@Gargron Requires ssl so it's like normal but you need to have a self signed cert
@Sir_Boops Imagine you're explaining it to someone who never used Tor (because you are)
> Setup mastodon following the usual steps except generate a self-signed cert ( Because you /can't/ get certs for .onion addresses )
> Install tor and add append these three lines to the end of the torrc file
HiddenServiceDir /var/lib/tor/<some name>/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 443 127.0.0.1:443
And that's it it's now on tor
Now it won't fed because other instances won't take the broken ssl but that's a masto issue ;p
@Sir_Boops How install tor? apt install tor?
@Gargron For what distro?
You should pull it right from them vs using system packages
@Sir_Boops @Gargron If you're using Debian Testing (or even Debian Sid), you can pull tor from Debian's repos
It is also recommended to use the new version of Onion Services by adding HiddenServiceVersion 3 right after what Sir_Boops said, as explained here: https://www.torproject.org/docs/tor-onion-service.html.en#four
@Sir_Boops @mrtino Wait hold on so federation with Tor instances doesn't work? The person who submitted the changes that added Tor support didn't mention that
@Sir_Boops @mrtino But he have those rules where https is required in ActivityPub URIs, and I don't believe there is a special case for Tor there.
@Sir_Boops @Gargron @mrtino onion routing and https are doing basically the same job (ensuring that you're talking to who you think you are and hiding the data from MITM attacks) so there's no real reason to use both
@Sir_Boops @Gargron @mrtino the difference is that onion routing confirms the identity by making it really hard to claim a specific identity (you'd need to generate a key with the same hash) whereas HTTPS confirms the identity of something human-readable (a domain name) and therefore requires at least some level of trust in the certificate before you can send any data
@Gargron @mrtino No federation with onion instances works just fine but those instances are modded to not use https at all