Hosting an Anonymous Forum as a Tor Hidden Service

Not all forum software is appropriate for hidden service use. The selection criteria specific to .onion deployment are: no external resource loading (CDN, analytics, external fonts), email-optional registration, minimal metadata collection, and active security maintenance.

Lemmy: An ActivityPub-based forum alternative that can run in isolated mode without federation. Modern React-based interface, PostgreSQL backend, strong development team. External federation should be disabled for hidden service deployments to prevent clearnet connections initiated by the federation subsystem.

Flarum: PHP-based forum with minimal default external resources. Plugin architecture allows extending functionality without requiring the base installation to call external services. Runs well on modest hardware. Requires disabling the gravatar plugin that loads external images. Active security maintenance history.

Self-hosted Discourse: Resource-heavy but feature-rich. Requires significant VPS specs (minimum 2GB RAM). Has external resource loading in the default configuration that must be disabled. Better suited for high-traffic forums where the resource investment is justified.

Most forum software defaults to collecting identifying information: email addresses for registration, IP addresses for abuse prevention, and browser fingerprints for session management. All of these need to be removed or anonymized for a genuinely anonymous forum.

Email-free registration: configure the forum to accept username and password only, with no email verification. This eliminates the email-to-username linkage that makes account correlation possible. Store a bcrypt hash of the password only, never the password itself, and no other account identifiers.

IP address handling: configure the forum to not log or store visitor IP addresses. If the forum software requires IPs for abuse prevention, store only a truncated IP (the last octet zeroed) to prevent precise user identification while retaining enough information to detect the grossest abuses.

Captcha selection: standard reCAPTCHA and hCaptcha require connections to external services that leak the server's activity. Use a locally-hosted captcha alternative like mCaptcha (self-hosted) or simple proof-of-work puzzles implemented in JavaScript without external dependencies.

Forum operators who maintain their anonymity face a specific moderation challenge: they cannot use their real identity to respond to legal requests, engage with law enforcement, or appeal decisions made about their forum by hosting providers. Planning for these scenarios before they occur is essential.

Publish a clear scope of acceptable content that the forum is designed to host and a scope of content that will be removed. Make the policy publicly visible and enforceable. A clear scope that the operator consistently enforces protects against the accusation that the operator is an active participant in any illegal content that appears, and it simplifies moderation decisions.

Distribute moderation responsibilities among trusted moderators who also maintain operational security appropriate to the forum's risk level. A single moderator who must remain anonymous is difficult to sustain over years. A team of moderators with documented policy and independent anonymity provides more resilient moderation without creating a single point of failure or burnout risk.

Anonymous forums that gain traction can grow quickly, particularly during political events in the countries they serve. Plan for rapid scaling from the beginning rather than retrofitting when growth happens. A single small VPS is appropriate for initial launch; have the runbook for scaling to a larger VPS or adding read replicas documented before you need it.

Database read replicas reduce query load from read-heavy forum browsing (thread listing, search) without scaling the write primary. For Flarum or Lemmy, this requires some application configuration to route read queries to replicas. Configure replication before traffic demands force you to implement it under pressure.

Content delivery for media: forums that allow image uploads need storage that scales beyond a single VPS disk. Consider mounting an encrypted NFS volume from a separate storage VPS, or implementing object storage using a self-hosted Minio instance as a second hidden service. All storage must remain within the .onion network - no clearnet object storage (S3, GCS) which would create clearnet access patterns.