Look, if you are concerned about your instance's IP address leaking out and your reason is "privacy" then I'm going to go out on a limb an say you probably should take about five steps back and ask whether you should be running an ActivityPub based server...

Hrefna (DHC)

Look, if you are concerned about your instance's IP address leaking out and your reason is "privacy" then I'm going to go out on a limb an say you probably should take about five steps back and ask whether you should be running an ActivityPub based server _at all_. At least one that isn't on Tor and/or that you haven't specifically hardened.

I also have to wonder what is the subset of people who are using cloudflare and for whom that ip address won't just be us-east-1 or some equivalent.

Erin 💽✨

@hrefna the main reason for someone to worry about IP leakage is DDoS attacks tbh

alina 🌸

@[email protected]

you should be running an ActivityPub based server at all

why not? if i proxy all inbound requests via cloudflare and proxy all outbound requests via an external proxy, there seems to be no way to leak instance's ip address

i use cf because i host from home and obviously i wouldn't want to leak my home ip to everyone :neocat_woozy:

Hrefna (DHC)

@teidesu If you don't want that revealed you generally shouldn't be hosting a server from home.

How do you know it is well behaved? That it is actually using your external proxy correctly?

Can you configure it correctly with firewalls and such? Absolutely, though there's still a risk, and unless you are a very advanced administrator and know exactly what you are doing it is almost certainly a bad idea.

If you are that administrator then the thread I'm referring to will also be unsurprising

Hrefna (DHC)

@teidesu There are so so many things to keep in mind if you are trying to obscure that information and running any home server represents a huge risk to that information getting out.

If you are trying to do it for DDoS protection then it's more of a nuisance and there are other remediations you can use, but if your reason is _privacy_ from geoip then once that information is out then it is _out_, and there are many more things that could potentially leak that info.

Hrefna (DHC)

@erincandescent That reason I'm much more sympathetic to, really.

It makes sense and if there is a breach or failure it can be mitigated in a fairly straightforward manner, so the consequences of getting it wrong are less. The information is also not as easily leaked via other mechanisms (e.g., evaluating the background of pictures won't usually increase your ability to DDoS).

alina 🌸

@[email protected] of course if someone tries hard enough with a targeted attack they would probably eventually obtain it.

but these are very simple ways to get a "good enough" protection - enough to keep skids away. security through obscurity is actually fine in some cases.

Hrefna (DHC)

@teidesu Not even a targeted attack.

A post with a 1 pixel image and a client that loads that image as a preview.

A server that proxies all AP traffic but not image downloads, which are out of band to ActivityPub.

Metadata being insufficiently scrubbed on a picture, or the background of a picture being easily identifiable.

A link that you click on or the client or server resolves.

Then the remediation if that information gets out is to change where you live.

alina 🌸

@[email protected]
- media proxy
- wdym by "proxies ap traffic"
- iirc meta is stripped by the software. though im always careful about meta in my attachs
- previews are proxied as well, i checked. and me clicking on some link proves nothing

no its not. at best they'll get to know my city (which is public anyway), to get my home address they'd need to somehow persuade my isp to give away that info. and at that point its some fbi/cia type shit which is unlikely to happen, and even if it is supposed to happen - it'll happen no matter what

and i can always just ask my isp to rotate my ip

Hrefna (DHC)

@teidesu You can't get a home address from geoip. It doesn't work at that level of precision.

That's the problem If "at best they'll know my city" from other sources then you generally aren't needing to obscure ip address for privacy reasons. Because with very few exceptions your city is _more_ precise than a geoip.

A geoip from my location would put you somewhere between Ft. Collins and Denver (and in fact it is outside of the 65% accuracy ring by enough to matter).