how private are RSS feeds?
-
Depends on your threat model. If you use secure DNS and https for the RSS feed, then these people would know your IP and the IP your connecting to:
- the DNS provider
- the RSS server
- your ISP/ VPN server
Both your ISP and VPN will know you've made a TCP connection to that server at a specified port, but that's it. It's trivial for them to reverse lookup the IP back into a name.
Only the RSS server will know the specific URL you're visiting though.
Only the RSS server will know the specific URL you're visiting though.
and the site itself!
-
Adversary just has to look for somebody who requests the exact same news sources.
RSS in theory would be fucking perfect for tor. But all the best development for it occurred before tor got great.
For privacy have a client download from random news sources on the list. Then a new circuit and download another random amount. That would be a perfect way to receive news.
You raise a good point. I think that if an RSS reader could pull from different websites at separate times and either programmatically use the TOR browser /at elast have support for stream isolation along with randomly scheduling when to pull from what website, it should be able to evade most automated measures of surveillance. Timing and correlation attacks are the only ones I can think of other than NSA paying for over 50% if TOR nodes.
-
Only the RSS server will know the specific URL you're visiting though.
and the site itself!
They are one and the same.
-
They are one and the same.
jeez I wasn't reading very carefully. I read that as "Only the RSS reader"
-
An RSS feed is literally the same as going to the website. A request is being made to the domain and anyone who can see the data between you and the website can see it. If you think you're secure going to the website normally, then an RSS feed would be secure, too.
There's a difference: Websites have JS and requests to CDNs. RSS feeds don't.
-
There's a difference: Websites have JS and requests to CDNs. RSS feeds don't.
Why do you think an RSS feed can't sit on a CDN?
-
Why do you think an RSS feed can't sit on a CDN?
What I meant were CDNs such as Google's providing common resources like fonts or JS libraries.
-
What I meant were CDNs such as Google's providing common resources like fonts or JS libraries.
Also, by using RSS you skip all visual garbage and more tracking that you might have to exposed.
PS: I dislike Google Fonts. It is the most insidious way that Google can track people as they are used everywhere and in almost all sites and even by some FOSS applications.
-
Burner terminal from 1990
And you burn the PC after each use.
-
Also, by using RSS you skip all visual garbage and more tracking that you might have to exposed.
PS: I dislike Google Fonts. It is the most insidious way that Google can track people as they are used everywhere and in almost all sites and even by some FOSS applications.
Have you heard of Local CDN? It provides at least some common things.
-
Have you heard of Local CDN? It provides at least some common things.
On, I have and have used it. Thank you.
But as far as the host server that you hit is comcerned, whether you block the fonts via uBlock or do not fulfill the server request via Local CDN, they will still use it to profile you, because you tag yourself in the minority of users in the world that do not hit the Google font servers. And Google knows this.
Since even most adblock users still do not block fonts or other assets like this.
Albeit I do as I use uBlock on Medium mode, including fonts. And I dropped using Local CND as to minimise my extensions footprint.The main gain would be for the site's aesthetics as you host some assets locally, but from a privacy perspective, you are damned if you do, and damned if you don't. Albeit you are damned a little bit less if you do. LOL
