34
Probably should assume everything will be leaked, anyone using Tor/VPN for Fediverse apps? (infosec.pub)
submitted 1 year ago by Yeah2206@infosec.pub to c/asklemmy@lemmy.ml
32 comments fedilink hide all child comments

Hello,

Since your Lemmy posts, comments, related activities, and your basic profile information will be stored in the databases across the fediverse, possibly never to be deleted (or kept by somebody who can), do you:

  1. Always use Tor/VPN with a fediverse app?
  2. Recommend others do the same?

If you feel that it is unnecessary, why do you feel that way? If you think it is necessary, why so?

Thanks. I am trying to get a feel of what I should do. For example, if my instance loses its data (due to a hack, sale, vulnerability, etc.), I am pretty sure all the information is lost (including my IP addresses). If other instances lose their data, or keep the data for their own purposes, then my posts/comments/related activities are lost (maybe excluding some of my profile information, my settings, and my IP addresses).

I look forward to hearing your thoughts.

you are viewing a single comment's thread
view the rest of the comments
[-] kostel_thecreed@lemmy.ca 8 points 1 year ago* (last edited 1 year ago)

That would be pretty wasteful on the Tor bandwidth, unless it is necessary for you to hide your Lemmy activity from the glowies. Realistically all you would need would be a VPN, but I do not think our IPs are publicly accessible on Lemmy, and only visible to the instance admins, so another not so worrisome worry. All in all, just limit what you share and how much of it you share and you will be good.

Currently I do use a VPN, though it's not because of Lemmy that I do so, it's the general threat model that I made which causes me to use a VPN. I do not recommend it to others which have no use for a VPN, specially if they have not made a threat model yet.

Remember, OPsec is what kills privacy and creates linkability, something which you do not.

[-] Yeah2206@infosec.pub 1 points 1 year ago

Thx for the reply. For the sake of discussions here, if someone think they can increase the privacy by always using Tor to access all the fediverse accounts, and let's just assume they don't ever miss (for me, this probably is unlikely). How do you think this increases linkability to their ... ?

[-] kostel_thecreed@lemmy.ca 2 points 1 year ago

Using Tor one of the best ways to be anonymous online, but this only works because everything becomes randomized all the time. However, all these protections become useless when you create an account and then use tor on it: they know it's you because you're the only one who owns that account. But all this doesn't matter until you start sharing public info that is linkable to your private/personal identity, making anything else in this world to anonymize you useless. Like I said, tor isn't a "instant privacy with no downside" as everything can crumble down with a simple OPsec error.

So, if you are interested in privacy there are a couple resources which will help :

  • Privacy Guides ( /c/privacyguides on lemmy.one)
  • Anonymous Planet (anonymousplanet.org)
  • Extreme Privacy by Michael Bazzell
this post was submitted on 09 Jul 2023
34 points (90.5% liked)

Asklemmy

42502 readers
1864 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
ada@lemmy.blahaj.zone
AdaShovelace@lemmy.ml