Welcome, #Scotland! It's great to hear so many people are coming to the #fediverse and into a great community.
Mastodon.Social is one of many sites that you can join. This one has excellent moderation and is home to excellent conversations.
@theprivacyfoundation
Telling #TwitterExodusScotland ppl to join mastodon.social is poor advice & it's ironic that it comes from a #privacy foundation. mastodon.social is #centralized on #CloudFlare. It's an abuse of privacy & #netneutrality.
You should be embarrassed to be on that node and you shouldn't be suggesting it to others.
@resist1984 There are many Mastodon instances, or create your own. It certainly doesn’t need to be on Mastodon.Social, but I am sure @Gargron does nothing to sell lists nor do anything nefarious. The beauty of the Fediverse are all of the options.
@theprivacyfoundation
Sure there are many instances. Some are respecting of #freedom & #privacy, and some are not. #CloudFlare is an abuser of privacy & #netneutrality. You've specifically endorsed a CF node (mastodon.social). As a "privacy foundation", you should know better and you should set a better example.
We get your meaning here, but we don't believe in security and privacy perfectionism. We don't believe it gets us anywhere.
Mastodon.Social is a public social media site. As always, it's a good idea to connect via a VPN and use extensions that mitigate tracking.
There are many CDNs out there, some of them are more privacy respecting than others.
A great solution might be to have a conversation with Eugen that demonstrates some viable alternatives to your concerns.
@theprivacyfoundation
That's dangerous advice. Have a look at CVE-2019-14899. All VPNs compromised.
No one claims you can have "perfectionism". Of course, there are good options and bad options. #CloudFlare sites like mastodon.social are profoundly stupid choices to endorse.
Even if you neglect the #Tor hostility & #VPN weakness, CF still sees all traffic. Also, using CF feeds a #privacy abuser financially, which works against your alleged cause.
That VPN exploit is already being addressed. https://protonvpn.com/blog/statement-on-cve-2019-14899/ has a good breakdown of the actual exploit impact. The inference that all VPNs are compromised and are irrelevant is probably dangerous.
As an instance federated with Mastodon Social, there is likely already a connection between your server and CloudFlare's CDN. This is an unknown, but potential risk.
But, as always, mitigating risks is a good thing!
@theprivacyfoundation
VPN is still lousy advice b/c there is no anonymity. The entry node knows the origin and the network thereafter sees the whole path. Even when combined with #Tor or #I2p, both of which anonymize independently, the VPN results in 1 IP or a small set of IPs that make you trackable particularly when combined w/your client fingerprint.
Your advice is still dangerous. It's also pointless & unethical. Suggesting less effective tools to feed #CloudFlare is foolish
@resist1984 The VPN overview you stated is an oversimplification.
In levels of trust, one might trust ProtonVPN more than Comcast. Therefor, ProtonVPN has a safer model than no VPN.
In another level of trust, pooling IPs actually makes one safer because there is commingling of data making it harder to correlate.
Using ProtonVPN on CloudFlare tunnels traffic in a way that obscures client connections vs a CloudFlare connection without a VPN, assuming trust of PVPN.
@resist1984
Sorry, but throwing around the idea that it is dangerous is pushing a boundary.
Privacy as a goal has milestones.
Mastodon.social is more private than Twitter because ads are not sold. Metadata is not sold.
Mastondon.social is less private than a perfectly installed personal instance.
It depends on the goals. Our goal is not to go off-grid or else. Our goal is to help get people from no thought on privacy to the next level up and so forth.