Bonum Certa Men Certa

Fallacy About Privacy in Geminispace

Video download link | md5sum c58217da5962643b47fbfc156ab92c65 Gemini is Not for Privacy Creative Commons Attribution-No Derivative Works 4.0

Summary: gemini:// offers as much privacy as https://, but it's widely known that because of how the Web technically works the latter does not ensure IP addresses do not leak to all sorts of sites (or data brokers); while moving away from http:// did in fact limit the visibility/exposure to one's ISP/s (unless they buy data 'downstream') the lingering issue is that unless one uses anonymity-preserving software (such as Tor) one's movements in cyberspace are still clear for many parties to see; Gemini resolves or tries to tackle only the problem of cross-site linking/embedding/scripting

TO avoid busting any bubbles in the future, based on a false expectation or baseless hopes, Gemini is in general not a privacy tool. It does address a plethora of issues plaguing the World Wide Web, but neither the Web nor Gemini should be treated as privacy protection tools. Even if you outsource to the Linux Foundation (Let's Encrypt), in which case privacy is eroded even further.



In the video above I show Billsmugs' capsule, which boasts an extensive photography collection, albeit also tracks access with caveats stated clearly upfront. To quote:

This Gemini capsule does not log IP addresses or use any fingerprinting techniques to identify users across visits. When you connect to the server for the first time, your IP address will be mapped to a sequential ID (in memory). This mapping will be forgotten one hour after the last request from the IP is received. If, during this hour, you request the standard robots.txt file, your session will be marked as a bot - this is just to give a (very very rough) method of tracking human vs robot visitors, all requests will be treated the same.

In other words, a "session" in the list below represents a single IP address making requests with less than one hour between them.

If the server process is stopped or restarted unexpectedly (or is under very high load), some stats may be delayed or lost.

"Bad requests" are any requests that result in a 59 status code being returned. These are things like malformed URLs, attempted directory traversal attacks, misguided http requests etc. These indicate either a bug (in the server or the client) or malicious traffic. If I receive an exceptionally large number of these (and they aren't caused by bugs in the server code) then I may decide to start logging the source IPs specifically for these requests (with a view to blocking or rate-limiting repeat offenders). Hopefully that won't be necessary!


In our case, logs are only used for DDOS protection and mitigation (some days we get over 30,000 requests, most of them from bots). The code we developed for it is Free software and AGPLv3-licensed (in our Git repository).

Recent Techrights' Posts

EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
 
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024
Gemini Links 21/11/2024: Alphabetising 400 Books and Giving the Internet up
Links for the day
Links 21/11/2024: TikTok Fighting Bans, Bluesky Failing Users
Links for the day
Links 21/11/2024: SpaceX Repeatedly Failing (Taxpayers Fund Failure), Russian Disinformation Spreading
Links for the day
Richard Stallman Earned Two More Honorary Doctorates Last Month
Two more doctorate degrees
KillerStartups.com is an LLM Spam Site That Sometimes Covers 'Linux' (Spams the Term)
It only serves to distract from real articles
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 20, 2024
IRC logs for Wednesday, November 20, 2024
Gemini Links 20/11/2024: Game Recommendations, Schizo Language
Links for the day
Growing Older and Signs of the Site's Maturity
The EPO material remains our top priority
Did Microsoft 'Buy' Red Hat Without Paying for It? Does It Tell Canonical What to Do Now?
This is what Linus Torvalds once dubbed a "dick-sucking" competition or contest (alluding to Red Hat's promotion of UEFI 'secure boot')
Links 20/11/2024: Politics, Toolkits, and Gemini Journals
Links for the day
Links 20/11/2024: 'The Open Source Definition' and Further Escalations in Ukraine/Russia Battles
Links for the day
[Meme] Many Old Gemini Capsules Go Offline, But So Do Entire Web Sites
Problems cannot be addressed and resolved if merely talking about these problems isn't allowed
Links 20/11/2024: Standing Desks, Broken Cables, and Journalists Attacked Some More
Links for the day
Links 20/11/2024: Debt Issues and Fentanylware (TikTok) Ban
Links for the day
Jérémy Bobbio (Lunar), Magna Carta and Debian Freedoms: RIP
Reprinted with permission from Daniel Pocock
Jérémy Bobbio (Lunar) & Debian: from Frans Pop to Euthanasia
Reprinted with permission from Daniel Pocock
This Article About "AI-Powered" is Itself LLM-Generated Junk
Trying to meet quotas by making fake 'articles' that are - in effect - based on plagiarism?
Recognizing invalid legal judgments: rogue Debianists sought to deceive one of Europe's most neglected regions, Midlands-North-West
Reprinted with permission from Daniel Pocock
Google-funded group distributed invalid Swiss judgment to deceive Midlands-North-West
Reprinted with permission from Daniel Pocock
Gemini Links 20/11/2024: BeagleBone Black and Suicide Rates in Switzerland
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 19, 2024
IRC logs for Tuesday, November 19, 2024