GuestNo new alerts

Privacy Tips Gosora

- Articles1648
A little article on how to improve your users' privacy.

You may want to purge the logs every now and then for Gosora and any reverse-proxy that you may or may not have sitting in-front of it.

Avoid posting things like images and videos. I may add a setting to scrub those out. Mainly for Tor, this adds more entropy which makes it easier to identify what site someone is accessing by statistical traffic analysis. See: https://arxiv.org/abs/1801.02265

Configuration settings:

Set DisableServerPush to true and EnableCDNPush to false. Mainly for Tor.

Set RefNoTrack and RefNoRef to true. I might add a setting for disabling the rest of the analytics subsystem in the future.

Set DisableJSAntispam to true. This should allow users to use the software without enabling JavaScript, although it may result in more spam getting through. I haven't seen any bot getting through the no-JS defenses so far, but I plan to add more defenses there.

Set PostIPCutoff and LogPruneCutoff to the smallest number of days that you're comfortable with retaining user IPs for.

Set Noavatar to something internal to avoid leaking data to the Adorable API. I am phasing the default noavatar out bit by bit in favor of having Gosora serve it directly due to privacy concerns and to reduce the potential load on Adorable's API.

Set DebugMode and SuperDebug to false.


Change the Activation Type from Email Activation to anything else. Someone's email may leak personal information.

This article is under construction and will updated as I think of more things to add here.