I'm building a website where I need to protect the anonymity of the users. Not most important, but I would also ensure my own anonymity as a host, but if I get found out that is okay. I'm hosting a grievance form for people who may be retaliated against if they go through the channels currently provided to them. Worse than this fact they're complaints will go ignored and hidden if they are severe enough. I am going to be the middle-man between the organization and my peers so ensure that all complaints are never covered up and resolved by the proper authorities.
I understand that Hidden services (Onion Services) have a long list of protective benefits. I also understand that if not implemented properly by myself these benefits will be void. I also understand that because of end user error by people who do not understand how to protect themselves using these tools, my service may be rendered useless. I think I have most things right but I would like to fact check my assumptions about what I think doing will work efficiently. I also feel my implementations may be overkill and some may actually conflict with others rendering them insecure.
1.How they will login to my service
I need to let people access my service somehow right? I think using a hidden service may be over kill. This would limit the amount of people who would use it because some won't bother going through the task of downloading tor browser. Some will not have access to a computer, only a cell phone, which is even more complicated for some to get on onion services. Even if this were not a truth and they used the tor browser their devices won't be secure. I consider running a onion service regardless because I understand there is a service that allows people to use a special domain to view these services from the clearweb. This sounds stupid to me because I don't know who intercepts that traffic for this to happen, reducing or probably killing security completely. Am I right to think its better to use the regular old internet and buy hosting from recommended/trusted hosting?
2.Securing their identity
If the people who I'm trying to protect my peers from decide to attack my website (unlikely but a concern) the only thing they'll see is the information about the device who connects to it. It's far fetched that this will happen but I need to bring this up just because why not? I need to keep their input on my website encrypted and anonymous. They'll have access to an available forum that is highly restricted and moderated in user content because they may post things that identify them. I know the authorities I need to protect them from will actively monitor every post made. The grievance submission form will be simple. It asks a set of questions and has them read what is or isn't a valid grievance. It will offer them the option to submit a grievance without or without correspondence. All submissions will be encrypted and sent to a mailbox server for organization. I will generate a Public and Private PGP key and in theory their message will be encrypted on the page than sent to my mailbox server.
If they need to discuss their problem and choose to have correspondence I need to somehow open a channel to provide encryption. I think that I can setup an inbox service that is separate from the forum that will automatically encrypt messages. I'm not sure how to do this.
This service will eventually be available for thousands of people. When I expand it will be a concern how to manage it all but that's not to worry now. I just need to make this simple service for 100 people as simple to use as possible for the user and they will not have any knowledge of security at all.