What social media platforms or projects are being developed that prioritize extreme security and anonymity, with a focus on addressing risks such as stylometry and other forms of behavioral analysis?
Are there any platforms that utilize techniques like differential privacy, homomorphic encryption, or other advanced methods to protect user data and identity?
My impression is that the technology isn’t quite mature enough to fully meet the needs of high-risk communities, but the demand for private and secure social media platforms is clear. I’d love to hear about any efforts that are underway to address this gap.
My 2 cents: If you have a group of people, all it takes is a mole to infiltrate to crack the group. One bad invite bypasses all encryption. If a group is sufficiently large, this is way more likely. Small enough of a group, existing tech may be sufficient. I suspect this is why this likely isn’t a strong area of research.
Well I don’t know of any social media site that accounts for stylometry. That would be something that I would think the end-user is responsible for mitigating. Stylometry spoofing is fairly simple to do. There’s not many privacy respecting social media outlets though. Something like Sone on Hyphanet is pretty good. But it’s lack in features and overall development would probably be a turn off to a major portion of people that use social media in the first place. An alternative might be starting a subdread on Dread. But lets get real, we all know what Dread’s main focus is. It’s abundantly clear when you visit the site. Nevertheless they maintain the idea that they’re the “front page of the darknet” lol.
Hello,
After reading your thread, I want to ask you a question why social media sites don’t protect against stylometry, and whether privacy-focused platforms like Sone or Dread could be a better option?
Thanks buddy.
Mike Taku.
I understand your point about the potential risks of insider threats, but I’m not sure it’s a significant concern in the context of high-risk communities. These communities are highly aware of the importance of security and would likely take steps to mitigate the risk of moles. They would also be cautious about sharing sensitive information, making it less likely that a single bad actor could compromise the entire group.
With that in mind, I’d like to refocus the conversation on the technical solutions that can be implemented to protect user data and identity. Are you aware of any projects or platforms that are working on advanced security measures, such as differential privacy or homomorphic encryption?
Thank you so much for sharing your thoughtful and informative response! I really appreciate you bringing up the topic of stylometry spoofing and suggesting ways to mitigate it. I wasn’t aware of the simplicity of stylometry spoofing, and I’m grateful for the education. Your suggestions for Sone on Hyphanet and starting a subdread on Dread are also helpful, and I appreciate your honesty about their limitations.
However, I’m still concerned about other high-level behavioral threats that may remain a risk to de-anonymizing individuals online. While stylometry spoofing is an important consideration, I’m not sure if it’s enough to fully protect against identification. I suspect that stylometry analysis may be able to detect other patterns in writing style, such as vocabulary usage or sentence structure, which could still be used to identify individuals.
I can’t say I do. I think it’s hard to recommend anything specific without a threat model or use case in mind. I’m not sure what extreme security and privacy means for what you are looking for. Are we talking about government level threats, local authorities, corporations? Another good discussion might be what specifically in current existing solutions fail to meet the criteria you are looking for.
Preserving one’s privacy isn’t exactly on the short list of priorities for most social media platforms. They either don’t care or are directly affected (in a negative way, fiscally speaking) by preserving privacy for it’s user base.
Yes, they are both hosted on censorship resistant networks with the goal of preserving one’s anonymity. They are also supported by voluntary donations and/or voluntary contributors to their own respective networks (relay and node operators). So they are “free” as in freedom. Not the Facebook type of “free” where you are the actual product.
Nothing is 100%. The facts remain however that 99.99999% of people get caught by simple opsec fails. Nothing related to the technology they’re using. In fact the only case I know of where the technology itself failed was with that guy Buster Hernandez who was using Tails to harass teenage girls on Facebook. He would like blackmail or extort them for “inappropriate content” and had been doing it for quite a while. A three headed joint operation between Facebook, FBI, and a Private Firm that specialized in malware exploits were able to get a zero-day on his OS that exploited the media player. When he launched the infected video it revealed his IP. There was some discussion about how he might have gotten away with this still if he had used another media player like VLC, or if he had been connected to a public wifi instead of his own network. So in a way you might be able to blame part of his failures on opsec still .
There was also that recent case that made the Tor forum about a de-anonymization of another pedophile. That case was different though, and still what I would consider an opsec fail. They exploited his messenger with a guard-node discovery attack but the idiot was using an outdated version of Ricochet that wasn’t even being maintained anymore, lol. So that was indeed an opsec fail, not a flaw in Tor.
Everyone else you read about from Ross Ulbricht to the Incognito market admin to those cringy folks hiring “hitmen” with bitcoin directly linked to their Coinbase accounts (lol) are all de anonymized from their own stupidity. And I say in the end it all worked out for the best. Because I think most of us would agree getting pedos off the streets while learning from their mistakes is a win win for everybody.