Is there a good overview of who on the internet knows what? \ stacker news ~privacy

Is there a good overview of who on the internet knows what?

12.7k sats \ 31 comments \ @elvismercury 25 Apr privacy

The Samourai thing has stirred up a lot of attention, so maybe this is a good time to ask something I've been wondering about: is there a a writeup (or set of them) that talks about who knows what you're doing on the internet, in a sophisticated way?

For instance: imagine that the govt really goes bonkers and decides that running a node is illegal. My ISP surely knows that I run a node, because the traffic patterns of node-running must look very different from other traffic patterns -- the number of incoming connections, the nature and quantity of data propagation, etc.

But what about the rest of the ecosystem? How does my behavior through my various activities propagate? Who knows what? I have a general, uncomfortable feeling that everyone knows everything, in the general if not in the particular -- if I run TOR, non-exit nodes might not know the particular, but they know I'm using TOR, and that itself is a massive signal.

Whenever i see stuff like this talked about it's always very basic. Is there a source where they explore it in more detail?

view all related items

1761 sats \ 1 reply \ @nullcount 25 Apr

Network security is a field that industry professionals typically study and practice for years before achieving competency. You are unlikely to find a single nugget of information that teaches you everything you seek.

Instead of worrying about what the world already knows about your internet usage, take some actionable steps towards making your router STFU (shut the f*** up).

People on the internet (and those running the internet) only know what your router tells them. They won't know very much if you make your router STFU.

Build your own router/firewall server or flash a store-bought one with open source firmware like OpenWRT or pfSense. This firmware will surface new configuration options that you can use to make your router STFU.

For example, you can make your router encrypt 100% of traffic and send it to an anonymous offshore no-KYC server with a Wiregaurd tunnel. The traffic is decrypted on the server and forwarded to the next hop. Even tor traffic will go this route, encrypted again so it no longer appears like tor traffic.

With a setup like this, go ahead and run dozens of services that are very chatty. Tor relays, bitcoin nodes, webservers, torrent seeders. Make it very noisy to distinguish patterns among the already encrypted data.

The offshore server knows very little about you because it was anonymous signup and paid with bitcoin. They just know your account number, and they know every request you make on clearnet. But the hope is that the offshore server doesn't have an obligation to share data with foreign government agencies.

Hopefully, only your ISP is forced to share data. And all they know is how many GBs of encrypted packets you send/receive to the offshore server.

You don't have to jump straight into this idealized setup. In fact, its probably impossible to set this up in a weekend unless you're already a professional.

Just try to make your router STFU a little bit more every week. Study the dark art of Network Security and practice building your own defensive networks at home.

Recommend this book: https://inteltechniques.com/book7d.html

Specifically the section on firewalls.

0 sats \ 0 replies \ @elvismercury OP 25 Apr

A great start, thanks!

341 sats \ 3 replies \ @Undisciplined 25 Apr

Great question. I hope someone has a great answer.

I have the same vague feeling you do that enough people know enough for it to be a problem if they want to make it one.

168 sats \ 2 replies \ @elvismercury OP 25 Apr

Yeah, as per my response here, I think it's not reasonable or helpful to ask: how can I stand against the concerted might of a nation state when it's directed against me? because the short answer is that you can't, and then the obvious response is to give up.

But it would be reasonable to say: how can I be smart and avert 90% of the bullshit that could be coming my way? That would be substantial progress, and worth trying for.

117 sats \ 1 reply \ @Undisciplined 25 Apr

Exactly. You don't want to be the low hanging fruit.

71 sats \ 0 replies \ @jeff 25 Apr

Or the example.

147 sats \ 2 replies \ @moresmarterthanu 25 Apr

It isn't that simple and you could never write up anything that could remotely scratch the surface. If you want to practice good opsec, assume everyone knows everything at all times.

55 sats \ 0 replies \ @elvismercury OP 25 Apr

I'm with you that there's not a PDF that brings you to enlightenment, and I'm with you that it's safest to assume that nearly everything you do is knowable by a powerful-enough actor.

But I reject the idea that the response is to throw your hands up and not try to understand what's up. I don't do that in other parts of my life and I'm not starting now.

0 sats \ 0 replies \ @Satosora 26 Apr

The best security you can have is to stay off the internet. No joke. This reminds me of that guy Brill in the movie Enemy of the State. Anybody know what I am talking about?

118 sats \ 0 replies \ @kepford 25 Apr

Is there a good overview of who on the internet knows what?

There has to be one at a high level. If there isn't I'm going to work on one.

@remindme 3 months

37 sats \ 1 reply \ @Satosora 25 Apr

Running a node is illegal? I thought everyone major was running one?

1 sat \ 0 replies \ @elvismercury OP 25 Apr

Nope, not illegal, for now. Just a thought experiment.

101 sats \ 2 replies \ @Lux 25 Apr

running a node is illegal

when did you consent to the contract that forbids running a node?

1 sat \ 1 reply \ @0xIlmari 25 Apr

You did not consent to almost any laws that you're subject to. You were born into them, and into a society that expects you to stand in the line with other slaves, and accept that any "laws" can be introduced at any time, if it's necessary to protect the socialist utopia.

101 sats \ 0 replies \ @Lux 25 Apr

You did not consent to almost any laws that you're subject to.

Forced slavery is against the law

245 sats \ 2 replies \ @frostdragon 25 Apr

This is such a great question... I'm going to look into how difficult it would be to put something like this together.

But it's going to be a massive project because it really depends on what kind of service you're using. For example, if you're on a website that's using third party integrations, there's always a question about how much access to your traffic on that website does the third party have. Facebook and Google are all up in everything. Ethical integrity and security competence are such unknown variables.

And stuff like this happens: https://www.ftc.gov/news-events/news/press-releases/2023/07/ftc-gives-final-approval-order-banning-betterhelp-sharing-sensitive-health-data-advertising

Like, any server you interact with could have a lot of data about you, and who knows if they're selling it or leaking it.

And then metadata makes all of this even more complicated.

I have a friend that keeps asking me if he should use an alternative browser or email service, and I keep telling him Google is getting so much of his metadata either way, you might as well just use chrome because it's more secure in a lot of other ways.

I have a general, uncomfortable feeling that everyone knows everything

I would reword this to say a nation state probably COULD find out a hell of a lot about you and your traffic if they took the time to target you. They'd have to get info from ISPs and big tech corporations to piece things together.

My general recommendation is to use a lot of burner accounts so that things aren't all pointing back to a single identity.

42 sats \ 1 reply \ @elvismercury OP 25 Apr

This is such a great question... I'm going to look into how difficult it would be to put something like this together.

It would be worth just having a list of better, more specific questions than the one I asked. Your reply already gave me a lot to think about.

For instance, it jostled my memory that there was a big todo about browser fingerprinting a couple years ago. (Or rather: that's when I learned what a big deal it was.) Just knowing that there is such a thing as browser fingerprinting, and why it's nefarious, is more than I had before. I played around with an EFF site to get an intution. I'm sure there are a million things like that.

My general recommendation is to use a lot of burner accounts so that things aren't all pointing back to a single identity.

I wonder if there's a tool to help manage all these identity slivers? That might be a dumb thing that turns out to be practically very useful.

54 sats \ 0 replies \ @frostdragon 25 Apr

I wonder if there's a tool to help manage all these identity slivers?

Like anything in that space, it's going to be tough to balance security and user experience... A well organized 1password account is a great step in that direction though.

302 sats \ 1 reply \ @0xbitcoiner 25 Apr

who on the internet knows what in 3 minutes

Major social media platforms hold profiles for over a billion people. Facebook alone employs 52 thousand attributes to categorize users. It's not just your posts; it's your clicks, preferences, and more. Data brokers gather and sell personal information, amassing detailed profiles of 700 million individuals.

Governments can access this data when suspicions arise, or illegal activities are suspected. Our investigation shows an alarming rise in requests, with companies complying in over two-thirds of cases. The information possessed by internet giants and data brokers is accessible to governments.

32 sats \ 0 replies \ @elvismercury OP 25 Apr

That looks like a good start, thank you!

108 sats \ 0 replies \ @nullama 26 Apr

For starters, Facebook (Meta), Google, Apple, etc, all of them are tracking people as much as they can so that they can then sell that data to the highest bidder. Remember that Google (Alphabet) is an advertising company first, that's how they make their money.

Then you have the multiple Intelligence agencies all around the world such as Five Eyes.

You can read more about Internet Privacy to have a look at how much stuff is being tracked all the time.

54 sats \ 0 replies \ @riberet19 25 Apr

We have been living in 1984 for a long time, I also always live thinking that everything I do in the internet is being monitored or at least that everything is being saved, and that it could be used against me, I am not a criminal nor do I do anything bad, but always having the feeling that you are being watched makes you look like one.

111 sats \ 0 replies \ @nym 25 Apr

27 sats \ 0 replies \ @xz 25 Apr

That is a question.

1 sat \ 0 replies \ @Coinsreporter 25 Apr

One thing is clear government want to track every transaction worth anything

0 sats \ 0 replies \ @DEADBEEF 26 Apr

At this point it is probably best to assume that you have no real privacy while using something that connects to the internet.

0 sats \ 0 replies \ @Car 26 Apr

All surveillance runs upstream, wrote this last year maybe it will help.

https://www.thrillerbitcoin.com/all-surveillance-runs-upstream/

0 sats \ 0 replies \ @BitcoinIsTheFuture 25 Apr

I got 6102 problems but the Fed ain’t one!

0 sats \ 0 replies \ @Coinsreporter 25 Apr

As @StillStackinAfterAllTheseYears says that

I may believe something the government says, or at least be willing to verify and accept it, but that doesn't mean I trust their conclusion or motivation.

The whole narrative about government being the adda of crooks is right because they pretend to be right with everything they do. But in fact, we should only oppose the actions of government.

(And yeah, in terms of current events, they've clearly made some truthful statements about Samurai. It's possible that all the factually verifiable statements are true. It's their conclusion and the actions that spring from them that's where the dishonestly lies.)

0 sats \ 0 replies \ @026180d3a3 25 Apr

You know that generally, the military is about 30 to 40 years ahead of the technological curve. That means everything else is "primitive enough" to be main stream.

0 sats \ 0 replies \ @DarthCoin 26 Apr

Is that you? If the answer is yes, sell all your BTC now and go back to "compliant tokens" fiat.