Anonymous Chat Platform as Tor Hidden Service: XMPP and Matrix

XMPP is lightweight, well-supported, and has been used over Tor for years. Prosody is the most popular XMPP server for privacy deployments - it has low resource requirements and good Tor integration. XMPP with OMEMO end-to-end encryption (supported by Conversations on Android, Gajim on desktop) provides strong message security. Matrix (served by Synapse or Dendrite) provides a richer feature set (video calls, room history, cross-platform support) but with higher resource requirements. Matrix federation (connecting to other Matrix homeservers) can expose your hidden service's address through federation; configure to restrict or disable federation for maximum privacy.

Install Prosody on a VPS: apt install prosody. Configure /etc/prosody/prosody.cfg.lua with: VirtualHost 'your_address.onion' with SSL certificate, modules_enabled including s2s (server-to-server, if federation is desired), carbons (message history), and MAM (message archive). Disable modules that create clearnet dependencies: http_files (if hosting files off the .onion), external authentication providers. Configure Tor: HiddenServicePort 5222 127.0.0.1:5222 (client-to-server). Users configure XMPP clients with proxy settings to Tor SOCKS5, server address as the .onion, port 5222. OMEMO must be negotiated in the client - ensure using a client with OMEMO support.

Matrix's Synapse server can be configured for hidden service operation. Install Synapse (Python, via pip or the official package). Configure homeserver.yaml: server_name set to the .onion address, web_client_location pointing to a locally hosted Element frontend, disable federation to prevent .onion address leakage through the federation directory. Configure Tor: HiddenServicePort 443 127.0.0.1:8448 (Matrix default HTTPS port). Users access via a web browser (Element hosted as hidden service) through Tor Browser. Mobile Matrix clients (Element on Android/iOS) require proxy configuration to connect to .onion homeservers. Federation disabled means users can only communicate within this homeserver (self-contained community).

Transport encryption (TLS) protects messages between client and server. End-to-end encryption (OMEMO for XMPP, Matrix E2EE) protects messages so the server cannot read them even if it wanted to. For privacy-focused hidden service chat, E2EE is strongly recommended. The server stores E2EE-encrypted message blobs that it cannot read without the clients' keys. Key verification between participants (comparing safety numbers or QR codes) prevents man-in-the-middle attacks by a compromised server. Brief participants on key verification - it is a simple in-person or out-of-band comparison step that prevents a class of attacks.

Anonymous communications create challenges for moderation. Spam prevention without IP blocking: account age requirements, referral-only registration (new users invited by existing users), rate limiting messages per account per time period. Harassment prevention: room administrators can remove users from rooms, operators can suspend accounts for policy violations. Clear community rules set expectations. Automated detection of obvious spam patterns (repetitive content, link spam) supplements human moderation. For high-risk communities (journalists, activists), strict moderation policies protect community members from infiltration attempts.