Hi All,
I'm working on https://domum.social a Mastodon instance that does not
collect email addresses and only allows authenticated access via the
tor hidden service URL:
http://f3rz5puehnq7dfqqwajxu3izuovb6wqepof3prqesle76qyfivlfxgyd.onion
Federation to and from the regular clear-net fediverse works as normal.
While there's a number of Mastodon instances that have onion addresses
and at least one I found that doesn't block well know disposable email
addresses like sharklasers.com, this puts a high burden on the user.
My technical goal with domum.social is to make privacy the default so
you can't accidentally login outside Tor and there's no opportunity to
enter an identifiable email address.
Socially a lot of documentation is needed so that a general audience
can understand how to evaluate their own threat models and manage
their own operational security.
I've been working on the site off and on since last April and running
live with myself as the only user for about a month.
Before taking on real users I want to open the concept and
implementation to wider scrutiny. I'm an infrastructure person not a a
programmer by trade so hopefully it's not too ugly. I tried to keep
code over rides to a minimum with nothing in tree.
This repo has all the Mastodon related overrides:
There's a bit more special sauce in the proxy config to disallow
access to the authentication endpoints on the clear-net site, and to
ensure rewriting of clear-net URL that mastodon generates to the onion
URL when accessed through the hidden site. The mail server config is
also a bit special so most users get their fake internal email
discarded but Admins and Moderators (who are nonymous) can get real
mail deliver to be notified or any issues.
Depending on feed back, I'm hoping to start a limited public beta in
about a week.
Any and all thoughts are appreciated here, or on Mastodon
@jon@domum.social
Thanks!
-Jon