(no title)

> You cannot track and exploit your site visitors

Despite the specification, there is such possibilities as TLS fingerprinting, URL tracking, although it does reduce much of the problems of WWW.

> The problem with the Gemini-protocol is that it introduces an attack vector: The Gemini 'browsers' themselves. The most popular one is not audited; has a huge code-base; and has relatively few eyes-on-it.

You do not have to use the most popular one (I don't use the most popular one); there are many others available as well, and the specification is made that you could hopefully make your own one if you like to do, too.

> if I was a tech-giant / agency profiting from the surveillance-internet, I would definitely write browsers for the Gemini protocol and backdoor them.

Nobody is required to use that specific implementation, and someone might find the backdoors, but it is possible.

> As a former "Don't be evil" company, it would be of great interest to me who was trying to exit my 'web'; how; and why :)

You do not necessarily need to write a new browser to check this; sometimes they already write public documents about these things, and there are many other ways to track it (e.g. by logging other things, by tracking browser extensions, etc).

The whole point of Gemini's simplicity and designed-in lack of evolution (through missing version numbers) is that you can write a fully featured client yourself, because the protocol surface is not that large once you leverage an existing TLS library.

the userbase for gemini is so miniscule, I can't imagine they could get enough data to want to even bother. Bit like trophy fishing in the puddle of rain runoff next to the stocked pond of monster bass.