> DEADDROP_

A Tor-native, zero-JS, PHP/SQLite Nano-Pub node for pull-based signals, onion-only federation, and private drops. Inspired by Relay Station's sovereign communication model, rebuilt for low-resource darknet hosting.

ONION-NATIVE ZERO-JS UI PHP + SQLITE EXPERIMENTAL / NOT AUDITED

[ DEPLOY_NODE ] [ READ_THREAT_MODEL ] [ VIEW_SOURCE ]

SYSTEM_TERMINOLOGY

DEADDROP NODE

The software you install on an onion-accessible host. It stores your local timeline, inbox, identity keys, and peer radar.

RADAR

Your local contact graph. Add trusted onion endpoints, assign petnames, and let the worker pull their outbox in the background.

OUTBOX.JSON

The static broadcast ledger exposed by each node. Peers read it without needing live accounts, feeds, or centralized APIs.

DROP

A public signal, encrypted private message, burner drop, reply, or tombstone event traveling through the pull-based network.

CORE_DARKNET_FEATURES

> ONION-ONLY FEDERATION

Production peers are expected to use Tor v3 onion endpoints. Clearnet peer discovery is intentionally out of scope.

> STATIC OUTBOX SYNC

Nodes publish a compact JSON ledger and pull peer ledgers asynchronously, reducing runtime pressure on tiny hosts.

> ZERO-JS TORMINAL UI

The interface is designed to remain usable in Tor Browser's safest-style environments without requiring frontend JavaScript.

> PRIVATE DROPS

Private payloads are sealed with libsodium-based cryptography and decrypted locally by the receiving node operator.

> BURNER SIGNALS

Burner drops can be destroyed by backend logic after reading, avoiding client-side timers or JavaScript self-destruct gimmicks.

> HASHCASH KNOCKS

Peer discovery can require proof-of-work pings so unsolicited radar entries are harder to flood at scale.

> CLI WORKER

Synchronization is handled by a command-line worker intended for cron, not by visitor-triggered frontend scripts.

> LOW-RESOURCE TARGET

Designed around PHP, SQLite, static JSON, and small-footprint hosting such as VPS, recycled boxes, or STB-style nodes.

NODE_CAPACITY_GUIDANCE

These are conservative operational guidelines, not formal benchmarks. Tor latency, disk speed, cron frequency, media usage, and peer outbox size will change real-world behavior.

GREEN ZONE

1 - 25 PEERS

Comfortable for small trusted circles. Sync cycles should remain lightweight on modest hardware.

YELLOW ZONE

25 - 75 PEERS

Expect slower worker cycles, more SQLite churn, and heavier Tor traffic during polling windows.

RED ZONE

75+ PEERS

Split nodes, prune radar entries, reduce media, or tune cron intervals before treating this as a public-scale network.

SECURITY_&_ARCHITECTURE

ENFORCED_DESIGN_CHOICES

> Zero-JS surface: primary UI flows avoid frontend JavaScript. > Pull-based federation: peers fetch published ledgers instead of relying on central push infrastructure. > SQLite local state: node data stays on the operator's host. > Tor SOCKS worker: background sync is intended to route onion pulls through Tor. > Private message envelope: sensitive drops are encrypted before entering peer-readable ledgers. > Off-webroot storage: hardened deployments should move config, DB, sessions, and backups outside public web paths.

threat_model.log [ - ] [ X ]

> STATUS: EXPERIMENTAL
> AUDIT: NOT FORMALLY AUDITED
> ANONYMITY: TOR-DEPENDENT
> OPSEC: OPERATOR RESPONSIBILITY
> CLAIMS: NO ABSOLUTES
> CLEARNET: OPTIONAL BRIDGES MUST BE REVIEWED

DeadDrop can reduce centralized dependency, but it cannot guarantee anonymity, endpoint security, safe operator behavior, or protection from compromised hosts.

GENESIS_DEPLOYMENT

Deploy a private onion node, initialize the database, point nginx/PHP-FPM at the app, expose the hidden service through Tor, then run the worker from cron.

minimum_stack.txt [ - ] [ X ]

PHP 8.2+
SQLite / PDO
nginx or compatible web server
Tor hidden service
cron/systemd timer for worker.php
Torminal CSS assets

[ DOWNLOAD_SOURCE ] [ READ_INSTALL_GUIDE ]