Posted by ybceo 3 days ago
Please do not to rely on fingerprinters or CDNs that does TLS-termination for you.
Many people online seem to think that they are anonymous and so were emboldened to do stuff that they might not have done if they had realized this. They continued to feel extremely good at this right up until the knock on the door.
Most UK and Australian writers would spell it "realised" so there's a bit right there.
Even if you include no personal information, there is information in writing style.
Stylometry is the study of this. Yes, there's also adversarial stylometry - distorting your writing style to fool an analysis. It's probably effective now, but that could change overnight and every archived post that every OSINT organisation has collected is deanomynised.
Yeah you can say "I change my style". But there's some bits that don't have false positives. If I EVER say "praise the omminsiah" I'm definetly au fait in 40k memes. If I ever say au fait I'm a person who has at least a rough idea of what it means. There's no false positive here, so if you can just find about 29 undeniable uncorrelated bits that are known to not have false positives ... a more advanced analysis could exploit this in a more continuous way (e.g. the likelihood of it being a false positive). I should shut up now.
It's as old as history. In the days super-abbreviated telegrams (words were costly) you could even get two for the price of one--the author and the Morse code operator who actually sent the telegram. He could be recognized by his Morse fist, other Morse operators on the network would recognize him by the style of his sending even though they were only listening to dots and dashes,
I could try to prove it to you, but the only proof you need is that cybercrime exists and millions (or tens of millions) of dollars are stolen every day. If anonymity didn't exist it would be easy to stop this, wouldn't it?
There exists a grey area between not getting away with nefarious activities, and not having your life ruined by a lynch mob because you didn't approve their preferred CoC on a hobby project or some other perceived injustice.
If you find yourself a member of any group a campaign can mobilize the mob against, that entire investigatory apparatus can be turned against you.
Without privacy, we are doomed to endless purity purges.
There is no anonymity, there is always someone you have to trust in the chain of WAN networking (DNS,ISP,VPN). If you want anonymity and privacy, you selfhost (examining the code is also a prerequisite). There is no other way to do it.
It depends on what service you’re offering. There are many cases where you can have end-to-end encryption so that you can know who your users are, host their data but cannot do anything with it.
A lot of our intuitions about both are based on obscurity: nobody is interested enough to devote their lives to you. That's not the case any more. You are exposed to every person on the planet, and they have the tools to automate attacks on every single person.
That's not to say "give up", but we need to find a new understanding of how our lives work. It's like we're all hunter-gatherers who find ourselves instantly in the largest and fastest city, with nobody to teach us the ropes.