@Biff Thank you very much!
Hello NodeBB folks. I'm a new user, and so far really excited about the platform. I'm setting up something that is a bit unusual, I guess, on behalf of a place in Berlin called Werkstatt (http://werkstatt.tw).
I need a forum platform for groups that meet at Werkstatt, however, many of these groups are focused on issues of privacy, anonymity and surveillance, so that gives me some extra criteria to focus on.
I've set up this so far: http://vgnx2fk2co55genc.onion/
In case that url looks odd to you, that is a Tor hidden service, a theoretically unlocatable server accessible only over the Tor network. Download Tor Browser and try it out!
In order to allow people not on the Tor network to access the forum, I've created this reverse proxy: https://groups.werkstatt.tw -- This site uses the tor network to access and proxy the site, so even if this server where to be compromised, it would not reveal the location of the hidden service, it uses the above .onion url as an upstream over Tor.
I was wondering if anybody else in this community was interested in creating privacy respecting forums such as this, it seems we will need to make a custom theme (or a fork of lavender) which doesn't use an third party resources, such as google fonts, as these potentially leak information to those third parties, and work out other privacy-related issues as they come up.
BTW, I am based in Berlin, Germany and Toronto, Canada. I guess a few of you are in Toronto!
All the best, and thanks for the great work!
If anonymity is the goal, Tor has never been save. Most people just didn't know it. Who's running that exit node that you are using?
It's still good for when you need to view content from websites that filter access based on your location.
"Safe", I think, is relative. Not many things are out of reach of the NSA
But like how a password will keep 99% of unwanted visitors out, IP whitelisting might keep out 99.9999%, and Tor might increase that to 99.999999%
@dmytri Yes, you'd have to remove all references to third-party assets. Shouldn't be too difficult, I imagine...