this post was submitted on 09 Jul 2023
35 points (90.7% liked)

Asklemmy

43892 readers
849 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

Hello,

Since your Lemmy posts, comments, related activities, and your basic profile information will be stored in the databases across the fediverse, possibly never to be deleted (or kept by somebody who can), do you:

  1. Always use Tor/VPN with a fediverse app?
  2. Recommend others do the same?

If you feel that it is unnecessary, why do you feel that way? If you think it is necessary, why so?

Thanks. I am trying to get a feel of what I should do. For example, if my instance loses its data (due to a hack, sale, vulnerability, etc.), I am pretty sure all the information is lost (including my IP addresses). If other instances lose their data, or keep the data for their own purposes, then my posts/comments/related activities are lost (maybe excluding some of my profile information, my settings, and my IP addresses).

I look forward to hearing your thoughts.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] MigratingtoLemmy@lemmy.world 12 points 1 year ago (1 children)

Using a VPN is not going to help much.

I don't know if Lemmy traffic can be routed through TOR directly, but that might not be the best idea in terms of usability.

I try not to expose too much PII on Lemmy. That's basic OPSEC.

[โ€“] Yeah2206@infosec.pub 3 points 1 year ago (2 children)

Thx for replying. Would you expand on the idea why VPN wouldn't help with increasing the person's privacy?

BTW, I have tried logging in using Tor. It pretty much works normally but slightly more slowly. Of course, Tor throws more fits depending on how the connection is created, so you are right, I personally would hate having to use it regularly.

[โ€“] xavier666@lemm.ee 6 points 1 year ago (1 children)

Depends on who you are trying to hide from and what exactly you are trying to hide

  • your crazy ex
  • your crazy ex who is good with computers
  • your employer
  • your ISP
  • the state police
  • federal police
  • nation states

For each scenario, there are different minimum security levels you need to maintain.

If you don't want to let your ISP know you are visiting Lemmy and if you don't want the lemmy admin know where you are from, a VPN is great.

However, if you are participating in an anarchist instance planning to ๐Ÿ’ฃa place, a VPN is not enough since the feds can force a VPN company to let them know who exactly is using a certain IP at a certain time.

Rule of thumb; don't do shit on public forums.

[โ€“] Yeah2206@infosec.pub 0 points 1 year ago

Thank you. That's a very nice summary.

Xavier summarised it fairly well. VPN isn't going to help with entities that are actively trying to track you. You might be able to outwit Facebook trackers/Google trackers or something with some clever user agent manipulation/ faking your browser ID and a VPN, but that's the extent of it.