The modern web is a surveillance platform dressed as a publishing medium.
Gemini strips it back to text, TLS, and nothing else — and that constraint
is the privacy guarantee.

What the Web Became

Loading a typical news website in 2026 executes hundreds of JavaScript files,
makes requests to dozens of third-party domains, sets tracking cookies from
advertising networks, fingerprints your browser through canvas API calls, loads
fonts from Google's CDN, and fires analytics beacons on every scroll event.
The article you came to read is 500 words. The infrastructure deployed to deliver
it — and to profile you while doing so — weighs several megabytes and involves
servers on four continents.

This is not an accident. It is the business model. The web was not designed to be
a surveillance platform. It became one because HTTP and HTML were flexible enough
to accommodate every monetisation mechanism advertising networks could invent, and because browser vendors had no incentive to refuse them.

The modern web is not bloated because engineers made bad technical decisions.
It is bloated because surveillance pays, and HTTP enables surveillance.

What Gemini Is

Gemini is a network protocol designed in 2019 by Solderpunk as a deliberate
alternative — not a replacement — for HTTP. It sits between Gopher (1991, minimal
but no TLS, no Unicode) and HTTP in terms of capability. The design goals were
explicit from the first specification draft: be simple enough that a single person
can write a complete client in a weekend, be TLS-mandatory from the start, and be
incapable of tracking users.

The protocol operates on port 1965. A client opens a TLS connection, sends a single
line containing the URL, and receives a response: a two-digit status code, a MIME
type, and content. That is the entire protocol. There are no headers for cookies.
There is no mechanism for JavaScript execution. There is no way to make requests to
third-party domains from within a page, because the protocol does not support
subresources.

A Gemini page cannot track you. Not because the server is honest, but because the
protocol physically cannot accommodate the mechanisms tracking requires.

Gemtext: Intentional Constraint

Content on Gemini is typically served as <code>text/gemini</code> — gemtext.
The format has exactly six line types: plain text, headings (three levels), list
items, blockquotes, preformatted blocks, and links. Links can only appear on their
own line. You cannot embed a link inside a sentence. You cannot apply CSS.

This sounds limiting. It is. That is the point.

When a format cannot contain tracking pixels, it does not contain them.
When a format cannot embed third-party scripts, it cannot deliver malvertising.
When a format cannot load remote resources, it cannot fingerprint your browser.
The constraint is not a bug. It is the mechanism by which the privacy guarantee
is delivered.

TLS Without the Certificate Authority Problem</h2>

Gemini requires TLS for every connection. Unlike HTTPS, it does not mandate the
Web PKI certificate authority system. Gemini clients typically use a TOFU
(Trust On First Use) model: the first time you visit a capsule, the client records
its certificate fingerprint. Subsequent visits verify against that fingerprint.
If the certificate changes unexpectedly, the client warns you.

This eliminates the dependency on a hierarchy of certificate authorities — a system
that has been compromised repeatedly and structurally enables governments to perform *man-in-the-middle* attacks by coercing CAs in their jurisdiction.

Gemini's TOFU model enables self-signed certificates without browser warnings.
Running a capsule costs nothing and requires no interaction with any certificate
authority infrastructure.

Gemini Over Tor and Mixnets

Because Gemini is protocol-simple and bandwidth-light, it is exceptionally
well-suited to transport over anonymity networks. The protocol has no keep-alive
requirements, no streaming, no long-lived connections — each request is independent,
which maps cleanly onto Tor circuit behaviour and Nym packet routing.

A Gemini capsule on a Tor hidden service combines two layers of protection: the
protocol cannot leak metadata, and the transport hides the connection itself.

Our Gemini Presence

We operate Gemini capsules at the following addresses. Access requires a Gemini
client gmi.skyjake.fi/lagrange/ (desktop) and Ariane (Android) are the most complete implementations.

Main capsule
*gemini://virebent.art*

gemini://contact.virebent.art

Hidden archives — Tor onion gemini://n5ry24fweklbn562o7fnyefanygtwxlgi7aevn26huuxqlsftxy5ljqd.onion/

The onion address requires Tor Browser or Lagrange configured with a SOCKS5 proxy on 127.0.0.1:9050.

The hidden archives onion address serves content that we consider too sensitive or
too important to trust to the clearnet. Onion services have no registrar, no hosting
provider, no DNS authority that can receive a takedown notice. The content exists as
long as the server runs, and the server's location is unknown to anyone but us.

Who Gemini Is For

Gemini is not a replacement for the web. It cannot serve a web application,
process payments, or host a video stream. It is for text. It is for people who want
to publish and read without the infrastructure of surveillance capitalism as an
intermediary.

It is for journalists who need a publication channel that cannot easily be monetised
into compliance. It is for archivists who want a format that will be readable in
thirty years without a specific browser version. It is for anyone who finds that most
of what they want from the internet is text, and most of what the internet delivers
along with that text is noise.

Simplicity, in network protocol design, is a security property. Gemini is simple
on purpose.

Full specification and client list at
geminiprotocol.net