this post was submitted on 07 Oct 2023
33 points (61.7% liked)

Asklemmy

43971 readers
918 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] jet@hackertalks.com 13 points 1 year ago* (last edited 1 year ago) (1 children)

An oppressive government doesn't need your cooperation, they can simply monitor the traffic and see who's connecting to your instance from their country. Especially if the user isn't using a VPN. Some governments are in the habit of logging all internet traffic, maybe not the data itself, but the flow information. So then they just look at who from their country was connected to your instance at the time of this post. And it becomes fairly easy for them to backtrack responsibility

If it happens to be the government of the location of the server, they can physically take it and take the logs.

If the country of the servers location, and the oppressive government have legal agreements, it could be part of a criminal investigation which gives up the users information, or civil discovery.

Lemmy is decentralized, which is great, but it is not anonymous.

Not to mention the Mosaic theory of information discovery, most users are probably outing themselves through all of their posts. If they post frequently. Especially if you have domestic information sources, you can take photos find locations, take all the constraints from all their posts and find a fingerprint for the person. You could do it for me. I've outed enough information from my posts where you can find who I am if you have enough ancillary data.

[โ€“] Nath@aussie.zone 8 points 1 year ago (1 children)

Our servers sit behind cloudfront, the same as half the Internet. All that foreign government will see is cloudfront traffic. That won't tell them much. I don't think Amazon will give out their data to some foreign government easily either, since that's their whole business model.

It isn't as trivial to identify a user from their metadata as you seem to be saying.

[โ€“] jet@hackertalks.com 8 points 1 year ago* (last edited 1 year ago)

I stand behind my advice.

Especially because the OP is posting from suppo.fi and not using your setup from Aussie.zone.

If someone is at risk, they should follow the data hygiene suggested by the EFF. Especially if they're concerned about their safety. Which was the implication in OP's post.

To your point about cloud front, not all web clients use encryptid hello yet, or encrypted DNS, so people monitoring connections to cloud front can see the domain you're trying to connect to. This is exactly why CloudFront and AWS were upset with the signal foundation for doing domain front running when connecting to their services.