Hello,

Since your Lemmy posts, comments, related activities, and your basic profile information will be stored in the databases across the fediverse, possibly never to be deleted (or kept by somebody who can), do you:

  1. Always use Tor/VPN with a fediverse app?
  2. Recommend others do the same?

If you feel that it is unnecessary, why do you feel that way? If you think it is necessary, why so?

Thanks. I am trying to get a feel of what I should do. For example, if my instance loses its data (due to a hack, sale, vulnerability, etc.), I am pretty sure all the information is lost (including my IP addresses). If other instances lose their data, or keep the data for their own purposes, then my posts/comments/related activities are lost (maybe excluding some of my profile information, my settings, and my IP addresses).

I look forward to hearing your thoughts.

  • kostel_thecreed
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 year ago

    That would be pretty wasteful on the Tor bandwidth, unless it is necessary for you to hide your Lemmy activity from the glowies. Realistically all you would need would be a VPN, but I do not think our IPs are publicly accessible on Lemmy, and only visible to the instance admins, so another not so worrisome worry. All in all, just limit what you share and how much of it you share and you will be good.

    Currently I do use a VPN, though it’s not because of Lemmy that I do so, it’s the general threat model that I made which causes me to use a VPN. I do not recommend it to others which have no use for a VPN, specially if they have not made a threat model yet.

    Remember, OPsec is what kills privacy and creates linkability, something which you do not.

    • Yeah2206@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Thx for the reply. For the sake of discussions here, if someone think they can increase the privacy by always using Tor to access all the fediverse accounts, and let’s just assume they don’t ever miss (for me, this probably is unlikely). How do you think this increases linkability to their … ?

      • kostel_thecreed
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Using Tor one of the best ways to be anonymous online, but this only works because everything becomes randomized all the time. However, all these protections become useless when you create an account and then use tor on it: they know it’s you because you’re the only one who owns that account. But all this doesn’t matter until you start sharing public info that is linkable to your private/personal identity, making anything else in this world to anonymize you useless. Like I said, tor isn’t a “instant privacy with no downside” as everything can crumble down with a simple OPsec error.

        So, if you are interested in privacy there are a couple resources which will help :

        • Privacy Guides ( /c/privacyguides on lemmy.one)
        • Anonymous Planet (anonymousplanet.org)
        • Extreme Privacy by Michael Bazzell