I have recently started to care more about my privacy and anonymity, so I am just scratching the surface and still don’t know much about it. I know that you should not log into any accounts with sensitive information while using the Tor browser to prevent your identity from being leaked. What about websites (like Lemmy, Masterdon, etc.) that can’t leak personal data because I never provide any directly? I use Mullvad + alias email addresses to log in.
What if I logged into my Lemmy account outside of Tor without a VPN one single time? So Lemmy should have received my real IP and location at some point. Could someone find personal data because of this single, unprotected login while I’m browsing Lemmy through Tor?
Thanks for any answers and explanations!
Check the url and domain is correct and make sure HTTPS is on. It should be fine. I use Tor for Lemmy all the time.
(Not that it will stop the NSA or anything, but like… I wanna waste their time trying to trace the connection. If they wanna find me, they’ll need to spend the extra time to do their investigations)
What if I logged into my Lemmy account outside of Tor without a VPN one single time? So Lemmy should have received my real IP and location at some point.
Yea, you slip up once, its essentially as if you never used Tor. Don’t accidentally use a normal browser to log in lol 😉
If you want an “anonymous” account. You have to create the account using Tor, then only ever use it over Tor.
Otherwise, you should just use clearnet, since there’s no point of using Tor sometimes and clearnet on other times.
Should be okay as long as you didn’t give the instance any of your other information (e.g. email during signup, etc.) and the Lemmy instance itself allows logins via Tor. You may also want to avoid instances using Cloudflare, it often blocks Tor connections so loading pages can be hit-or-miss.
Just saying it’s okay for basic privacy, you’d likely need a different solution if you’re actually being targeted by governments/organizations/etc with access to your ISPs and ability to backdoor your equipment.
OTOH if you’re already on a VPN I don’t think you need to go through the trouble of adding Tor to that mix.
(I’m on Tor right now)
What if I logged into my Lemmy account outside of Tor without a VPN one single time?
Strictly speaking that means your Lemmy account is now compromised, time to go create a new one over VPN or Tor or however you prefer to browse.
Kinda missing the point of using TOR when you’re logged into an account, at that point just use a VPN. (Or VPN and a secure DNS)
(Or VPN and a secure DNS)
properly setup Tor covers both of those. with proper opsec (admittedly quite hard to do), disconnecting the account from an IP or locality is a legitimate part of the protection puzzle.
Orbot allows you to do this I think
some instances do block Tor exit nodes, so if your current home instance blocks you will have issues. federation ftw; use an instance that accepts Tor exit nodes.
does anyone know of an instance offering .onion addresses?
Probably db0
Someone with enough access to the Lemmy server and many TOR nodes might, I guess. Just access to TOR shouldn’t be enough, as the connection to Lemmy is encrypted so they don’t know who logged in or what they accessed on Lemmy.
I think access to Lemmy alone would not be enough as well because just knowing that a user came through one TOR node doesn’t link it to other services. Many users use the same TOR node.
I believe if you logged directly into Lemmy without routing through Tor then their servers would log your IP address. With sufficient cause your ISP could be forced to provide your name and address but the reason would need to be very good, most obviously involving immediate endangerment of life. But times are changing and the reasons to make such inquiries might change too.
