I have recently started to care more about my privacy and anonymity, so I am just scratching the surface and still don’t know much about it. I know that you should not log into any accounts with sensitive information while using the Tor browser to prevent your identity from being leaked. What about websites (like Lemmy, Masterdon, etc.) that can’t leak personal data because I never provide any directly? I use Mullvad + alias email addresses to log in.
What if I logged into my Lemmy account outside of Tor without a VPN one single time? So Lemmy should have received my real IP and location at some point. Could someone find personal data because of this single, unprotected login while I’m browsing Lemmy through Tor?
Thanks for any answers and explanations!
Kinda missing the point of using TOR when you’re logged into an account, at that point just use a VPN. (Or VPN and a secure DNS)
(Or VPN and a secure DNS)
properly setup Tor covers both of those. with proper opsec (admittedly quite hard to do), disconnecting the account from an IP or locality is a legitimate part of the protection puzzle.
Orbot allows you to do this I think
some instances do block Tor exit nodes, so if your current home instance blocks you will have issues. federation ftw; use an instance that accepts Tor exit nodes.
does anyone know of an instance offering .onion addresses?
Probably db0
I believe if you logged directly into Lemmy without routing through Tor then their servers would log your IP address. With sufficient cause your ISP could be forced to provide your name and address but the reason would need to be very good, most obviously involving immediate endangerment of life. But times are changing and the reasons to make such inquiries might change too.
Someone with enough access to the Lemmy server and many TOR nodes might, I guess. Just access to TOR shouldn’t be enough, as the connection to Lemmy is encrypted so they don’t know who logged in or what they accessed on Lemmy.
I think access to Lemmy alone would not be enough as well because just knowing that a user came through one TOR node doesn’t link it to other services. Many users use the same TOR node.
