I wonder if there’s a Lemmy out there with Tor access. It shouldn’t be too hard and it would solve the IP address leak risk for servers like dbzer0.com.
This was something I suggested for this instance, since there is even a guide for hosting an onion service: https://lemmy.dbzer0.com/post/135234
Maybe /u/db0 will have more time after the spam settles down, but it seems he’s got a lot on his plate at the moment between being an admin and doing AI stuff.
yes. I have a Diaspora, another Fediverse platforms, account on diasp.org that I hav only ever accessed via their hidden tor service http://diasporg5tj4xz5mxkd5qnrppo7tbb6ynk2gtmjw5lmz6mtbesj3k6id.onion and their i2p connection http://diasporg.i2p , and i have no issue federating with friends that only use normie instances like Friendica. I have heard there are some maston imstances that support tor hidden service to. Maybe kolektiva.social?
@prole@ReCursing In most cases, the Tor instance wants to federate with clearnet instances. Clearnet instances might want to opt-in to federating with Tor instances - no child porn, but reading news about piracy is legal.
That’s a good point. You’d probably need to go invite-only for the Tor side of things (Beehaw style) for Tor instances to kick out the black markets/pedo networks. I don’t think Lemmy can do that (federate with all clearnet servers, whitelist for Onion services, require validation for Tor+Tor exit node user registrations).
I think you can throw something together with a reverse proxy setup (refuse federation from .onion sites that aren’t on the whitelist, disable access to the registration API), but there are probably issues I’m missing here.
This is basically true. You need to have certain DNS configurations you cannot afford on Tor hidden services to federate, and while you still could be listening on a Tor hidden service, clearnet servers would still need to reach you to federate.
On top of that, even if you somehow manage to do that, either youre federation trafic goes through Tor (lmao how to DDoS Tor in 1 step), or It doesn’t and all servers can see your public IP, which deafeats the purpose.
Lemmy federation traffic can be measured in kilobytes per second, I doubt you’ll take down Tor. Tor works at speeds closer to one or two megabytes per second these days. The latency will be abysmal, so you’ll effectively be slowloris-ing every server you federate with, but I don’t see why it shouldn’t work from a technical point of view.
@skullgiver@Fonz It is possible; you have to set it up yourself and you won’t federate with many places.
Hosting Lemmy or Mastodon on Tor or I2P isn’t hard; you just host it, and link your Tor/I2P daemon to it same as any other website. But you have to be aware you’ll be cut off from the majority of other instances. You’ll be running standalone.
I am not sure about Lemmy, but Pleroma supports feeding all your federation traffic through a proxy; you can use one called fedproxy to split out your I2P federation traffic through your I2P daemon, and likewise for Tor. I am not currently running this on my server. It should still work for other fedisoftware than Pleroma. https://docs.akkoma.dev/stable/configuration/i2p/
You’re right that federation will be an issue. Maybe a Cloudflare tunnel squeezed through a Tor exit node for the clearnet domain and Tor for the rest? I’m not sure if you can use multiple domains like that but ActivityPub should support it.
I don’t know if Lemmy disables/doesn’t include proxy support by default, but there are tools like graftcp to force traffic through proxies in that case.
Alternatively, you could hack together a DNS server that resolves *.onion to 127.6.6.6, where you put up a proxy that just feeds directly into Tor. This will break for HTTPS sites but Onion services rarely have HTTPS anyway.
@skullgiver Yes, there are many ways to make sure your server connects to Tor and I2P sites. But that’s what the guy who ISN’T running a Tor/I2P site has to do, to federate with the Tor/I2P site. If you’re running the Tor/I2P site you can’t really do much on your side to enable federation.
Cloudflare won’t help because you need inbound connections. Some VPNs support *transient* port mapping designed for BitTorrent, but good luck trying to claim a stable port number for any significant length of time, never mind port 443 (which I’m sure is outside of the allocation range anyway). You’d have more luck trying to find a VPS provider crazy enough to let you pay anonymously with cryptocurrency with just a pinky promise that you’re not hosting child porn. Or just don’t federate.
Cloudflare has a tunnel daemon that allows you to server a website from a network that doesn’t allow any incoming connections. It’s something between a VPN and a proxy and it should work fine, even from Tor exit nodes. Other services offer similar products.
You don’t even need port 443, though most clients will probably break if you pick another port. You can host a Lemmy server on port 13847 if you want, as long as you make sure federating traffic includes the port number on outgoing traffic.
Getting two hostnames to reach the same server would be the biggest challenge, I think. I have seen some indications in the Lemmy database that may suggest the possibility of multi domain setups, but there’s a good chance this is a remnant of an old design decision that has long since been abandoned.
I wonder if there’s a Lemmy out there with Tor access. It shouldn’t be too hard and it would solve the IP address leak risk for servers like dbzer0.com.
This was something I suggested for this instance, since there is even a guide for hosting an onion service: https://lemmy.dbzer0.com/post/135234
Maybe /u/db0 will have more time after the spam settles down, but it seems he’s got a lot on his plate at the moment between being an admin and doing AI stuff.
Would federating work properly with an instance on i2p or tor?
If with properly you include insane amount of waiting for requests and timing out then yes
yes. I have a Diaspora, another Fediverse platforms, account on diasp.org that I hav only ever accessed via their hidden tor service http://diasporg5tj4xz5mxkd5qnrppo7tbb6ynk2gtmjw5lmz6mtbesj3k6id.onion and their i2p connection http://diasporg.i2p , and i have no issue federating with friends that only use normie instances like Friendica. I have heard there are some maston imstances that support tor hidden service to. Maybe kolektiva.social?
Probably if all instances were using Tor, but it would be very slow
@ReCursing @Fonz @skullgiver see this reply I just wrote: https://social.immibis.com/notice/AXSgn5KUrJhQrsadaC
Also, would you want it to?
Also a valid point
@prole @ReCursing In most cases, the Tor instance wants to federate with clearnet instances. Clearnet instances might want to opt-in to federating with Tor instances - no child porn, but reading news about piracy is legal.
It’s not Lemmy, but there’s Dread, which is very similar to this for Tor.
Good to hear that’s still up! I remember when some dude got that up and running shortly after the darknetmarkets sub was closed down.
I mean you can very much onion route to a regular server, if it allows connections from Tor.
Unfortunately Tor means it’s very hard to IP ban abusers, so a lot of services automatically ban common Tor exit nodes.
That’s a good point. You’d probably need to go invite-only for the Tor side of things (Beehaw style) for Tor instances to kick out the black markets/pedo networks. I don’t think Lemmy can do that (federate with all clearnet servers, whitelist for Onion services, require validation for Tor+Tor exit node user registrations).
I think you can throw something together with a reverse proxy setup (refuse federation from .onion sites that aren’t on the whitelist, disable access to the registration API), but there are probably issues I’m missing here.
This is basically true. You need to have certain DNS configurations you cannot afford on Tor hidden services to federate, and while you still could be listening on a Tor hidden service, clearnet servers would still need to reach you to federate.
On top of that, even if you somehow manage to do that, either youre federation trafic goes through Tor (lmao how to DDoS Tor in 1 step), or It doesn’t and all servers can see your public IP, which deafeats the purpose.
Lemmy federation traffic can be measured in kilobytes per second, I doubt you’ll take down Tor. Tor works at speeds closer to one or two megabytes per second these days. The latency will be abysmal, so you’ll effectively be slowloris-ing every server you federate with, but I don’t see why it shouldn’t work from a technical point of view.
Good to hear that’s still up! I remember when some dude got that up and running shortly after the darknetmarkets sub was closed down.
@skullgiver @Fonz It is possible; you have to set it up yourself and you won’t federate with many places.
Hosting Lemmy or Mastodon on Tor or I2P isn’t hard; you just host it, and link your Tor/I2P daemon to it same as any other website. But you have to be aware you’ll be cut off from the majority of other instances. You’ll be running standalone.
I am not sure about Lemmy, but Pleroma supports feeding all your federation traffic through a proxy; you can use one called fedproxy to split out your I2P federation traffic through your I2P daemon, and likewise for Tor. I am not currently running this on my server. It should still work for other fedisoftware than Pleroma. https://docs.akkoma.dev/stable/configuration/i2p/
You’re right that federation will be an issue. Maybe a Cloudflare tunnel squeezed through a Tor exit node for the clearnet domain and Tor for the rest? I’m not sure if you can use multiple domains like that but ActivityPub should support it.
I don’t know if Lemmy disables/doesn’t include proxy support by default, but there are tools like
graftcpto force traffic through proxies in that case.Alternatively, you could hack together a DNS server that resolves *.onion to 127.6.6.6, where you put up a proxy that just feeds directly into Tor. This will break for HTTPS sites but Onion services rarely have HTTPS anyway.
@skullgiver Yes, there are many ways to make sure your server connects to Tor and I2P sites. But that’s what the guy who ISN’T running a Tor/I2P site has to do, to federate with the Tor/I2P site. If you’re running the Tor/I2P site you can’t really do much on your side to enable federation.
Cloudflare won’t help because you need inbound connections. Some VPNs support *transient* port mapping designed for BitTorrent, but good luck trying to claim a stable port number for any significant length of time, never mind port 443 (which I’m sure is outside of the allocation range anyway). You’d have more luck trying to find a VPS provider crazy enough to let you pay anonymously with cryptocurrency with just a pinky promise that you’re not hosting child porn. Or just don’t federate.
Cloudflare has a tunnel daemon that allows you to server a website from a network that doesn’t allow any incoming connections. It’s something between a VPN and a proxy and it should work fine, even from Tor exit nodes. Other services offer similar products.
You don’t even need port 443, though most clients will probably break if you pick another port. You can host a Lemmy server on port 13847 if you want, as long as you make sure federating traffic includes the port number on outgoing traffic.
Getting two hostnames to reach the same server would be the biggest challenge, I think. I have seen some indications in the Lemmy database that may suggest the possibility of multi domain setups, but there’s a good chance this is a remnant of an old design decision that has long since been abandoned.