TOXY
TOXY is a bridge between Onion websites and Telegram Mini Apps, allowing a secure, fast, and reliable connection to the Tor network directly from Telegram Mini Apps.
It adds a minimal amount of fullscreen, skippable ads to support the network and reward proxy operators.
Run a node — earn TON. TOXY is designed so that anyone with a domain and server can join the network, help users access onion resources, and get paid.
Why is this secure?
TOXY’s security model protects the connection both between the user and the proxy and between the proxy and Tor.
-
Telegram-based authentication only – All connections must originate from Telegram Mini Apps. Each request is validated using Telegram’s signed initData, which includes auth_date.
auth_date ensures the data is fresh (≤60 seconds old)
- Any replay attempt fails, as tampering breaks the signed hash
-
TEE-secured binaries – Each TOXY node runs inside a Trusted Execution Environment (TEE), preventing tampering and securing in-memory operations. When nodes are connecting to the network - the process of remote attestation starts and executed binary is checked and verified.
-
Certificate integrity –
- Each node generates a single Let’s Encrypt certificate at startup inside the TEE
- The public key + domain are published to the TOXY blockchain
- Certificates are stored only in memory, preventing MITM
- At startup, older certificates are revoked automatically
-
Multinode validation – Upon joining, a node selects 5 random existing nodes + 1 reserved slot for a new node to monitor:
- Checks no unauthorized certificates are issued
- Checks that node is using certificate recorded in blockchain
- Detects dead nodes for removal from the active list
- Slashes nodes on violation
-
No logging – TOXY nodes log nothing about user activity. Since the code is open-source and verified by the TEE, this is independently provable.
This multi-layered design ensures the only trusted path is:
Telegram Mini App → TEE-secured Proxy Node → Tor → Onion Resource
Core Features
-
Access onion sites from Telegram Mini Apps without installing Tor
-
Monetized by fullscreen ads shown:
- Once at site entry
- Periodically (every 5–10 minutes or heavy usage)
- Ads are HTML/CSS/JS bundles, displayed in a sandbox with a skip button (5s delay)
-
TON blockchain payments from advertisers to a network pool
-
Automatic TON revenue sharing between nodes based on ads shown
-
Decentralized node validation via TOXY blockchain
-
Slashing of nodes that:
- Accept invalid or outdated Telegram auth data
- Use unauthorized certificates
- Go offline without deregistering
Advertising Flow
-
Advertiser sends TON to the network ad pool and provides a link to an HTML/CSS/JS ad bundle (must be onion-hosted).
-
Ads are distributed to all active nodes.
-
Nodes display ads as per usage policy.
-
Ad impression stats are collected securely by the network.
-
Rewards are distributed from the ad pool:
NodeReward = (NodeAdImpressions / TotalAdImpressions) × (PoolBalance × 0.95)
TOXY Core Fund = PoolBalance × 0.05
Joining the Network
- Obtain a domain and TON wallet.
- Point your domain to your server’s IP address (no CDN, no middle layers).
- Run the binary:
toxy --domain yourdomain.com --ton-wallet <wallet> --connect-to proxynet.su
-
The node will:
- Start inside TEE
- Obtain its certificate
- Publish domain + pubkey to TOXY blockchain
- Begin proxying onion traffic for Telegram Mini App users
Traffic Flow
[Telegram Mini App] → [TOXY Node] → [Tor Network] → [Onion Site]
-
Onion site owners can integrate TOXY links:
https://node1.com/example.onion
https://node2.com/example.onion
-
Or users can access via the root TOXY Mini App, which picks a random live node and provides an onion address bar.
Install and run
Assuming you are using an fresh ubuntu VM.
- Update the system and install golang.
sudo apt get update
sudo apt get install golang
- Add go executables to path, install toxy
echo 'export PATH=$PATH:/usr/local/go/bin:$(go env GOPATH)/bin' >> ~/.bashrc
source ~/.bashrc
go install github.com/d1nch8g/toxy/cmd/toxy@latest