part of their anti spam/bot setup
As they aren’t running in tor or i2p they can’t send you stuff.
A server can run on both the clearnet and darknet simultaneously, but indeed I don’t think that works that well if the server name is the identifier for an instance — since it would be different between the networks.
If you detach the origin from the host it’d work, aka HTTP Alternative Services. Firefox used to (maybe still does? idk) use it to silently switch from using the base hostname to a hidden service when running under Tor, when the site provided the mapping.
Clearnet stuff would work without it, but any I2P/Tor support needs server integration, which would be non-existent at the moment I’d bet.
Not feasible.
Just use an instance that is outside USA and not using a USA hosting company? Half the fediverse uses Hetzner, for example. OVH (French) is another popular provider.
I’d probably choose somewhere outside of France. Hetzner probably a better bet.
Of course it’s feasible. Easy? Maybe not.
Good recommendations though.
I took the question to be “could you currently host fedi servers on the dark web, without any big changes to their code” but yeah I’m sure it’s possible to make it happen, if people wanted to put in the work.
Javascript will be an issue
That’s just a frontend issue. You can have clients that don’t try to do regular polling.
Having reliable activitypub federation is going to be a much harder challenge. The server to server protocol has a bunch of assumptions that are not true for tor and i2p.
And unless you want the entire network to become a CSAM and Nazi cespool, you would also need a reliable way of identifying servers, which defeats the purpose.
The server to server protocol has a bunch of assumptions that are not true for tor and i2p.
Could you please elaborate just a bit? I’m a web dev, but haven’t looked into fediverse protocols yet.
One example is HTTP signatures. Servers sign their payloads and receiving servers should validate not just the hash but ensure the payload is not too old. Mastodon allows for a twelve hour difference (https://docs.joinmastodon.org/spec/security/#http-signatures) but other software might be stricter for security reasons. The a bunch of things like webfinger were designed around public dns and public key chains A mastodon server running on the open internet and/or expecting public keychain HTTPs will not be able to federate with something running in tor.
You could cut enough corners to make something that federates inside tor, but at that point it’s better to design something around tor’s features.
One example is HTTP signatures.
Why is it the first time I hear of this?
Ah, because it’s apparently a fresh proposal, perhaps from Mastodon themselves.
https://www.w3.org/wiki/ActivityPub/Primer/Authentication_Authorization mentions HTTP signatures since the very first version of the document in 2017. The current efforts seem more in the direction of describing standardizing the existing usage.
APIs should work, though. So unless the instance needs some kinda captcha or other client-side challenge, e.g. for registration, people could presumably use apps with it.
Plus, if the aim is just to reach and use the instances, and not to be anonymous, then one could probably use a regular browser with a Tor proxy (Firefox can do it per site with both proxy-switching extensions and containers). Assuming that domain resolution would work.
However, in my experience, not many social-media-adjacent apps support setting a custom proxy, even though modern network libraries should make it a no-brainer. E.g. few Matrix clients support that, and ones that do aren’t much of an eye candy (and have problems with the initial setup of the encryption, which seems to be a pervasive issue with Matrix).
I’ve heard of TOR, not of I2P. Are they both programs to anonymise other programs? I didn’t know it was possible to anonymise an entire instance! Would be cool if that were possible.
I2P is like Tor but peer-to-peer and as a result more decentralized, IIRC.
I believe I2P is more for things like torrents.
I’ve been meaning to test it out (I seem to remember that it’s possible to run it side by side), but haven’t got a chance yet.
I didn’t know it was possible to anonymise an entire instance
I mean, that works pretty much like any server on the web, now that most communication is done via http. However, websockets, http/2 and /3 might break, I guess, when they expect a continuous connection.
(Dunno which underlying protocols Lemmy uses, so can’t guarantee that it’s really that easy.)
I don’t know what any of those terms mean. If it were easy, wouldn’t it have been done already?
https://github.com/agabani/tor-operator I’ve keep wanting to add something like this to a cluster and hosting those services behind a Tor proxy
