Today we're sharing the first in a series of three posts from our leadership team, starting with @mellifluousbox discussing our mission, and priorities for 2026.

@benroyce @mark @nitrml @meowki @iju @ariarhythmic .onion access bypasses exit nodes enrirely. If Tor gets compromised dozens of nations find their intelligence services lose covert communication except by direct radio or sattelite. If civilian traffic is blocked or driven off, spy traffic then instantly stands out.

Too many armies need Tor to kill it

@LukefromDC @mark @nitrml @meowki @iju @ariarhythmic

.onion doesn't use exit nodes but it uses rendezvous nodes

and nobody wants to kill tor, the intelligence services love it

the foolishness is people who think something built by the us govt is perfectly anonymous

it *is* anonymous. to most every other entity

@benroyce @meowki @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron

That means they will find servers that fit their needs, just as folks in my position find servers that fit our needs. Mastodon is NOT like Twitter or FB wirh a single server farm and one set of rules for all.

@LukefromDC @meowki @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron

zero argument

and if you make the services you talk about user friendly enough that the average social media user can point and click and zero hassle, even better

until then, some servers are stuck in unfriendly districts

and that's not their fault

the govt is at fault

@benroyce @mark @nitrml @meowki @iju @ariarhythmic Perfect security would require our own hardware down to our own fabs making our own silicon. Then we'd have to bridge a new protocol we own over clearnet on the model of the US Government's own SIPRNET classified comms network.

It's easy enough to tell who I am by my writing style. Things like Tor let my bypass censors more than hide who I am.

@LukefromDC @mark @nitrml @meowki @iju @ariarhythmic

understood

but we're now very far away from your average normie who just wants to see cat pictures

and that's where this topic truly lies

@benroyce @mark @nitrml @meowki @iju @ariarhythmic Indeed so. Totally different needs and it goes both ways. An activist video server for instance could not handle doing 10x its bandwidth in cat videos, a server optimized for easy use to poat cat videos might not be safe going forward for posting videos of police brutality.

As different as a cruise ship and a destroyer, a Cessna and a Spitfire.

@LukefromDC @mark @nitrml @meowki @iju @ariarhythmic

100%

and that's why we can't do purity tests on resistance

purity tests destroy effective resistance

effective resistance that isn't pure is not a betrayal

we resist how we can, in the ways we can

this isn't an argument against your words, i'm just harking back to the argument up higher

@ariarhythmic @benroyce @starlily Great, fascism will make good Mastodon instances have the same status as BitTorrent trackers and pirate streaming websites!

Well, the tracker I used to contribute for is still up even today, thus we may think disobedience is fine, they will not go for small instances. On the other hand, it's a false correlation: one thing is Crunchyroll, Netflix and other companies choosing not to go against small groups because they may die out of just from not getting enough donations, other thing is fascist governments. They are already going against individuals, people fear ICE, as an example.

@benroyce @LukefromDC @mark @nitrml @meowki @iju @ariarhythmic LOL, yes. I am so used to fake birthdays that I have to make an extra effort to enter the correct one if needed.

I oopsied my birthday for an online plane ticket booking after 9/11. No issue. Got to fly as booked.

@benroyce @mark @nitrml @meowki @iju @ariarhythmic Back in the 2010 era, some DC animal rights activists discovered that selective use of "vegan purity testing" was a simple and effective way to drive out suspected undercover cops.

@LukefromDC @mark @nitrml @meowki @iju @ariarhythmic

well yeah

and new gang recruits are asked to shoot someone in the head as they watch for much the same reason

neither of which tell us much about the topic here

@benroyce @ariarhythmic @Mastodon @mellifluousbox No, they cannot get shut down by a government they're not operating under. If there's a threat, move legal operations & hosting out of the jurisdiction and obfuscate physical location of servers behind VPNs. Don't fucking comply.

@dalias @ariarhythmic @Mastodon @mellifluousbox

that's not really true

for many countries you have to follow the laws of *both* your home country and the country where your server resides

of course that's not true for all countries

but if let's say you're a citizen of the germany and your server is hosted in another country, germany just goes after you, it doesn't care

"obfuscate physical location of servers behind VPNs"

no. that's no protection

@benroyce @ariarhythmic @Mastodon @mellifluousbox None of that contradicts what I said. You don't run it as a citizen or resident of the hostile jurisdiction. You pass ownership to an entity in a safe location, and you put the fronting IP in a safe location. Physical servers can be somewhere else, but shouldn't be somewhere under the hostile jurisdiction unless you're confident there's no trail to them.

@dalias @ariarhythmic @Mastodon @mellifluousbox

if you're already in a safe jurisdiction, yes, get your servers out of a bad jurisdiction, absolutely

but if you're in an unsafe jurisdiction, it doesn't matter where your servers are. if they want to target you, they'll target you, and no amount of obfuscation will protect you from that

of course if you're a small fish doing small fish things, you'll probably be fine for a long time

@benroyce @ariarhythmic @Mastodon @mellifluousbox You just make it so it's no longer you running it. It's been passed off to an entity legally incorporated someplace else, and your involvement is as a volunteer or contractor working with a foreign entity for which you have no authority to implement the type of "age verification" your government wants them to impose.

@dalias @ariarhythmic @Mastodon @mellifluousbox

so let's say i'm in the uk. you expect me to set up in let's say canada

under someone else's name? what? you have those kinds of connections?

nevermind the added cost

also the effort will trigger more interest in you than if you never tried it. when they find out you're just trying to avoid age verification they'll laugh

you think govts aren't used to this kind of intrigue from dealing with crypto/ gambling/ silkroad/ pedophile rings/ etc?

@benroyce @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron it is to utter idea, I don’t want to have amd I know a lot of people who doesn’t want to have credit cards and are completely ok with Debit Cards. 1. There are people who do not want to be formally in debt, 2. There are people who do not want to be formally in higher loan to salary ratio. (Yes when I was asking for mortgage, I got rid of CC, because it was literally increasing my debt to salary ratio even when it is not used, by its credit limits) and as last thing asking gamers (and yes gaming is addictive) when there are games with concept of in game payments for credit card is just wrong. It shall be regulated the same way as online gambling is.

@LukefromDC @benroyce @mark @nitrml @meowki @iju @ariarhythmic In case of mastodon you don’t need to possess ID, there are several KYC services, who verifies your customer and issue proof he is eg age verified. And you never posses any ID, CC etc. I would say this will be smaller burden (perhaps even cheaper) that setting whole payment infrastructure.