I know many on the fediverse are concerned with privacy, demanding that their activities not be collected. The 9th circuit court in the US recently ruled that it’s not a crime to scrape web sites, even if the terms of use for a site prohibit it.
Also, it’s recently come to light that twitter employees abused their access to help foreign governments.

The fediverse is small and “nichey”, but we should be cognizant that our activity is most likely being collect and analyzed for various purposes.

I don’t have any knowledge of that happening, but as different marginalized groups come to the fediverse, it’s an almost certainty that it’s happening, most likely by multiple entities, under the auspices of anti-terror or other similarly inane reasons, probably even some of which are purely for research or marketing purposes.

I bring this up because it seems to me that some people likely take comfort in the successful brigading of people who publicly stated they intended to do this off the fediverse. The ones to be worried about are the ones we don’t know about.

Anyhow, be safe out there.

@jerry Social Media = public.
As soon you share something online, you have lost control over it. Imo there is no 'private' usage of a social media platfrom possible.

Am I missing something?

I fully expect in 2020 we will see a concerted effort by nation-state actors and their proxies to infiltrate and influence the greater Fediverse now that it has reached a certain degree of mass adoption.

@jerry I'd suggest non-attributable accounts as an option: Just because you're not using Facebook or Google+ doesn't mean you aren't visible. It's still the web. @estoricru has a great point with a RANDOMLY GENERATED username. If you use a password manager, you have no excuse not to randomize your username.

@m4iler @jerry @estoricru that works, but your toot history often says a lot about you on its own. so if you wanna make the scraped data completely useless, you'd need to use a new account for each few posts, at which point you'd have trouble actually socializing, which is the main purpose of fediverse.

it could, though, make your data useless for ad targeting and similar

also, it's preferable to use unique pfps on each website, i'd been stalked using google image search a couple times :(

@leip4Ier @m4iler @jerry As an #OSINT professional my advice is: if you don't want to be found but must put your info online for whatever reason, make sure everything is different on every website.

Same username = too easy to find you.
Same profile info/bio/description = too easy to find you.
Same URL (to your website, blog, etc) = too easy to find you.
Same avatar = too easy to find you.

Even if you set your domains, pages, etc, to "do not index" there are browsers that ignore that and index anyway.

@leip4Ier @m4iler @jerry Even if you obfuscate your website URL by using different URL shortener links for each social profile, I can probably still find you via your backlink profile.

I learned that one back when I did search engine optimization professionally. It's a part of competitive analysis but it's been useful in OSINT as well.

@estoricru @m4iler @jerry yeah, links are hard to conceal. i wonder if putting a link to something like (requires an additional click by the user) would work. it isn't a 302 redirect, there's even no actual page to index, it's just a page that gets rendered inside the browser based on the url fragment. shouldn't get into search engines index i guess?

@leip4Ier @m4iler @jerry Yeah something like that is far more likely to work. I've never happened across one that I found myself so either no one is using them or they properly hide. I'll run a test and write up a case study one of these days.

@estoricru @m4iler @jerry but then again, i don't think many people use this website, so a search for pages linking to wouldn't give too many results to be able to check them all manually. so you'd have to use another service each time...

hmm, do pages with rel=nofollow links get into the index of pages linking to those pages?

@leip4Ier @m4iler @jerry Yeah some search engines ignore that stuff. Google usually abides but you know there are like 100000000 search engines these days and not all of them follow that.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.