this post was submitted on 13 Dec 2025
93 points (97.9% liked)

Fediverse

38253 readers
373 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
93
How feasible would it be to host Mastodon, Pixelfed, Lemmy, Friendica, or Matrix over Tor/I2P? (lemmy.wtf)
submitted 1 day ago* (last edited 11 hours ago) by DFX4509B@lemmy.wtf to c/fediverse@lemmy.world
28 comments fedilink hide all child comments
 

Given the US recently made a bid to fast-track multiple censorship bills, KOSA included, and is also trying to kill Section 230 now, which will pose an existential threat to Fediverse instances hosted over the clearnet, how feasible would it be to host said instances over Tor/I2P?

you are viewing a single comment's thread
view the rest of the comments
[–] ViatorOmnium@piefed.social 26 points 1 day ago (1 children)

That's just a frontend issue. You can have clients that don't try to do regular polling.

Having reliable activitypub federation is going to be a much harder challenge. The server to server protocol has a bunch of assumptions that are not true for tor and i2p.

And unless you want the entire network to become a CSAM and Nazi cespool, you would also need a reliable way of identifying servers, which defeats the purpose.

[–] SlurpingPus@lemmy.world 1 points 1 day ago (1 children)

The server to server protocol has a bunch of assumptions that are not true for tor and i2p.

Could you please elaborate just a bit? I'm a web dev, but haven't looked into fediverse protocols yet.

[–] ViatorOmnium@piefed.social 5 points 1 day ago (1 children)

One example is HTTP signatures. Servers sign their payloads and receiving servers should validate not just the hash but ensure the payload is not too old. Mastodon allows for a twelve hour difference (https://docs.joinmastodon.org/spec/security/#http-signatures) but other software might be stricter for security reasons. The a bunch of things like webfinger were designed around public dns and public key chains A mastodon server running on the open internet and/or expecting public keychain HTTPs will not be able to federate with something running in tor.

You could cut enough corners to make something that federates inside tor, but at that point it's better to design something around tor's features.

[–] SlurpingPus@lemmy.world 3 points 1 day ago* (last edited 1 day ago) (1 children)

One example is HTTP signatures.

Why is it the first time I hear of this?

collapsed inline media

Ah, because it's apparently a fresh proposal, perhaps from Mastodon themselves.

[–] ViatorOmnium@piefed.social 5 points 1 day ago

https://www.w3.org/wiki/ActivityPub/Primer/Authentication_Authorization mentions HTTP signatures since the very first version of the document in 2017. The current efforts seem more in the direction of describing standardizing the existing usage.