Hello,

Since your Lemmy posts, comments, related activities, and your basic profile information will be stored in the databases across the fediverse, possibly never to be deleted (or kept by somebody who can), do you:

  1. Always use Tor/VPN with a fediverse app?
  2. Recommend others do the same?

If you feel that it is unnecessary, why do you feel that way? If you think it is necessary, why so?

Thanks. I am trying to get a feel of what I should do. For example, if my instance loses its data (due to a hack, sale, vulnerability, etc.), I am pretty sure all the information is lost (including my IP addresses). If other instances lose their data, or keep the data for their own purposes, then my posts/comments/related activities are lost (maybe excluding some of my profile information, my settings, and my IP addresses).

I look forward to hearing your thoughts.

  • MigratingtoLemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    1 year ago

    Using a VPN is not going to help much.

    I don’t know if Lemmy traffic can be routed through TOR directly, but that might not be the best idea in terms of usability.

    I try not to expose too much PII on Lemmy. That’s basic OPSEC.

    • Yeah2206@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      Thx for replying. Would you expand on the idea why VPN wouldn’t help with increasing the person’s privacy?

      BTW, I have tried logging in using Tor. It pretty much works normally but slightly more slowly. Of course, Tor throws more fits depending on how the connection is created, so you are right, I personally would hate having to use it regularly.

      • xavier666@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Depends on who you are trying to hide from and what exactly you are trying to hide

        • your crazy ex
        • your crazy ex who is good with computers
        • your employer
        • your ISP
        • the state police
        • federal police
        • nation states

        For each scenario, there are different minimum security levels you need to maintain.

        If you don’t want to let your ISP know you are visiting Lemmy and if you don’t want the lemmy admin know where you are from, a VPN is great.

        However, if you are participating in an anarchist instance planning to 💣a place, a VPN is not enough since the feds can force a VPN company to let them know who exactly is using a certain IP at a certain time.

        Rule of thumb; don’t do shit on public forums.

      • MigratingtoLemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Xavier summarised it fairly well. VPN isn’t going to help with entities that are actively trying to track you. You might be able to outwit Facebook trackers/Google trackers or something with some clever user agent manipulation/ faking your browser ID and a VPN, but that’s the extent of it.