What scares me is that the more privacy oriented you are, the easier you are to fingerprint. At what point does privacy mean blending in with the crowd and not sticking out?
What scares me is that the more privacy oriented you are, the easier you are to fingerprint. At what point does privacy mean blending in with the crowd and not sticking out?
You're thinking about browser fingerprinting (client-side), but my post is about service-level anonymity (server-side).
Browser fingerprinting: "Your unique combination of extensions/settings makes you identifiable among other users."
Service anonymity: "There are no other users to compare you against because we don't collect identifying data."
When you sign up with just a random 32-char string, there's nothing to fingerprint. No email to correlate. No IP logs to analyze. No usage patterns to build a profile from.
Fingerprinting matters when services collect behavioral data. We architected our way out of having that data to begin with.
>When you sign up with just a random 32-char string...
There's STILL a browser fingerprint, IP logs to analyze, usage patterns to build a profile from. You may claim you don't collect it, but users need to take your word for it. This is just pseudonymity, which (as many BTC users found out) only gets you halfway there. Real anonymity is way harder, often impossible.
Don't get me wrong, it's good to see organisations that care about privacy and in fact this blog post encouraged me to consider your services in the future. We have some use cases for that at work.
Though by using cloudflare you're NOT putting your money where your mouth is.
I was going to say making the platform open source might solve this problem, but then users would have to trust that we are actually running the open source version and not some fork with logging and tracking. This would be an interesting problem / paradox to try to crack.
But you are 100% right, I will look into alternatives for Cloudflare, which we are using because it seems like the cloud hosting industry LOVES to DDoS new players.
TBH most of those problems are solved by using tor browser. Depending on how much you care: 1. make it possible to use your service with Tor browser, 2. create an .onion site 3. delete your clearnet presence and use only tor.
Without (1), people who really care about anonymity won't even care about you (tor is table stakes). (3) is a really strong vote for anonymity, but don't expect many customers that way.
With open source software + reproducible system image builds + TPM + secure boot + remote attestation you could technically achieve some level of certainty that the server is running the software that you expect, but that's not enough.
The operator can passively log the network traffic which allows for de-anonymization and you would need to design your application-layer such that the operator couldn't selectively route your traffic to a non-compliant server.
I wonder if it would be possible to allow people to ssh into the edge servers with enough access to verify no access logs are stored but not enough to cause any problems. Admit i have not thought it through but would be cool having people verify the live environment while running.
You can't really verify anything in this way. SSH is just a protocol, you're trusting the SSH server to give you a shell inside the real production environment instead of giving you a shell inside some elaborate simulation of a production environment. It's about as trustworthy as a policy page saying "we don't keep logs".
You are correct. Would need something like distributed ledger to fully prove things.
It might not be possible to verify 100% but the more transparency the better i guess. Seeing the 3 way handshake and connection information, the timings, location of the server. Would need to be quite elaborate to fake. Just thought was a fun idea. Have the customer allowed in to production. A lot more difficult then publish privacy page, source code, fake audit reports.
There are self-hostable solutions for DDoS protection, try Anubis for example.
> At what point does privacy mean blending in with the crowd and not sticking out?
It's basically rule number one. Tor is all about making all users look like the same user. The so called anonymity set. They all look the same, so you can't tell them apart from each other.
It's also part of the rules of proper OPSEC.
https://en.wikipedia.org/wiki/The_Moscow_rules
> Do not look back; you are never completely alone.
> Go with the flow, blend in.
> Vary your pattern and stay within your cover.
I read here that most of the Tor exit nodes are operated by governments and governments are using parallel construction to keep that information out of legal documents.
Well, yes. They control ISPs and exit nodes, therefore they can correlate entries into and exits out of the Tor network, narrowing down candidate lists until only one user remains. Essentially a nation scale version of the Harvard bomb threat correlation:
https://buttondown.com/grugq/archive/bad-opsec-considered-ha...
As noted in the article, it wasn't the failure of Tor that led to arrest, it was poor OPSEC. Failure to cover, failure to conceal and failure to compartment.
Blending in with the crowd doesn't work. If you use Chrome on Windows you're part of a very large group and "don't stick out". But it's also very easy to fingerprint so you're also part of the "theturtletalks" group with the size of one.
Reminds me of this guy who used Tor to send a fake bomb threat to his school but he was the only person on the whole campus connecting to Tor.
"...the only person on the whole campus connecting to Tor."
Talk about doubly stupid, first sending the threat, second using Tor on campus. I often wonder what goes (or doesn't go) through the mind of such people.
There were 4 people, but he confessed when questioned.
I guess the lesson there is that if you don't want to be convicted of a crime, don't confess to a crime? They won't give you a lighter sentence for confessing.
> I guess the lesson there is that if you don't want to be convicted of a crime, don't confess to a crime? They won't give you a lighter sentence for confessing.
Ever hear of moral integrity?
Unless the penalty is unjust (say, execution for a minor crime), a just man will confess and accept his punishment as right as just. He himself will want justice to be done and will want to pay for his crime.
A remorseful murderer knows he deserves death. He might ask for mercy, but failing that, he will accept the penalty with dignity and grace.
This is the kind of value a population can collectively hold until they look around and see the culture doesn't value it anymore. Moral integrity stopped being a cultural value that mattered here before I was even born, if it ever really did matter for anyone except the "common" man.
Honestly, I don't care about what the culture does. I act with integrity because of my values and who I want to be, not because I'm under any illusions about how many of my peers will do the same. It is, in my opinion, the only way to live well.
You should care what your culture does.
Whatever you smoke, share it.
Not necessarily
https://news.ycombinator.com/item?id=46334951
There's a point where "privacy" flips into distinctiveness