将隐私视为严格约束条件来设计仅限Tor的服务

Hi HN,<p>I’m working on OnionLab, an experimental ecosystem of services built around a strict constraint:<p>All user-facing services are accessible exclusively via Tor (.onion). Clearnet is used only to publish static, official information.<p>This is not because Tor is a “feature”, but because treating privacy as a hard constraint simplifies some design decisions while making others explicit.<p>By committing to Tor-only access, we intentionally avoid: - IP-based assumptions - user tracking or profiling - identity binding through accounts or social graphs<p>Instead, we focus on: - minimal and explicit state - short-lived session state only where strictly required - cryptographic verification (PGP) rather than identity claims - append-only records instead of mutable histories<p>One example is OnionLab Trust, which records references (e.g. URLs, onion services, external account identifiers) declared by PGP key holders.<p>Trust does not verify ownership, legitimacy, or truth. It only guarantees that a reference was registered or updated by the holder of a specific PGP private key.<p>The goal is not to create authority, but to allow others to observe continuity and intent over time without weakening anonymity.<p>I’m sharing this here not as a product launch, but as a concrete exploration of what service design looks like when privacy is treated as a non-negotiable requirement.<p>I’d be interested in hearing from people who have built Tor-only systems, or who considered this approach and decided against it.<p>Thanks for reading.