I have this weird idea for a distributed and private Mastodon instance:

- the instance would be Tor-only
- anybody* could help host an instance they like by installing and running some software (let's say a "node")
- the nodes would connect with each other and coordinate which one should do what (storage, database, http, etc)
- by using OnionBalance one can split the traffic among all the "http" instances

*not really "anybody" because this would make it trivial to take down the instance

but if we change the trust model to a federation with a strong "leader", then it basically becomes pretty similar to what we have here today, with the added benefit that the admin doesn't have to carry all the costs of running the instance

if the traffic is sufficiently spread around, then it could potentially become feasible to host the entire instance outside of the cloud, avoiding any kind of "deplatforming"

@afilini pretty sure a kind of ddos protection is needed. Perhaps a lightning network integration?


@ikmertz it looks like tor has some nice dos protections built in, especially for v3 hidden services. ideally i'd try to use those instead of relying on external providers

@afilini @ikmertz not yet. They have improved performance but DoS protection such as anononymous tokens and PoW will come in the future

@gugou_daktulios @ikmertz are you referring to dos attacks towards the whole tor network or individual onion endpoints?

i'm not too familiar with those stuff, but i read the tor manpage and it had a few interesting options to limit bandwidth burts to prevent dos attacks.

plus, there's a way to kill circuits that spams too much, and considering that building a circuit is fairly expensive, this would limit the capacity of an attacker to take down an hidden service

@afilini @ikmertz individual hidden services. I guess those things can help, especially against unmotivated attackers, but they are not prevending DoS entirely. I am not entirely familiar with that world, but recently Dread admin threaten to boot from Dream all dark markets which will be discovered DoSing each other (as he/she was in the known that multiple markets where paying attackers to do that). So yes, it still a problem.

Sign in to participate in the conversation
Bitcoin Mastodon

Bitcoin Maston Instance