[The Free  Thinker talks about  how the  best thing about  gopher is
that it is unencrypted][0]. He brings up some great points I did not
in  my   related  phlog   entry  ['Does   Gopher  Really   Need  TLS
Encryption'][1],   including  the   insight  about   how  connection
meta-data can  be just as revealing  as the actual content  of one's
gopher traffic.

His points  about older web  browsers becoming unusable are  sadly a
reality for those of us who like to use older hardware and operating
systems. If I could I'd use older versions of Firefox that still had
native gopher support,  for example. Gopher is not  just for serving
text.

And while gopher  is read-only for most users, there  are times when
you do  need to enter  data.  The most  common is when  using gopher
search, but  in general use (or  abuse) of any item  type 7 selector
like with gopher CGI scripts (guestbooks  are the most common I see)
applies.   If you  want  to use  these securely  you  can send  your
requests  over  an  SSH  socks  proxy or  use  Tor  browser  with  a
gopher-to-web gateway,  and don't worry about  the unencrypted final
hop or two.

If your socks proxy terminates at a large, multi-user pubnix system,
it would be nearly impossible to match packet timings out of all the
outbound traffic these systems generate -  and that is _if_ you know
the originating protocol being stuffed  down the SSH pipe. Sometimes
the obscurity of gopher is a good thing.

[0]: gopher://aussies.space/0/%7efreet/phlog/2020-05-31The_Best_Thing_About_Gopher_is_that_its_Unencrypted.txt
[1]: gopher://gopher.unixlore.net/0/glog/does-gopher-really-need-tls-encryption.md

You are viewing proxied material from gopher.unixlore.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.