Federating Your Mastodon Instance Over Tor

07 Apr, 2024

While the dream of a “dark-fedi” has yet to be fully realized (there’s a few issues preventing Mastodon from running solely as a hidden service, and very few instances federate over Tor), in recent times there has been an increase in attention on the fediverse from people who could use the protection hidden service provide, and I couldn’t find the link to the guide I used to configure it, so I decided to write something up.

While Mastodon doesn’t support it, I have seen a couple Tor hidden service-only instances pop up running a new service called Mitra. Also afaik Pleroma supports it, and while still alpha software, I have tested and can confirm that GoToSocial will run well as a Tor-only homeserver. If you run a Mastodon server, following this guide will allow you to connect with these instances and prepare you for the rise of “dark-fedi”.

Guide

This guide is written for admins who have a Mastodon server running on Debian. Other distros are untested, but should work since there’s such a small number of packages.

1. Prerequisites

First we need to install some dependencies.

sudo apt update && sudo apt install tor privoxy

2. Configuring Tor

Use your preferred text editor open the /etc/tor/torrc file, and uncomment the line beginning with SocksPort get Tor to start a Socks proxy listener on port 9050.

sudo sed -i 's/^#SocksPort 9050/SocksPort 9050/' /etc/tor/torrc

Then (re)start the Tor service and watch for the line [notice] Opening Socks listener on 127.0.0.1:9050 in /var/log/tor/notices.log.

sudo systemctl enable tor@default.service
sudo systemctl restart tor@default.service
sudo tail -f /var/log/tor/notices.log

3. Configuring Privoxy

Privoxy takes requests to .onion domains and tunnels them through the Socks proxy, acting as a bridge between Mastodon and Tor. There’s a lot of settings in the config file, but ours will just be added to the end.

echo "forward-socks5t .onion 127.0.0.1:9050 ." | sudo tee -a /etc/privoxy/config

Then enable start and enable the Privoxy service.

sudo systemctl enable privoxy
sudo systemctl restart privoxy

Verify that Privoxy is running and listening on 127.0.0.1 (Make sure it’s NOT 0.0.0.0).

sudo ss -tlnp | grep "8118"

You should see the line:

LISTEN 0      128             127.0.0.1:8118       0.0.0.0:*    users:(("privoxy",pid=502,fd=4))

4. Configuring Mastodon

Last step! Just add these lines to your Mastodon env file and restart your Mastodon service. I’ll leave the specifics to you.

http_proxy=http://127.0.0.1:8118
ALLOW_ACCESS_TO_HIDDEN_SERVICE=true

Conclusion

I don’t know of any Tor only instances that I would want to link to, so I spun up a Tor-only GoToSocial instance for you to test this guide with. You can try following my user or viewing a post by entering either of these lines below into your search bar.

@aem@3uii52tteb26mnfkjuiojy2ijsghfhhqqxp4z3cncq4tcc6o7xl6ezid.onion
http://3uii52tteb26mnfkjuiojy2ijsghfhhqqxp4z3cncq4tcc6o7xl6ezid.onion/@aem/statuses/01HTXWRQETRBCVPXB6V7NKJNFX

#Mastodon #Tech