💾 Archived View for midnight.pub › replies › 7962 captured on 2024-08-31 at 14:43:43. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-05-10)

-=-=-=-=-=-=-

< Privacy on Gemini

~pandion

For someone fearing for their safety in a low democracy state, any on line activity that could be broblematic, should be routed through tor. There are other equivalent networks, but I thing only tor is considered safe enough.

I think Gemini does give the option to provide .onion services.

I know Gopher does for sure.

On the clear net, I don't think there is a way for a server to not know your IP. Weather a log is kept, is a different story, and depends on the server's owner-policy.

What is diferent on Gemini I think, is that there is no way to fingerprint you.

If you mask your IP through tor, and use a pseudonym, your ISP should have no idea what you are seeing, and the server can only know what a pseudonymous user with a fake IP does some bad things on their server but has no idea what the user does on any other server.

How can they connect your persona and its actions with your real IP?

Write a reply

Replies

~gmund wrote (thread):

If you mask your IP through tor, and use a pseudonym, your ISP should have no idea what you are seeing, and the server can only know what a pseudonymous user with a fake IP does some bad things on their server but has no idea what the user does on any other server.

True, but then my ISP also knows that I use TOR. Which is telling already that I might be up to something mischievous. TOR is not something anyone uses. Alone the posession of TOR software might already be punished. (i.ex. Europe / Germany => 202c StGB)

Not so when I use some Group / Page on Facebook. The ISP doesn't know what I am up to, just that I use Facebook.

~ew wrote (thread):

For someone fearing for their safety

ANY online activity is problematic.

TOR can add a few layers of indirection, hiding your IP addr from the server you contact. Using transport layer security can hide the content of the connection to some extent. But it cannot hide the content of your transaction from the admin of said server. Neither can it hide the fact, that a contact has taken place at some point in time. It just depends, where you look. The hop from your device to "the network" is the most problematic, in my opinion. My IP addr changes at least once per day, but my ISP knows my IP addr at any given time. They don't have to tell me, in case they were asked by $who_ever.

Any service can be put behind an .onion service, I serve my capsule this way as well.

Fingerprinting: an attacker can point their browser at a suspect server. From the pattern of data per time, dns lookups, called 3rd party websites etc, the attacker can observe your traffic pattern and conclude with some confidence, whether or not you visited a site on their observing list. This is why TOR to my knowledge collects a few things together before passing them on, in the hope to make time patterns less visible. There is an old talk of Roger Dingledine about this. And in there, that the timestamps in network traffic can be used to distinguish separate systems behind one IP address due to different rates of clock skew.

By the way, power outages can be correlated with the uptime of my capsule. They can be used to get the geographic location of my capsule with some confidence, if it is online for a lengthy time.

Pseudonyms: Anything that includes transfer of money (to pay for a service) is not going to be very pseudonymous. Even if you go through the trouble to add a working debit card for a pseudonym. You need to feed that card at some point with real currency.

If you want privacy, shut down your computer/phone/TV/car/camera --- anything that connects to the network or sends out radio signals. Pen and paper, in real life meetings and the like are not ensuring complete privacy either, its just that the observation is a bit more difficult.

Security/privacy are a very hard problem.

I'm not an expert.