< Privacy on Gemini

Parent

~ew

For someone fearing for their safety

ANY online activity is problematic.

TOR can add a few layers of indirection, hiding your IP addr from the server you contact. Using transport layer security can hide the content of the connection to some extent. But it cannot hide the content of your transaction from the admin of said server. Neither can it hide the fact, that a contact has taken place at some point in time. It just depends, where you look. The hop from your device to "the network" is the most problematic, in my opinion. My IP addr changes at least once per day, but my ISP knows my IP addr at any given time. They don't have to tell me, in case they were asked by $who_ever.

Any service can be put behind an .onion service, I serve my capsule this way as well.

Fingerprinting: an attacker can point their browser at a suspect server. From the pattern of data per time, dns lookups, called 3rd party websites etc, the attacker can observe your traffic pattern and conclude with some confidence, whether or not you visited a site on their observing list. This is why TOR to my knowledge collects a few things together before passing them on, in the hope to make time patterns less visible. There is an old talk of Roger Dingledine about this. And in there, that the timestamps in network traffic can be used to distinguish separate systems behind one IP address due to different rates of clock skew.

By the way, power outages can be correlated with the uptime of my capsule. They can be used to get the geographic location of my capsule with some confidence, if it is online for a lengthy time.

Pseudonyms: Anything that includes transfer of money (to pay for a service) is not going to be very pseudonymous. Even if you go through the trouble to add a working debit card for a pseudonym. You need to feed that card at some point with real currency.

If you want privacy, shut down your computer/phone/TV/car/camera --- anything that connects to the network or sends out radio signals. Pen and paper, in real life meetings and the like are not ensuring complete privacy either, its just that the observation is a bit more difficult.

Security/privacy are a very hard problem.

I'm not an expert.

Write a reply

Replies

~gmund wrote (thread):

The hop from your device to "the network" is the most problematic, in my opinion.

Yes, I would agree. That's why I would prefer to use a service that anyone uses as the first hop.

If you want privacy, shut down your computer/phone/TV/car/camera --- anything that connects to the network or sends out radio signals.

Well, ok, but you would be back 50+ years with that. No communication.

Pen and paper, in real life meetings and the like are not ensuring complete privacy either, its just that the observation is a bit more difficult.

I have seen people that can very accurately match handwriting to a person, even if you try to write differently (ie. with your wrong hand). There are even technical means to match up Typewriters to typed pages. All has been there in the past.

Security/privacy are a very hard problem.

Yes, it is.