can we care about opsec now

What_Religion_R_They [none/use name] · 3 months ago

can we care about opsec now

PaX [comrade/them, they/them] · edit-2 3 months ago

I can't view the link (doesn't load for some reason) but I read an excerpt that was posted below and just wanted to say... we're all mega-fucked anyway if the feds/any of the Five Eyes agencies want to know who we are

Western intelligence agencies, in particular the NSA, have ubiquitous wiretaps/implants throughout internet infrastructure and considering the Hexbear server seems to be in a datacenter in France...

Deanonymizing measures like this are used when someone is difficult to identify by the usual means (like because they are using Tor or I2P or are connecting to a centralized service out of their reach that is used by many, many different, irrelevant-to-them people, although those aren't totally immune to massive internet surveillance either). But a place like this where we all connect to one server and everyone who visits is "suspect" by their standards? We are already fucked assuming we are on their radar

If you connect through a VPN you're not safe either (trivial timing attack). If you use Tor or something you might be safe... but it only takes one slip-up because this is a clearnet site and you might not even realize you made it

Hurvitz [they/them] · edit-2 3 months ago

This is all true, but there's more to worry about than just feds. Similar deanonymization attacks can be leveraged by fascists and liberals who want to harass our users. Not compelling google to reveal IPs, sure, but linking to a malicious domain (and obscuring the link destination with markdown), or to a targeted social media post and seeing who interacts, or a bunch of other vectors.

No reason to make attackers jobs easier, but also true that even the most careful of us should not feel a false sense of security

PaX [comrade/them, they/them] · 3 months ago

Completely agree, we should be wary of that