• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    1 year ago

    An oppressive government doesn’t need your cooperation, they can simply monitor the traffic and see who’s connecting to your instance from their country. Especially if the user isn’t using a VPN. Some governments are in the habit of logging all internet traffic, maybe not the data itself, but the flow information. So then they just look at who from their country was connected to your instance at the time of this post. And it becomes fairly easy for them to backtrack responsibility

    If it happens to be the government of the location of the server, they can physically take it and take the logs.

    If the country of the servers location, and the oppressive government have legal agreements, it could be part of a criminal investigation which gives up the users information, or civil discovery.

    Lemmy is decentralized, which is great, but it is not anonymous.

    Not to mention the Mosaic theory of information discovery, most users are probably outing themselves through all of their posts. If they post frequently. Especially if you have domestic information sources, you can take photos find locations, take all the constraints from all their posts and find a fingerprint for the person. You could do it for me. I’ve outed enough information from my posts where you can find who I am if you have enough ancillary data.

    • Nath@aussie.zone
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      Our servers sit behind cloudfront, the same as half the Internet. All that foreign government will see is cloudfront traffic. That won’t tell them much. I don’t think Amazon will give out their data to some foreign government easily either, since that’s their whole business model.

      It isn’t as trivial to identify a user from their metadata as you seem to be saying.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        1 year ago

        I stand behind my advice.

        Especially because the OP is posting from suppo.fi and not using your setup from Aussie.zone.

        If someone is at risk, they should follow the data hygiene suggested by the EFF. Especially if they’re concerned about their safety. Which was the implication in OP’s post.

        To your point about cloud front, not all web clients use encryptid hello yet, or encrypted DNS, so people monitoring connections to cloud front can see the domain you’re trying to connect to. This is exactly why CloudFront and AWS were upset with the signal foundation for doing domain front running when connecting to their services.