I don’t know what that is, nor have I used it, but I’m assuming it requires an internet connection, operating system, and browser at the very least. If so, there are multiple ways in which your ISP, browser (and any plug-ins you use in the browser), as well as the method of connecting to the internet (i.e. DNS server, wifi/router, mobile data connection, etc.) that could be used to collect data or metadata to build a profile. The device you are using, or even the screen-size could be useful to an attacker (or marketer).

That doesn’t mean that the contents of whatever is being transferred to/from “bitmessage” can be read, but “someone” would know that you’re using Bitmessage at the very least, the times you use it, perhaps the location you use it from, the device, OS, what plug-ins you might use. DNS records could build an even clearer picture of your activities. If Bitmessage requires an account or other form of verifying who you are (or how someone can contact you), then those could be collected and used against you.

That’s not to say you can’t protect yourself from some of the snooping. But apparently, the more you do, the more unique your online fingerprint is, which ironically, makes you more vulnerable.

Because the internet isn’t truly P2P (there’s always a third-party in the mix, either to deliver the data service or to relay data), you have to assume there are third-parties who can (and probably do) collect data from your activities.

But… your threat model also influences whether these “risks” are even worth worrying about. If you’re a regular teen on Reddit, you probably don’t give a shit at all. But if you’re a public figure, perhaps one who would be a target for governments or bad actors, then every link in the chain of interactions you have with the internet could expose you.

I find it unlikely my ISP is breaking my quantum encrypted VPN just for ads

They don’t need to break encryption. You have an account to post here, and I’m assuming you are using the same device to access other services you have which also use accounts, right? Now, suppose your IP address doesn’t rotate very often, it would be very easy for a company like Google to relate at least a few accounts to start building a profile.

Then, since posting here is pretty easy to scrape, even more data can be collected… like the fact that you use a linux router and OS. The profile keeps getting bigger with every new interaction, and at some point, it won’t even matter if your IP changes, because there may be enough static data somewhere that could be linked to a different account (i.e. your phone, phone’s OS, screen size, etc. can be used to isolate you from other users).

find it unlikely my linux router and linux computer are spying on me.

Yeah, that would require some serious commitment from the spooks. So really depends if your shit posting is national security concern lol

TBH, I am pretty sure half of fedi will be sent into Gitmo in the future