The past year has seen an unprecedented rise in government censorship of the internet. From Article13 (upload filters) in Europe, to SESTA / FOSTA in America, to the war on encryption in Australia, to age verification in Britain, to other similar and equally horrible initiatives launched in recent years. Seeing the aggression of governments toward open platforms and their efforts in aligning occidental digital rights with those in authoritarian countries, I can't help but fear that both Mastodon as a software and everyone who hosts an instance may someday be in danger. Just as tech companies are now being held responsible for what their users do and demanded to implement automated filters that censor content, individuals may find it illegal to host services like a Mastodon instance if they don't implement the censorship standards imposed by their local government. If this ever happens, it becomes important to protect the identities of server admins to the best extent possible. I'd thus like to open an issue dedicated to a difficult yet equally important debate: Whether Mastodon can offer any builtin means of hosting an instance anonymously. By that I refer to the instance being served without anyone accessing it being able to directly determine the server's IP address, or any other identifying information about who the owner is and where they're located (especially which country). This needs to be done without breaking federation, so all normal and other anonymous instances are still able to communicate with the anonymous instance. There's no straightforward way of achieving this goal; All content must be served and updated by a server, which in this case also serves a web interface accessed by browsers. For this the server needs to give away its IP address. But by letting other nodes intermediate the data and distribute parts of it across the network, anonymization can be achieved with some degree of reliability. A few ideas: * The most obvious and clean solution seems like a way to host the Mastodon instance over the existing Tor network. This might not require major changes to Mastodon itself, just support to serve the data over an Onion URL instead of a normal one. For added ease, we could include our own minimalistic Tor implementation straight into the software, in case anyone is able and willing to write a Tor implementation under Ruby / Rails. * Another alternative would be for Mastodon to embrace IPFS, the P2P library which allows files and whole websites to be shared in a distributed network similarly to torrents. In our case IPFS cannot substitute for a server, but Mastodon could store media and even the text inside posts as files within its network. Servers could then do only limited transmissions, exposing slightly less information about who is who and what is hosted where, which could help to reduce liability. This would have the added advantage of improving content availability and download speeds, but the disadvantage that it would require major design changes as well as an update to all existing instances. * One last idea that comes to mind is a system for allowing instances to intermediate requests from other instances. Mastodon instances already talk to each other through ActivityPub: When browsing the timeline of instance X and seeing posts from instance Y, we could simply let instance X privately fetch the data from instance Y and serve it to the user viewing it, instead of the user still pulling the data directly from instance Y. This would provide a small degree of anonymity, as any outsider would have to ask instance X what the IP of instance Y is instead of being able to see it for themselves which is harder. Instance Y would of course have to whitelist only instances that it trusts. Unfortunately instance Y will have to operate indirectly without a web interface, which makes it extremely difficult for users to register and post on it. Other forms of spoofing might work here, to make it so that a third party can't tell where a given post or account is primarily hosted and be required to go after hundreds of instance owners worldwide.