pull down to refresh

The Samourai thing has stirred up a lot of attention, so maybe this is a good time to ask something I've been wondering about: is there a a writeup (or set of them) that talks about who knows what you're doing on the internet, in a sophisticated way?
For instance: imagine that the govt really goes bonkers and decides that running a node is illegal. My ISP surely knows that I run a node, because the traffic patterns of node-running must look very different from other traffic patterns -- the number of incoming connections, the nature and quantity of data propagation, etc.
But what about the rest of the ecosystem? How does my behavior through my various activities propagate? Who knows what? I have a general, uncomfortable feeling that everyone knows everything, in the general if not in the particular -- if I run TOR, non-exit nodes might not know the particular, but they know I'm using TOR, and that itself is a massive signal.
Whenever i see stuff like this talked about it's always very basic. Is there a source where they explore it in more detail?
Network security is a field that industry professionals typically study and practice for years before achieving competency. You are unlikely to find a single nugget of information that teaches you everything you seek.
Instead of worrying about what the world already knows about your internet usage, take some actionable steps towards making your router STFU (shut the f*** up).
People on the internet (and those running the internet) only know what your router tells them. They won't know very much if you make your router STFU.
Build your own router/firewall server or flash a store-bought one with open source firmware like OpenWRT or pfSense. This firmware will surface new configuration options that you can use to make your router STFU.
For example, you can make your router encrypt 100% of traffic and send it to an anonymous offshore no-KYC server with a Wiregaurd tunnel. The traffic is decrypted on the server and forwarded to the next hop. Even tor traffic will go this route, encrypted again so it no longer appears like tor traffic.
With a setup like this, go ahead and run dozens of services that are very chatty. Tor relays, bitcoin nodes, webservers, torrent seeders. Make it very noisy to distinguish patterns among the already encrypted data.
The offshore server knows very little about you because it was anonymous signup and paid with bitcoin. They just know your account number, and they know every request you make on clearnet. But the hope is that the offshore server doesn't have an obligation to share data with foreign government agencies.
Hopefully, only your ISP is forced to share data. And all they know is how many GBs of encrypted packets you send/receive to the offshore server.
You don't have to jump straight into this idealized setup. In fact, its probably impossible to set this up in a weekend unless you're already a professional.
Just try to make your router STFU a little bit more every week. Study the dark art of Network Security and practice building your own defensive networks at home.
Specifically the section on firewalls.
reply
A great start, thanks!
reply
Great question. I hope someone has a great answer.
I have the same vague feeling you do that enough people know enough for it to be a problem if they want to make it one.
reply
Yeah, as per my response here, I think it's not reasonable or helpful to ask: how can I stand against the concerted might of a nation state when it's directed against me? because the short answer is that you can't, and then the obvious response is to give up.
But it would be reasonable to say: how can I be smart and avert 90% of the bullshit that could be coming my way? That would be substantial progress, and worth trying for.
reply
Exactly. You don't want to be the low hanging fruit.
reply
71 sats \ 0 replies \ @jeff 25 Apr
Or the example.
reply
Is there a good overview of who on the internet knows what?
There has to be one at a high level. If there isn't I'm going to work on one.
@remindme 3 months
reply
Running a node is illegal? I thought everyone major was running one?
reply
Nope, not illegal, for now. Just a thought experiment.
reply
101 sats \ 2 replies \ @Lux 25 Apr
running a node is illegal
when did you consent to the contract that forbids running a node?
reply
You did not consent to almost any laws that you're subject to. You were born into them, and into a society that expects you to stand in the line with other slaves, and accept that any "laws" can be introduced at any time, if it's necessary to protect the socialist utopia.
reply
101 sats \ 0 replies \ @Lux 25 Apr
You did not consent to almost any laws that you're subject to.
Forced slavery is against the law
reply
This is such a great question... I'm going to look into how difficult it would be to put something like this together.
But it's going to be a massive project because it really depends on what kind of service you're using. For example, if you're on a website that's using third party integrations, there's always a question about how much access to your traffic on that website does the third party have. Facebook and Google are all up in everything. Ethical integrity and security competence are such unknown variables.
Like, any server you interact with could have a lot of data about you, and who knows if they're selling it or leaking it.
And then metadata makes all of this even more complicated.
I have a friend that keeps asking me if he should use an alternative browser or email service, and I keep telling him Google is getting so much of his metadata either way, you might as well just use chrome because it's more secure in a lot of other ways.
I have a general, uncomfortable feeling that everyone knows everything
I would reword this to say a nation state probably COULD find out a hell of a lot about you and your traffic if they took the time to target you. They'd have to get info from ISPs and big tech corporations to piece things together.
My general recommendation is to use a lot of burner accounts so that things aren't all pointing back to a single identity.
reply
This is such a great question... I'm going to look into how difficult it would be to put something like this together.
It would be worth just having a list of better, more specific questions than the one I asked. Your reply already gave me a lot to think about.
For instance, it jostled my memory that there was a big todo about browser fingerprinting a couple years ago. (Or rather: that's when I learned what a big deal it was.) Just knowing that there is such a thing as browser fingerprinting, and why it's nefarious, is more than I had before. I played around with an EFF site to get an intution. I'm sure there are a million things like that.
My general recommendation is to use a lot of burner accounts so that things aren't all pointing back to a single identity.
I wonder if there's a tool to help manage all these identity slivers? That might be a dumb thing that turns out to be practically very useful.
reply
I wonder if there's a tool to help manage all these identity slivers?
Like anything in that space, it's going to be tough to balance security and user experience... A well organized 1password account is a great step in that direction though.
reply
who on the internet knows what in 3 minutes
Major social media platforms hold profiles for over a billion people. Facebook alone employs 52 thousand attributes to categorize users. It's not just your posts; it's your clicks, preferences, and more. Data brokers gather and sell personal information, amassing detailed profiles of 700 million individuals.
Governments can access this data when suspicions arise, or illegal activities are suspected. Our investigation shows an alarming rise in requests, with companies complying in over two-thirds of cases. The information possessed by internet giants and data brokers is accessible to governments.
reply
That looks like a good start, thank you!
reply
For starters, Facebook (Meta), Google, Apple, etc, all of them are tracking people as much as they can so that they can then sell that data to the highest bidder. Remember that Google (Alphabet) is an advertising company first, that's how they make their money.
Then you have the multiple Intelligence agencies all around the world such as Five Eyes.
You can read more about Internet Privacy to have a look at how much stuff is being tracked all the time.
reply
54 sats \ 1 reply \ @r4v3n 14 May
A lot of activity gets tracked by your phone. Best thing is not using a smartphone, the second best thing is using a degoogled phone (like a google pixel where you replace the normal android with GrapheneOS or CalyxOS if you don't have a pixel phone).
Another thing that doesn't get a lot of attention is "fingerprinting". Basically is how "unique" you appear to the websites you are visiting. Chances are that even blocking trackers makes you "unique", so ideally you want to send false info to blend in with the other users. https://www.amiunique.org/
reply
54 sats \ 0 replies \ @r4v3n 14 May
There is also this other website for testing fingerprinting https://coveryourtracks.eff.org/
reply
We have been living in 1984 for a long time, I also always live thinking that everything I do in the internet is being monitored or at least that everything is being saved, and that it could be used against me, I am not a criminal nor do I do anything bad, but always having the feeling that you are being watched makes you look like one.
reply
27 sats \ 0 replies \ @xz 25 Apr
That is a question.
reply
One thing is clear government want to track every transaction worth anything
reply
At this point it is probably best to assume that you have no real privacy while using something that connects to the internet.
reply
0 sats \ 0 replies \ @Car 26 Apr
All surveillance runs upstream, wrote this last year maybe it will help.
reply
I got 6102 problems but the Fed ain’t one!
reply
You know that generally, the military is about 30 to 40 years ahead of the technological curve. That means everything else is "primitive enough" to be main stream.
reply
I may believe something the government says, or at least be willing to verify and accept it, but that doesn't mean I trust their conclusion or motivation.
The whole narrative about government being the adda of crooks is right because they pretend to be right with everything they do. But in fact, we should only oppose the actions of government.
(And yeah, in terms of current events, they've clearly made some truthful statements about Samurai. It's possible that all the factually verifiable statements are true. It's their conclusion and the actions that spring from them that's where the dishonestly lies.)
Is that you? If the answer is yes, sell all your BTC now and go back to "compliant tokens" fiat.
reply
deleted by author
reply
I'm with you that there's not a PDF that brings you to enlightenment, and I'm with you that it's safest to assume that nearly everything you do is knowable by a powerful-enough actor.
But I reject the idea that the response is to throw your hands up and not try to understand what's up. I don't do that in other parts of my life and I'm not starting now.
reply
The best security you can have is to stay off the internet. No joke. This reminds me of that guy Brill in the movie Enemy of the State. Anybody know what I am talking about?