Bonum Certa Men Certa

Fallacy About Privacy in Geminispace

Video download link | md5sum c58217da5962643b47fbfc156ab92c65 Gemini is Not for Privacy Creative Commons Attribution-No Derivative Works 4.0

Summary: gemini:// offers as much privacy as https://, but it's widely known that because of how the Web technically works the latter does not ensure IP addresses do not leak to all sorts of sites (or data brokers); while moving away from http:// did in fact limit the visibility/exposure to one's ISP/s (unless they buy data 'downstream') the lingering issue is that unless one uses anonymity-preserving software (such as Tor) one's movements in cyberspace are still clear for many parties to see; Gemini resolves or tries to tackle only the problem of cross-site linking/embedding/scripting

TO avoid busting any bubbles in the future, based on a false expectation or baseless hopes, Gemini is in general not a privacy tool. It does address a plethora of issues plaguing the World Wide Web, but neither the Web nor Gemini should be treated as privacy protection tools. Even if you outsource to the Linux Foundation (Let's Encrypt), in which case privacy is eroded even further.



In the video above I show Billsmugs' capsule, which boasts an extensive photography collection, albeit also tracks access with caveats stated clearly upfront. To quote:

This Gemini capsule does not log IP addresses or use any fingerprinting techniques to identify users across visits. When you connect to the server for the first time, your IP address will be mapped to a sequential ID (in memory). This mapping will be forgotten one hour after the last request from the IP is received. If, during this hour, you request the standard robots.txt file, your session will be marked as a bot - this is just to give a (very very rough) method of tracking human vs robot visitors, all requests will be treated the same.

In other words, a "session" in the list below represents a single IP address making requests with less than one hour between them.

If the server process is stopped or restarted unexpectedly (or is under very high load), some stats may be delayed or lost.

"Bad requests" are any requests that result in a 59 status code being returned. These are things like malformed URLs, attempted directory traversal attacks, misguided http requests etc. These indicate either a bug (in the server or the client) or malicious traffic. If I receive an exceptionally large number of these (and they aren't caused by bugs in the server code) then I may decide to start logging the source IPs specifically for these requests (with a view to blocking or rate-limiting repeat offenders). Hopefully that won't be necessary!


In our case, logs are only used for DDOS protection and mitigation (some days we get over 30,000 requests, most of them from bots). The code we developed for it is Free software and AGPLv3-licensed (in our Git repository).

Recent Techrights' Posts

SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Garden Season Starts Today
Outdoor time, officially...
More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries