One thing you will want to do is run your code over the Gemini Client Torture Test (web proxy view). Be especially careful with the redirect tests—they’re pretty nasty.
I guess 2 things. Privacy problems with HTTP are the fault of servers and browsers. Browsers could refuse E-Tags, not send cookies, etc. But, these are also signals that servers can use to create a fingerprint.
But, if unless Gemini is incredibly successful, it’s not possible to avoid a proxy which wraps a Gemini request in HTTP, exposing all of the same privacy breaking things to the proxy.
I’m not suggesting that Gemini isn’t privacy focused, because, clearly the protocol itself leaves little room to stuff any identifying information in it. However, practically speaking, this simply doesn’t matter at this point. In fact, seeing Gemini traffic on the web at all (or, network traffic to TCP/1965) might immediately group your IP into an identifying group of “nerds” interested in privacy preserving web protocols. Surely, that IP connection with the rest of the browsing data from other sources will further identify you, or someone else in your house, reducing your privacy.
In other words, isn’t the use of Gemini just another feature of your online fingerprint?
Hey, thanks for posting @bogdan.
I’m the author of that post, I’m new to gemini and racket, AMA.
One thing you will want to do is run your code over the Gemini Client Torture Test (web proxy view). Be especially careful with the redirect tests—they’re pretty nasty.
@spc476 I’m doing that and currently failing. I will work on it until it passes the tests. :-)
Glad to see more people talk about gemini.
One question still floats around me: Why not choosing HTTP/1.1, or even HTTP/0.9, with a
Content-Type: text/gemini; charset=UTF-8?The FAQ gives some rationale. I found section 2.1.2 on privacy to be the most compelling
I guess 2 things. Privacy problems with HTTP are the fault of servers and browsers. Browsers could refuse E-Tags, not send cookies, etc. But, these are also signals that servers can use to create a fingerprint.
But, if unless Gemini is incredibly successful, it’s not possible to avoid a proxy which wraps a Gemini request in HTTP, exposing all of the same privacy breaking things to the proxy.
I’m not suggesting that Gemini isn’t privacy focused, because, clearly the protocol itself leaves little room to stuff any identifying information in it. However, practically speaking, this simply doesn’t matter at this point. In fact, seeing Gemini traffic on the web at all (or, network traffic to TCP/1965) might immediately group your IP into an identifying group of “nerds” interested in privacy preserving web protocols. Surely, that IP connection with the rest of the browsing data from other sources will further identify you, or someone else in your house, reducing your privacy.
In other words, isn’t the use of Gemini just another feature of your online fingerprint?