Gemini Protocol: Simplicity as a Privacy Feature
The modern web is a surveillance platform dressed as a publishing medium. Gemini strips it back to text, TLS, and nothing else — and that constraint is the privacy guarantee.
What the Web Became
Loading a typical news website in 2026 executes hundreds of JavaScript files, makes requests to dozens of third-party domains, sets tracking cookies from advertising networks, fingerprints your browser through canvas API calls, loads fonts from Google's CDN, and fires analytics beacons on every scroll event. The article you came to read is 500 words. The infrastructure deployed to deliver it — and to profile you while doing so — weighs several megabytes and involves servers on four continents.
This is not an accident. It is the business model. The web was not designed to be a surveillance platform. It became one because HTTP and HTML were flexible enough to accommodate every monetisation mechanism advertising networks could invent, and because browser vendors had no incentive to refuse them.
The modern web is not bloated because engineers made bad technical decisions. It is bloated because surveillance pays, and HTTP enables surveillance.
What Gemini Is
Gemini is a network protocol designed in 2019 by Solderpunk as a deliberate alternative — not a replacement — for HTTP. It sits between Gopher (1991, minimal but no TLS, no Unicode) and HTTP in terms of capability. The design goals were explicit from the first specification draft: be simple enough that a single person can write a complete client in a weekend, be TLS-mandatory from the start, and be incapable of tracking users.
The protocol operates on port 1965. A client opens a TLS connection, sends a single line containing the URL, and receives a response: a two-digit status code, a MIME type, and content. That is the entire protocol. There are no headers for cookies. There is no mechanism for JavaScript execution. There is no way to make requests to third-party domains from within a page, because the protocol does not support subresources.
A Gemini page cannot track you. Not because the server is honest, but because the protocol physically cannot accommodate the mechanisms tracking requires.
Gemtext: Intentional Constraint
Content on Gemini is typically served as text/gemini — gemtext.
The format has exactly six line types: plain text, headings (three levels), list
items, blockquotes, preformatted blocks, and links. Links can only appear on their
own line. You cannot embed a link inside a sentence. You cannot apply CSS.
This sounds limiting. It is. That is the point.
When a format cannot contain tracking pixels, it does not contain them. When a format cannot embed third-party scripts, it cannot deliver malvertising. When a format cannot load remote resources, it cannot fingerprint your browser. The constraint is not a bug. It is the mechanism by which the privacy guarantee is delivered.
TLS Without the Certificate Authority Problem
Gemini requires TLS for every connection. Unlike HTTPS, it does not mandate the Web PKI certificate authority system. Gemini clients typically use a TOFU (Trust On First Use) model: the first time you visit a capsule, the client records its certificate fingerprint. Subsequent visits verify against that fingerprint. If the certificate changes unexpectedly, the client warns you.
This eliminates the dependency on a hierarchy of certificate authorities — a system that has been compromised repeatedly and structurally enables governments to perform man-in-the-middle attacks by coercing CAs in their jurisdiction.
Gemini's TOFU model enables self-signed certificates without browser warnings. Running a capsule costs nothing and requires no interaction with any certificate authority infrastructure.
Gemini Over Tor and Mixnets
Because Gemini is protocol-simple and bandwidth-light, it is exceptionally well-suited to transport over anonymity networks. The protocol has no keep-alive requirements, no streaming, no long-lived connections — each request is independent, which maps cleanly onto Tor circuit behaviour and Nym packet routing.
A Gemini capsule on a Tor hidden service combines two layers of protection: the protocol cannot leak metadata, and the transport hides the connection itself.
Our Gemini Presence
We operate Gemini capsules at the following addresses. Access requires a Gemini client — Lagrange (desktop) and Ariane (Android) are the most complete implementations.
Main capsule
gemini://virebent.art
Encrypted contact
gemini://contact.virebent.art
Hidden archives — Tor onion only
gemini://n5ry24fweklbn562o7fnyefanygtwxlgi7aevn26huuxqlsftxy5ljqd.onion/
The onion address requires Tor Browser or Lagrange configured with a SOCKS5 proxy on 127.0.0.1:9050.
The hidden archives onion address serves content that we consider too sensitive or too important to trust to the clearnet. Onion services have no registrar, no hosting provider, no DNS authority that can receive a takedown notice. The content exists as long as the server runs, and the server's location is unknown to anyone but us.
Who Gemini Is For
Gemini is not a replacement for the web. It cannot serve a web application, process payments, or host a video stream. It is for text. It is for people who want to publish and read without the infrastructure of surveillance capitalism as an intermediary.
It is for journalists who need a publication channel that cannot easily be monetised into compliance. It is for archivists who want a format that will be readable in thirty years without a specific browser version. It is for anyone who finds that most of what they want from the internet is text, and most of what the internet delivers along with that text is noise.
Simplicity, in network protocol design, is a security property. Gemini is simple on purpose.
Full specification and client list at geminiprotocol.net.