APIs should work, though. So unless the instance needs some kinda captcha or other client-side challenge, e.g. for registration, people could presumably use apps with it.
However, in my experience, not many social-media-adjacent apps support setting a custom proxy, even though modern network libraries should make it a no-brainer. E.g. few Matrix clients support that, and ones that do aren’t much of an eye candy (and have problems with the initial setup of the encryption, which seems to be a pervasive issue with Matrix).
ViatorOmnium@piefed.social 3 weeks ago
That’s just a frontend issue. You can have clients that don’t try to do regular polling.
Having reliable activitypub federation is going to be a much harder challenge. The server to server protocol has a bunch of assumptions that are not true for tor and i2p.
And unless you want the entire network to become a CSAM and Nazi cespool, you would also need a reliable way of identifying servers, which defeats the purpose.
SlurpingPus@lemmy.world 3 weeks ago
Could you please elaborate just a bit? I’m a web dev, but haven’t looked into fediverse protocols yet.
ViatorOmnium@piefed.social 3 weeks ago
One example is HTTP signatures. Servers sign their payloads and receiving servers should validate not just the hash but ensure the payload is not too old. Mastodon allows for a twelve hour difference (https://docs.joinmastodon.org/spec/security/#http-signatures) but other software might be stricter for security reasons. The a bunch of things like webfinger were designed around public dns and public key chains A mastodon server running on the open internet and/or expecting public keychain HTTPs will not be able to federate with something running in tor.
You could cut enough corners to make something that federates inside tor, but at that point it’s better to design something around tor’s features.
SlurpingPus@lemmy.world 3 weeks ago
Why is it the first time I hear of this?