The downside of everything being federated is that it’s really easy to listen in. Make sure to keep yourself anonymous online!
Pretty sure hexbear was one, the original admin bailed as soon as Trump got elected and they were really big on the don’t vote trend.
There are also instances that most likely exist just to suck up data for AI/LLM training. People were up in arms about it happening on Reddit and trying to torch their comments when here they’re giving it away for free and there are less bots because it’s a newer platform.
I honestly don’t care as long as the bots don’t cause a denial of service
I use NoScript and uBlock. For this page, there are eighteen different scripts that want to run, but I only allow the two that seem necessary for basic functionality.
Apart from using Tor and allowing zero scripts to run, we have little hope of even pseudo-anonymity on the internet, and increasingly in our every-day lives.
We, as a people, tolerate the surveillance state as long as they increase the surveillance incrementally over generations, distract us with shiny toys, and keep us fighting amongst ourselves over irrelevant subjects.
Just know that various governments have been confirmed to be running their own Tor nodes and monitoring traffic. To the point where they can de-anonymize some stuff in the right conditions.
Then you have the whole KAX17 thing.
https://www.malwarebytes.com/blog/news/2021/12/was-threat-actor-kax17-de-anonymizing-the-tor-network
All this to say, take extra precautions and don’t get complacent just 'cause you’re using Tor. It’s kinda like how most car accidents happen within a mile of your home, because you’ve driven it so many times you some times check out and go into auto-pilot. Some people assume Tor is the end-all, and it is not unfortunately.
What else are you going to use? Also Tor is highly resistant to attacks and it is very hard to trace traffic even if you control a sizable amount of the network. I think using Tor for random stuff once and a while is good as it mixes in junk with sensitive stuff.
I think the actual risk for a single low priority individual is low. However, run a node of you can. Also install the snowflake extension
I didn’t say don’t use it, I am just making a note for those that don’t know Tor and expect it to be the 1 tool to rule them it all.
Yes, some of the attacks I mentioned have been mitigated, but that’s no reason to assume it is 100% foolproof. Clearly, it wasn’t before.
The browser is much weaker than the network itself. Stay up to date with security patches and run Tor in a live environment like Tails OS
That attack type is mitigated both through protocol updates and network management.
It hasn’t been a problem for several years.
That isn’t to say that you should trust TOR completely, just that you don’t have to worry about sybil attacks on the network.
Dear NSA, I’m the CEO of antifa. Please direct all questions and inquiries below. Thanks.
Dear CEO of antifa, I’m the CEO of the NSA. How do you pronounce “antifa”? We’ve been really struggling in our meetings. Best regards.
I didn’t realize there were alternate pronunciations. Is this like gif level arguments at the NSA meetings?
What are the pronunciations?
Aunt Tifa vs anti-Fa (a longer way to run)
Upvote for the reference
Its shorthand for “antifascism”. You pronounce it the same without the “scism”. As head of NSA you should know how to say fascism pretty well I think.
Auntie far. HTH.
hahaha thanks
Dear CEO of NSA,
it’s pronounced Elon Musk is a domestic terrorist.
Best regards, Founding members of Antifa
Will do, Francis Bacon Tumminowson III of Wilburville, Kentucky!
I’m in the US and joined a leftist instance. I hide in plain sight lol
Im not scared. Ill lay it all out. im Hubert Manne. Thats H-U-B-E-R-T and I live at 1397 Prince Ave, Athens, GA 30606. My ssn is 123-45-6789. Are you bro enough, to come at me?
Weird. Just like passwords, all I saw for your ssn is asterisks. Must be a Fediverse security feature.
Hunter2
Fuck.
Really?? Let me try! My password is: RhaedasFromLemmyIsAHumanDildo
Wow, that must be a very secure password to be so long. :P
Probably, there are also bots on lemmy already bcz it’s grown quite a bit. They are definitely trying to direct the conversation as well.
If you’re going to start spreading conspiracies about government bots astroturfing our small corner of the internet you’re gonna need to present at least some kind of evidence.
Easy: “Everyone I don’t like is either a shill or a bot!”
According to lemmygrad, if you aren’t a absolute Vanguardist Marxist-Leninist Hardliner, you’re a CIA sleeper agent.
According to the rest of lemmy, everyone on lemmygrad is a bot
Oh, not everyone. Those people exist IRL. The world has over 8 Billion people, surely there are some weirdos.
Uh, the Russia is doing that on every possible platform. Why would ours be an exception? What makes Lemmy so special?
We have some odd encounters with allegedly non tankies pro Russia account but I couldn’t tell if they were a bot or rather just a useful idiot
It’s too small to bother with?
Not worth the effort, to be honest
Sounds like someone who was big into monitoring would say.
thank you for the reminder, Robert Paulson.
As is tradition.
If you are doing anything that’s publicly visible, you’re not anonymous.
That’s not quite true, although technically in this case you would be pseudononymous.
You can use Lemmy at opsec level 4-5:
http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/index.html
Register an email over tor browser, use that to verify a Lemmy account over tor browser, only ever access over tor browser. Be mindful of what you say and post.
Aren’t there instances that don’t require e-mail verification?
https://blog.torproject.org/tor-is-still-safe/
Tor is still alive and well I promise
what if I prefer mozilla firefox? Ive heard when you check every data security option the browser is private enough
Whats the difference
No, they’re not the same.
Tor browser gives you ANONYMITY, which is not the same as privacy.
What is Anonymity ? Why is it Important ? http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymityexplained/index.html
Why isn’t privacy enough for anonymous use?
http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonuse/index.html
(BTW stock Firefox is not even private at all)
these websites dont work for me… and the link looks very wrong - do you have like more accessible sources for me? Id be very thankful
That is a very bad idea
Use Tor since For is designed to make every user apprear identical. Firefox is packed full of telemetry and leaves a pretty heavy fingerprint.
What are you going to use except Tor?
Anyway the risk is pretty low that you are going to get targeted by law enforcement. Even if you are a person of interest it is going to be easier just to wait until you make a Sec Opps. They would need to control every node in the path plus they would need to decrypt the traffic on the exit. Somehow I don’t see that happening.
Also if you use Onion sites it is even harder to trace since there isn’t a clear exit.
After following up on a post on Reddit and two years of investigation, the reporters came to the conclusion that Tor users can be de-anonymized by correlating the timing patterns of network traffic entering and exiting the Tor network, combined with broad and long-term monitoring of Tor nodes in data centers.
I’ve been saying this for years. It’s an open system, all you need are entry notes and exit nodes and you can launch exits for a pittance.
I don’t think they really need to run an instance to conduct surveillance on the Fediverse. Maybe it makes things easier, but a lot of this is public anyway. Just because Google isn’t putting a lot of this in search results yet doesn’t mean it can’t be scraped by people who are interested in scraping it.
Yeah but the traffic from scraping other instances is going to get noticed real quickly, whereas a small instance federating with everyone else isn’t really suspicious.
Doesn’t even have to be an instance.
Custom code that runs the pubsub protocol… Without publishing anything.
Everything is open.
Unless instance admins find thepubsub instance suspicious and defederate it, at which point it won’t be able to receive posts/comments
I bet the Kremlin is sponsoring one at least
Running free instances is a) way easier if you’re a government, and b) gives you important moderation control.
Also, a government running an instance that allows and promotes material that is very critical of said government could very well happen. It might sound contradictory, but allows for future control over “problematic” movements, if the need ever occurs.
Thats why you make an account with no info attached to you. And run a vpn. Not fool proof, but better than nothing
Remember to avoid the ask lemmy posts like:
Whats your favorite pets name, what street did you grow up on, do you like cut or uncut, etc…
Depends on my mood. Ive never had uncut but am curious. I’m half cut (shaft-wise direction)
Something like Tor, and a proper education in keeping identities compartmentalized would be more appropriate for a use-case where someone is trying to maintain anonymity. VPN is mostly only good for a bit of wifi security and piracy.
How does a vpn help with anonymity?
IP address won’t report back to your home country, reputable VPN providers will fight to protect your anonymity because they know once they accommodate law enforcement their business will tank.
I consider Lemmy to be more pseudonymous. Which is to say, I am practically anonymous to most users, but it wouldn’t take much for someone with resources to pester my instance into giving up my IP.
The content of my posts, comments, and votes is intentionally public information.
Yeah that’s true; real anonymity would be something like 4chan where users aren’t distinguishable. Here you can tell who people are, but not necessarily find out their real life identity.
