Decentralized Social Media on the Dark Web

Centralized social media has demonstrated willingness to comply with government takedown requests, deplatform users for speech that violates advertiser sensitivities, and collaborate with law enforcement surveillance. Self-hosted Fediverse servers give operators control over content policy. Adding .onion access goes further: the server IP is not exposed (making hosting jurisdiction less relevant for many threats), ISPs cannot log that specific users accessed a specific social network, and communities in censored regions can participate via Tor even if the clearnet domain is blocked. For politically sensitive communities: .onion Fediverse servers cannot be blocked by country-level DNS filtering (the .onion address bypasses DNS entirely) and are significantly harder to pressure through hosting providers.

Mastodon is the most widely deployed ActivityPub microblogging platform. Install following official documentation (mastodon.social/blog provides guides). Configure Nginx to proxy to Mastodon's Rails backend. By default Mastodon requires HTTPS (which clearnet provides via Let's Encrypt). For .onion deployment: generate a self-signed certificate or configure Mastodon's RAILS_ENV=production settings to accept the .onion URL. Tor .onion addresses are treated as secure contexts by Tor Browser, so TLS is optional for browser access. Configure in .env.production: LOCAL_DOMAIN=youraddress.onion and WEB_DOMAIN=youraddress.onion. The LOCAL_DOMAIN determines how accounts are addressed in federation: @user@youraddress.onion. Hardware requirements: Mastodon is resource-intensive (Rails, Sidekiq workers, Elasticsearch for search). Iceland VPS II ($59.99/mo) minimum for a functional instance.

Pleroma (and its fork Akkoma) is a lighter ActivityPub server written in Elixir. It uses significantly less RAM than Mastodon (300MB vs 1GB+ for Mastodon). Configuration for .onion: set the domain in /etc/pleroma/config.exs to your .onion address. Pleroma's frontend (Pleroma-FE or Soapbox) loads in Tor Browser accessing the .onion URL. Akkoma adds moderation features and content warnings not in standard Pleroma. The lightweight nature of Pleroma makes it suitable for Iceland VPS I ($29.99/mo) rather than requiring a larger plan. Pleroma federation: Pleroma can federate with other ActivityPub servers (Mastodon, Misskey, Pixelfed) using the same ActivityPub protocol. Federation with clearnet servers: your .onion Pleroma sends ActivityPub federation requests to clearnet servers via Tor exit nodes. Some clearnet servers may reject federation from .onion instances due to federation policies.

Lemmy is a federated Reddit alternative using ActivityPub. Install Lemmy following official documentation. Configure lemmy.hjson: hostname: youraddress.onion. Configure Nginx reverse proxy on 127.0.0.1:80. Tor hidden service: HiddenServicePort 80 127.0.0.1:80. Lemmy's community-based structure (communities = subreddits) allows .onion hosting of discussion forums for specific topics. Use cases for .onion Lemmy: privacy communities, security research discussion, regional communities where clearnet access is blocked, and communities that have been banned from Reddit or Discord for policy violations. Lemmy federation: communities on your .onion Lemmy can be subscribed to by users on other federated Lemmy instances (and vice versa). This requires your .onion instance to make outbound ActivityPub requests to clearnet Lemmy servers via Tor.

Operating a .onion social platform creates moderation responsibilities: content that is illegal in your hosting jurisdiction remains illegal regardless of .onion delivery. Iceland hosting provides one of the most speech-protective legal environments. Platform policies: establish clear community guidelines before launch. The absence of advertiser pressure means .onion platforms can host content that commercial platforms would demonetize, but this does not mean anything goes - the operator's legal responsibility for illegal content (child exploitation material, credible threats, etc.) exists regardless of the platform's privacy architecture. Practical moderation: Mastodon, Pleroma, and Lemmy all provide admin tools for content moderation and user management accessible via the admin interface over Tor Browser. Anti-spam: .onion social platforms may attract spammers and harassment campaigns - implement registration approval for new accounts to maintain community quality.