Hello,
Since your Lemmy posts, comments, related activities, and your basic profile information will be stored in the databases across the fediverse, possibly never to be deleted (or kept by somebody who can), do you:
- Always use Tor/VPN with a fediverse app?
- Recommend others do the same?
If you feel that it is unnecessary, why do you feel that way? If you think it is necessary, why so?
Thanks. I am trying to get a feel of what I should do. For example, if my instance loses its data (due to a hack, sale, vulnerability, etc.), I am pretty sure all the information is lost (including my IP addresses). If other instances lose their data, or keep the data for their own purposes, then my posts/comments/related activities are lost (maybe excluding some of my profile information, my settings, and my IP addresses).
I look forward to hearing your thoughts.
Using a VPN won’t give you much extra privacy unless you don’t trust your instance’s admins. IP addresses aren’t federated, only the content. I don’t think Lemmy itself stores any IP addresses, they merely show up in NGINX logs which ideally are rotated fairly frequently anyway.
But at that point if you care that much, you should already be using a VPN 24/7, because practically everything you’re logged into has your account tied to an IP at some point and any of them are potentially vulnerable to a breach.
I’m just careful about what I post and what I vote on, this identity is fairly public anyway.
If you don’t trust your admins, you can host your own instance. That way you’d control what is federated and with whom.
Buuut your server ip would be public, so idk…
@fermuch If you want to host your own instance but don’t want the trouble of making your IP public for every random Bob to see, there is always Masto.host (which I’ve used before on my own) https://masto.host/
Yeah, but now you’re moving trust from the instance into trusting masto.host…
@fermuch That’s a good point, I guess it’s up to the individual to decide what or who they trust most
What data does Lemmy store that isn’t already inherently public. Private DMs and IPs are all I can think of, and neither of those are of any value as far as I’m concerned.
I just don’t care?
I know that stuff is public when I used it.
I’ve known this is how the internet works since the 90’s. I’ve also known that my IP address isn’t a scary super identifying thing as the movies would make you believe. For most people, it’s gonna point to your ISP and not your personal device.
Shit man, back in the day we used to scare noobs by showing them their own IP because it was incredibly easy to obtain. It still is, most of the time. Because it doesn’t mean fuck all.
As for everything else: If you don’t want certain pieces of information out in the wild… Don’t put them there in the first place. It’s that simple.
I’m always using a vpn for the sake of living in China, not particularly fediverse related. I simply don’t share anything I’m not comfortable everybody knowing regardless, just like we were told in the early days of the internet.
Thanks for the reply. Yeah, I think this makes sense when you trust your VPN provider more than your ISP/government.
Using a VPN is not going to help much.
I don’t know if Lemmy traffic can be routed through TOR directly, but that might not be the best idea in terms of usability.
I try not to expose too much PII on Lemmy. That’s basic OPSEC.
Thx for replying. Would you expand on the idea why VPN wouldn’t help with increasing the person’s privacy?
BTW, I have tried logging in using Tor. It pretty much works normally but slightly more slowly. Of course, Tor throws more fits depending on how the connection is created, so you are right, I personally would hate having to use it regularly.
Depends on who you are trying to hide from and what exactly you are trying to hide
- your crazy ex
- your crazy ex who is good with computers
- your employer
- your ISP
- the state police
- federal police
- nation states
For each scenario, there are different minimum security levels you need to maintain.
If you don’t want to let your ISP know you are visiting Lemmy and if you don’t want the lemmy admin know where you are from, a VPN is great.
However, if you are participating in an anarchist instance planning to 💣a place, a VPN is not enough since the feds can force a VPN company to let them know who exactly is using a certain IP at a certain time.
Rule of thumb; don’t do shit on public forums.
Thank you. That’s a very nice summary.
Xavier summarised it fairly well. VPN isn’t going to help with entities that are actively trying to track you. You might be able to outwit Facebook trackers/Google trackers or something with some clever user agent manipulation/ faking your browser ID and a VPN, but that’s the extent of it.
I don’t see that much of a point in this unless you’re in “they’re coming to get me” stages of paranoia.
That would be pretty wasteful on the Tor bandwidth, unless it is necessary for you to hide your Lemmy activity from the glowies. Realistically all you would need would be a VPN, but I do not think our IPs are publicly accessible on Lemmy, and only visible to the instance admins, so another not so worrisome worry. All in all, just limit what you share and how much of it you share and you will be good.
Currently I do use a VPN, though it’s not because of Lemmy that I do so, it’s the general threat model that I made which causes me to use a VPN. I do not recommend it to others which have no use for a VPN, specially if they have not made a threat model yet.
Remember, OPsec is what kills privacy and creates linkability, something which you do not.
Thx for the reply. For the sake of discussions here, if someone think they can increase the privacy by always using Tor to access all the fediverse accounts, and let’s just assume they don’t ever miss (for me, this probably is unlikely). How do you think this increases linkability to their … ?
Using Tor one of the best ways to be anonymous online, but this only works because everything becomes randomized all the time. However, all these protections become useless when you create an account and then use tor on it: they know it’s you because you’re the only one who owns that account. But all this doesn’t matter until you start sharing public info that is linkable to your private/personal identity, making anything else in this world to anonymize you useless. Like I said, tor isn’t a “instant privacy with no downside” as everything can crumble down with a simple OPsec error.
So, if you are interested in privacy there are a couple resources which will help :
- Privacy Guides ( /c/privacyguides on lemmy.one)
- Anonymous Planet (anonymousplanet.org)
- Extreme Privacy by Michael Bazzell
No because I didn’t choose this public forum for its privacy or security
Are there any onion service lemmy instances yet?
Would that be possible? How would other (normal network) instances federate with you?
Also, isn’t onion service pretty much used to hide the server’s IP, but doesn’t do much about hiding anything for the end users?
The end user’s ip is hidden in the onion network. The server will get the ip address of the “last node” your client routed it’s request through (and that node only has the ip address of the previous node, etc).
However, the clients ip can be leaked if a server creates some Javascript which makes an Ajax call (basically, an additional http request). A malicious Ajax call will not go through the onion network and thus expose the clients real ip. Hence, it’s recommended to disable Javascript and other features while using tor.
If you have all your traffic going through tor, ajax requests will come from an exit node too.
I did a bit more homework and you’re right.
“Back in the day” running Javascript increased your attack area. But now-a-days I guess it’s consider “safe”.
I did find this old (7 years ago) posting which talked about concerns. Today, I guess the rule of thumb is to avoid (or limit) browser plugins.
Thank you clarify that.
I mainly worry about data security at my end, I’m very careful about what kind of information I ever give out. I’ve gotten more lax with the rise of ecommerce, but my computer didn’t even used to know my real name or any real information about me. I simply lied for absolutely everything, up until I went to college.
Nowadays I’ve gotten lazier, but some of those habits remain. Anything that could ever even remotely lead back to anything less than tens of thousands of people simply doesn’t go on here. While a personality profile could be assembled and used to sell me stuff, I don’t care so much about that. Though if we slowly get absorbed into Meta because $$$, I might change my mind on that last one.
So, no, I don’t worry about it too much. If I was a hacker or political activist irl or something I might take it a little more seriously.
Thx for the reply. I probably wouldn’t want discuss anything indicating illegal activities or political activism on the Fediverse. I think Reddit was just demanded to turn over some (subset?) of discussions about copyright piracy. They might get away without the subpoena altogether on the fediverse arguing the data is already public.
Yes, I would not be participating in any of that from here without additional security. More private communities are really better for that kinda stuff anyway, always have been.
I kind of just assume everything on the internet is in public space by default.