-- Leo's gemini proxy
-- Connecting to midnight.pub:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
I was randomly chatting with an AI Bot as part of my on-work training. I inquired about the "typical user groups of gemini protocol" and in turn it delivered me this:
> Privacy advocates: Gemini's design, which emphasizes minimalism and limits features like tracking and scripting, appeals to individuals who prioritize online privacy and security.
Though, is that true? Is using gemini really more private? I would dispute it.
Yes, Gemini Protocol makes it impossible to track users based on cookies or similar tracking technologies. There are no scripts in Gemtext to communicate the user behaviour to some data hog advertisement company, etc.
But also consider this:
When I read (or post) to a gemini capsule it will get my IP address. The operator of the capsule can find out who I am if they log the IP addresses.
When I read (or post) to a gemini capsule my internet provider (ISP) can track the activity. They can see which servers I am talking to. Based on my target capsules they can have a general idea about my interests.
My ISP already has my private data, ie. Bank account number (for Payments) & address (to deliver services). They can come knocking at my door at any moment.
The upper level provider of my ISP can also see both ends of the traffic. In some countries the upper level internet providers are state controlled and no ISP is allowed to bypass them. (I think anywhere with a democracy index below 6)
Yes, no one can see the exact content (considering Gemini is Encrypted by default) but they can know my interests, based on which capsule I am reading from.
So we can sum up in my communication I have three sets of personal data:
My IP, which indirectly tells anyone who I am.
My interests, which allow for profiling me.
My address, (and bank account number) which allows anyone to come knock at my door.
If I was to post to some "Evil-Social-Media-Platform"-Page called "Midnight Pub" instead of using a Gemini Capsule, my Internet provider would only know I am doing "something" on "Evil-Social-Media-Platform". They would not know what exactly. "Evil-Social-Media-Platform" would know what my IP address is, but would lack the information who I am. They could only find out by inquiring my ISP, which would need a Court decision. The moderator of the "Midnight Pub" page on "Evil-Social-Media-Platform" would interact with me and see my comments, but would not know who I am or what my IP address is.
Am I mislead ?
Yes, "Evil-Social-Media-Platform" would have two of my three sets of secrets. But those are now hidden from anyone else and it is quite difficult for "Evil-Social-Media-Platform" to get the third. So, if I use a pseudonym to post on social media, it has higher level of privacy than using a pseudonym on a gemini capsule.
The same applies if I use a proxy or VPN or similar hiding technology instead of social media platform as an intermediary. The difference is, my ISP's Provider, which probably is a state actor, does now know I want to hide something and will want to watch my other behaviour. Whereas using social media in general is not suspicious, since anyone does it.
PS: Yes, gemini is also about content without presentation. It is not about privacy only. I get that part. This question is only about the privacy claim by the AI bot.
i think that imo gemini and similar stuff, that mimizes information given to a point, is more a case of "less if not all", where yeah its not explicitly private, but less information is being given and less people are getting that information.
For someone fearing for their safety in a low democracy state, any on line activity that could be broblematic, should be routed through tor. There are other equivalent networks, but I thing only tor is considered safe enough.
I think Gemini does give the option to provide .onion services.
I know Gopher does for sure.
On the clear net, I don't think there is a way for a server to not know your IP. Weather a log is kept, is a different story, and depends on the server's owner-policy.
What is diferent on Gemini I think, is that there is no way to fingerprint you.
If you mask your IP through tor, and use a pseudonym, your ISP should have no idea what you are seeing, and the server can only know what a pseudonymous user with a fake IP does some bad things on their server but has no idea what the user does on any other server.
How can they connect your persona and its actions with your real IP?
-- Response ended
-- Page fetched on Sat May 4 22:04:51 2024