>>19476 >>19478 >>19479 >>19480 >>19481
> We just need a secure /pol/ that can't be censored, where we can continue our BT meme threads.
If you want a /pol/ that can't be censored, you'd have to use a service, that's available exclusively via tor. Nanochan would be an existing tor-only service, that doesn't censor much.
In my experience, few people use those services, because it's too much effort. I'm hosting a few sites myself, which also are available via hidden service, but when I look into my logs, most requests come via clearnet, with a large part of those requests even being made by mobile phones.
> So if you can, slap any imageboard software on there
Bad idea. Security is important, when it comes to tor-services which should not be hacked and remain hidden. Getting a service to work is the easy part. Securing it is what requires skill.
> I guess what most people want here the most is just a simple, yet well-working imageboard free from normalfags and shills
That's nano. The userbase is rather small, though.
> Can you take rough notes as you make the site or post a simple tutorial for how to make hidden services so other anons can learn to set up their own site too.
Let's start with the easy part:
You can turn any service into a hidden service by adding the following lines to your /etc/tor/torrc:
HiddenServicePort 80 127.0.0.1:1488
After restarting tor you'll have a file called "hostname" under /var/lib/tor/hidden_service/muh_evil_service/ which will contain the .onion address under which the host will be reachable. In this case tor will make port 1488 on localhost reachable on port 80 via the .onion address.
But as I said, getting things running is the easy part. The hard part would be to make things secure, so that the application, in case it is hacked, can't tell the attacker its IP address and such. Someone who does this should be very well versed with topics like system- and network administration, and of course the hardening of services.
I'd go for the route of separating the application via virtualization from the rest of the system, doing the same for tor, and allowing the application-container to network only with the tor container, while routing the network traffic between both containers exclusively via some virtual internal network, so that the application container doesn't have access to the real network interface. Lots of firewall- apparmor- and systemd-configuration would also be necessary.
An additional problem would be how to acquire and administer a server without doxxing or leaving traces within the logs, for example while logging in via SSH.
That's all doable, but it requires experience. One may find good examples of how to set stuff up by looking at whonix and tails. Last time I've looked, the whonix guys also planned on releasing their stuff as a server distribution, which may already exist. If it does, this would be the easiest path for hosting a hidden service, because most of the system administration would be done by the whonix project, and the remaining skill requirements would regard the deployment and hardening of the application alone.
But this would bring another problem: money.
You can rent a VPS for something around 10$ per month. I personally like having two of them, with one being used exclusively for testing purposes, and as a backup, should the other server go down for some reason. But a VPS couldn't be used for whonix, because they're using virtual machines, which can't run securely inside of other virtual machines. So a baremetal server would be required, which starts at 50$ at some doxxing-requiring providers, and would probably become more expensive, if one would insist on renting the server without being doxxed.
So the saint-imageboard should bring in the server cost in donations, or else it's maintainer would have to pay something between 100$ and 1000$ per year to keep this service running, which most people wouldn't do. One may go a cheaper route by finding an coloc-center for raspberry pis, but I didn't look into that yet, and it probably would exclude the possibility of using whonix to secure the service, because raspis are too slow for KVM and such, and I don't know, whether their processor architecture is even being supported. But a raspi4 would also be fast enough to host such an service, if one uses LXC- or Docker as virtualization layer.