## Current State One controversial topic within the admin community is [Tor](https://www.torproject.org/). Many malicious actors that want to harm an instance hide behind the tor network, which is why many instances block traffic originating from Tor. The most common approach is to block requests from [exit nodes](https://support.torproject.org/glossary/exit/), a list of which can be found [here](https://check.torproject.org/api/bulk). Tor blocking is a valid principle that every instance operator must decide for themself. I do not condemn anyone for doing so. ## Motivation for Tor However, Tor is also a tool to use the Internet in an anonymous way, bypassing censorship or big firewalls. This means that there is a legitimate use case for the combination of Tor and Lemmy. There is even an official [Lemmy documentation](https://join-lemmy.org/docs/administration/tor_hidden_service.html) on how to run a Lemmy instance as a hidden service. ## The Issue There is, however, one significant issue at this point: Picture requests are leaking. On the normal web, all requests go to `https://lemmy.tld/...`, including image requests that look like `https://lemmy.tld/pictures/image/...`. In Tor, you access `http://xyz.onion/`, but the image requests still use `https://lemmy.tld/pictures/image/...`. From a Tor perspective, this is not intended and defeats the purpose of a hidden service. Yes, you are still anonymous, but the traffic through the exit nodes is slow (traffic within the tor network is »faster«) and not even necessary in this case. The reason for this problem is that the image links are stored in full length in the database. For example, an image has the id `1a2b3c4d` and is stored in the DB as `https://lemmy.tld/pictrs/imate/1a2b3c4d`. This leads to requests for images (of the same website you visit via tor) take the long route to the clear web. ## Proposed Fix I have delved into the [lemm-ui](https://github.com/LemmyNet/lemmy-ui/) source code and **[developed a fix](https://github.com/mikelauer/lemmy-ui)** for this problem. Unfortunately, this is not a universal solution and only works for our [QuantemToast (de/en)](https://postit.quantentoast.de) instance. However, it is easy to customize it for your instance. Just change the domain name in `src/shared/utils/app/substitute-image-url.ts` and build your own Docker image. It works by replacing the instance domain with the onion domain for image URLs (and the favicon). Perhaps someone is interested in developing a general solution, but until then, those of you who want a Tor instance or just a Tor mirror (our use case) might like to take a look at my solution. Edit: Use at your own risk. ## Please Note Be aware, that content from other instances might not be visiable due to mentioned Tor blocking. Furthermore federation is currently not supported for Tor instances. Federation traffic between instances is handled on the clear web. If you just want a Tor mirror, you might want to consider using a [single onion service](https://blog.torproject.org/whats-new-tor-0298/) for better performance. Edit: Changed fix link from commit to branch. Had to change something because of icon leak

I thought this might be of interest to other users as well as admins.