How could anyone find out which sites are you following using an RSS feed? And I mean in a broad way: can the site track you? Can ISP? Network managers?
Let’s say you want to follow a bunch of political sites that you don’t want to be easily attached to, is RSS a good way to do it? Are there extra precautions to take?
My first thought would be that it’s the same as using any other browser, so not a great way to be private. Am I wrong?
Gonna give you a tip.
assume that 99% of anything you access online is visible to your ISP (and therefore your government and police) and the hoster of ther service.
An RSS feed is literally the same as going to the website. A request is being made to the domain and anyone who can see the data between you and the website can see it. If you think you’re secure going to the website normally, then an RSS feed would be secure, too.
The answer is absolutely yes
Keep in mind that RSS is just some XML sent over HTTPS connection. For anyone outside, it will look like gibbirish, they can say you are requesting and getting some things from that particular site but not what it is.
Your client downloads a XML file and parses it and then maybe downloads some images. There.
If the client itself doesn’t track you, it’s as private as online can be.
Somebody would have to actively watch you. And properly setup it would still be more private.
You follow a bunch of political sites. Your FBI agent sees your computer connect to the sites. With regular browser he sees each site and how much time you spend there, which articles you pull.
With RSS set to once a day, your computer pulls all the text from all the political sites. No data on which articles you view.
It’s the equivalent of getting several newspapers/magazines by subscription vs ordering specific issues.
The downside is that it probably is a great fingerprint if you go through vpn or tor. But it also could limit your tor/vpn connection time to the shortest time possible.
The downside is that it probably is a great fingerprint if you go through vpn or tor. But it also could limit your tor/vpn connection time to the shortest time possible.
What do you mean? How is it any less private than on the clearnet?
Adversary just has to look for somebody who requests the exact same news sources.
RSS in theory would be fucking perfect for tor. But all the best development for it occurred before tor got great.
For privacy have a client download from random news sources on the list. Then a new circuit and download another random amount. That would be a perfect way to receive news.
The comment thus far are a little oversimplified… Yes, the feed is just an XML document, same as the HTML page, but there are several relevant differences. Yes, in theory, one could use server logs to determine which IP addresses make which requests for what documents, but in practice… Making things run and spying on people tend to be two different departments. With HTML, unless you block all javascript and have no images load, tracking javascript and tracking pixels will be invoked by your browser and those DO go to the tracking you department. If you hit a webpage it is FAR more likely that data goes somewhere for you to be spied on than just downloading an RSS feed (although individual items in the RSS feed may well have tracking pixels).
The RSS feed is still fetched from their server. Whoever can watch your internet traffic would still see the connection to the site.
So if you put your RSS feed application behind a vpn it would be more private?
Then, only the vpn provider would see the very same traffic, the ISP would see without vpn.
The ISP would just see your connection to the vpn provider.
The sites themselve would just see the vpn ip.
So it’s not the question about whether anyone sees the traffic, but who.
Only Tor would hide this traffic in a sense.
