Hi All, I'm working on https://domum.social a Mastodon instance that does not collect email addresses and only allows authenticated access via the tor hidden service URL: http://f3rz5puehnq7dfqqwajxu3izuovb6wqepof3prqesle76qyfivlfxgyd.onion Federation to and from the regular clear-net fediverse works as normal. While there's a number of Mastodon instances that have onion addresses and at least one I found that doesn't block well know disposable email addresses like sharklasers.com, this puts a high burden on the user. My technical goal with domum.social is to make privacy the default so you can't accidentally login outside Tor and there's no opportunity to enter an identifiable email address. Socially a lot of documentation is needed so that a general audience can understand how to evaluate their own threat models and manage their own operational security. I've been working on the site off and on since last April and running live with myself as the only user for about a month. Before taking on real users I want to open the concept and implementation to wider scrutiny. I'm an infrastructure person not a a programmer by trade so hopefully it's not too ugly. I tried to keep code over rides to a minimum with nothing in tree. This repo has all the Mastodon related overrides: https://github.com/domum-social/mastodon-additions There's a bit more special sauce in the proxy config to disallow access to the authentication endpoints on the clear-net site, and to ensure rewriting of clear-net URL that mastodon generates to the onion URL when accessed through the hidden site. The mail server config is also a bit special so most users get their fake internal email discarded but Admins and Moderators (who are nonymous) can get real mail deliver to be notified or any issues. Depending on feed back, I'm hoping to start a limited public beta in about a week. Any and all thoughts are appreciated here, or on Mastodon @jon@domum.social Thanks! -Jon https://metrics.torproject.org/rs.html#details/A53C46F5B157DD83366D45A8E99A2...