Pretty sure face recognition at protests has me much more exposed than an obscure leftist social network
this post was submitted on 11 Oct 2025
77 points (100.0% liked)
Chapotraphouse
14125 readers
736 users here now
Banned? DM Wmill to appeal.
No anti-nautilism posts. See: Eco-fascism Primer
Slop posts go in c/slop. Don't post low-hanging fruit here.
founded 4 years ago
MODERATORS
Mask up!
see, that's why I don't go to protests
Eh, at this point they can come and take me. I'm ready to sleep.
you need to get like me and constantly be checking the warrant canary. if it gets more than 1 month out of date you should assume, like me, that this site has been served some sort of warrant and the lying admin bastards are complicit.
It was last updated September 26th, 2025 so they have a bit of time before I fly off the rails.....
I registered as a republican one time as a joke. I figure I am safe and I used to enjoy throwing their mailers in the trash
me in the back of the van explaining to the secret police that I am actually registered as an independent and only voted for democrats to spoil the vote. ("Sir I voted for Bernie Sanders in an attempt to ensure Joe Biden and Kamala Harris would not have a chance against Mr. Trump, please understand someone had to do it...")
knowing my posting got me sent to the american gulag is fine they're gonna send us all there anyway
You can use Hexbear over Tor super easy.
There's no way to guarantee what the admins are doing, but they say that no IP's are logged. Because of that, we can't do IP bans. That's why people that get perma'd will often come back on an alt, and as long as they don't repeat the offending behavior or mention their banned account, admins won't care.
TOR? The navy project? yeah what a joke lol
Nobodies been able to prove they backdoored it or that they have node majority. The assumption/trust we all have to make is that the government wants to hide themselves as much as we do (protecting American intelligence was it's stated purpose).
i2p has some issues, and isn't really meant for accessing clearnet sites, so if you discount Tor you're just accepting that it's impossible to hide who you are. If you do it over the clearnet your DNS provider will know you asked for Hexbear, and your ISP will know that you accessed the Hexbear IP (and DNS/ISP's collab w/ the government all the time). And if you're under the assumption that Tor is a honeypot, it's not much of a stretch at all to believe VPN servers are compromised (after all, most VPN providers don't open source their code, unlike Tor).
I vpn up, I'm more worried about 2006-2010 era 
or all those fly by night private servers I played on.
I think if someone wanted to collect the IP addresses of hexbears, they could do so pretty easily. All they would have to do is host a website and then post the link to their website on hexbear.
20 years ago, in the height of web forums. it was common for people to host an image in their forum signature that would store the ip addresses each person that viewed their comments.
The tricky part is matching usernames to ip addresses. This could hypothetically be done using markdown to place the username inside of the URL parameters of an embedded image. I'm not sure that this is possible, I think the markdown for username substitution is only enabled in the website headers.
I've noticed that lemmy has embeds for some websites, which could enabled IP address extraction. Like CBS links embed a CBS video player into the post page. There was one news site (almayadeen) that embedded a whole iframe into the page.
So I think if someone wanted your ip address, they would just link their own website. The tricky part is pairing IP addresses with usernames.
Someone could just DM you an embedded image hosted on their own website. That would match the IP to your username because you would be the only person to load the specific URL.
are there steps to at least have somewhat good opsec? Like, precautionary stuff that isn't high threat level but baseline?
I would recommend to never put anything on the internet that you wouldn't want to read to a court room. If the US government wants to find you, they will find you.
There's an infinite number of things that you could do for "opsec", most of it would waste your time. In order to do opsec, you have to know who is threatening the thing you are doing.
An example of opsec is the song Biggie Smalls - Ten Crack Commandments. In the song, Biggie explains the opsec necessary to sell crack cocaine.
Rule 1 Never tell anyone how much money you have.
Rule 2 Never tell anyone your plans.
Rule 3 Never trust anyone, not even your own mother.
Rule 4 Never get high on your own drugs.
Rule 5 Never sell drugs from your own house.
Rule 6 Never give loans because people won't pay you back.
Rule 7 Never sell drugs to your family because they will manipulate you.
Rule 8 Never carry a large amount of drugs, have someone else carry it for you.
Rule 9 Never talk to police under any circumstance.
Rule 10 Never order more drugs than you can handle from your supplier.
I'm describing the lyrics of the song. I am not suggesting that anyone should sell drugs.
This website has some guides. They even have a guide for opsec while atttending a protest. EFF is a good organization for computer security.
noooo my safety!
You need to accept that there's not really such a thing as using hexbear with good opsec. You only have to slip up once. If they really want you, they probably got you. Don't post things that could make them want to put in the work. Don't do the work for them. But this is part of why fed posting is bad. If you want to resist the burgerreich, you must join organizing in your area, preferably without your private issue tracking computer in your pocket at all times.
Are you saying we need to cancel the weekly meetups? I think it might be a better strategy to invite President Trump to one so we can tell him how we're so thankful God chose him to destroy 
if u can't do good opsec at least lie a lot to pollute the water
also it doesn't hide ip, it just doesn't log it in the first place
I care deeply about multiple distinct metro areas local issues according to my account history.
Wdym lying? I am a god fearing Christian mother of 3 from Kansasville County, Missouri
Feds can do traffic analysis anyway but most hex bears' best hope is they are not a big enough fish to be worth catching
We're all harmless libs
Based on their rhetoric even this won’t work much longer
There isn't a huge benefit to using the same account for a long time, so make a new one and delete the other ones every once in a while. Also, don't fedpost.
excuse me some of us are building a brand over here 