this post was submitted on 25 Jul 2023
1035 points (97.2% liked)

Technology

59761 readers
3154 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Synopsis: The article discusses the FBI's seizure of the Mastodon server and emphasizes the need for privacy protection in decentralized platforms like the Fediverse. It calls for hosts to implement basic security measures, adopt policies to protect users, and notify them of law enforcement actions. Users are encouraged to evaluate server precautions and voice concerns. Developers should prioritize end-to-end encryption for direct messages. Overall, the Fediverse community must prioritize user privacy and security to create a safer environment for all.

Summary:

Introduction

  • We are in an exciting time for users wanting to regain control from major platforms like Twitter and Facebook.
  • However, decentralized platforms like the Fediverse and Bluesky must be mindful of user privacy challenges and risks.
  • Last May, the Mastodon server Kolektiva.social was compromised when the FBI seized all electronics, including a backup of the instance database, during an unrelated raid on one of the server's admins.
  • This incident serves as a reminder to protect user privacy on decentralized platforms.

A Fediverse Wake-up Call

  • The story of equipment seizure echoes past digital rights cases like Steve Jackson Games v. Secret Service, emphasizing the need for more focused seizures.
  • Law enforcement must improve its approach to seizing equipment and should only do so when relevant to an investigation.
  • Decentralized web hosts need to have their users' backs and protect their privacy.

Why Protecting the Fediverse Matters

  • The Fediverse serves marginalized communities targeted by law enforcement, making user privacy protection crucial.
  • The FBI's seizure of Kolektiva's database compromised personal information, posts, and interactions from thousands of users, affecting other instances as well.
  • Users' data collected by the government can be used for unrelated investigations, highlighting the importance of strong privacy measures.

What is a decentralized server host to do?

  • Basic security practices, such as firewalls and limited user access, should be implemented for servers exposed to the internet.
  • Limit data collection and storage to what is necessary and stay informed about security threats in the platform's code.
  • Adopt policies and practices to protect users, including transparency reports about law enforcement attempts and notification to users about any access to their information.

What can users do?

  • Evaluate a server's precautions before joining the Fediverse and raise privacy concerns with admins and users on the instance.
  • Encourage servers to include privacy commitments in their terms of service to resist law enforcement demands.
  • Users have the freedom to move to another instance if they are dissatisfied with the privacy measures.

What can developers do?

  • Implement end-to-end encryption of direct messages to protect sensitive content.
  • The Kolektiva raid highlights the need for all decentralized content hosts to prioritize privacy and follow EFF's recommendations.

Conclusion

  • Decentralized platforms offer opportunities for user control, but user privacy protection is vital.
  • Hosts, users, and developers must work together to build a more secure and privacy-focused Fediverse.
(page 2) 50 comments
sorted by: hot top controversial new old
[–] GustavoM@lemmy.world 10 points 1 year ago

That'd be funny if a random sends me a private message, like

"Hey, nice cock.

Love, FBI"

That'd make my day ngl

[–] HughJanus@lemmy.ml 9 points 1 year ago (9 children)

This is why I joined a Swiss server

load more comments (9 replies)
[–] Strawberry@lemmy.blahaj.zone 7 points 1 year ago (1 children)

Damn Kollektiva.social got raided?? Do they no longer exist because the feds took all their shit?

[–] rob_t_firefly@lemmy.world 8 points 1 year ago (1 children)

Kollektiva.social

It's https://kolektiva.social (one L in kolectiva) and the site is still up, and their admin gave this comment on the raid.

load more comments (1 replies)
[–] nyakojiru@lemmy.dbzer0.com 7 points 1 year ago (6 children)

Who can say if an instance of lemmy / kabob sells the data or the users …

[–] zmej420blazeit@lemmy.world 4 points 1 year ago

nearly all your data is public, so there's no need for anyone to pay for it. this is a public platform where everything is relayed unencrypted to other activitypub nodes. If I click your name here and try to DM you I even see this warning: "Warning: Private messages in Lemmy are not secure. Please create an account on Element.io for secure messaging."

load more comments (5 replies)
[–] Transcendant@lemmy.world 6 points 1 year ago* (last edited 1 year ago) (3 children)

Because of the nature of the fediverse, this also implicates user messages and posts from other instances.

When they say 'messages and posts', the posts are publicly available, by messages do they mean comments?... or is this saying that private messages between users are also in this data?

I guess I'm still ignorant about parts of how the fediverse works. If I private message someone on our .world instance, that data is stored on Ruud's server only, correct? But if I private message someone on another instance, that data is stored on both servers?

edit I just read the mastodon post, it says:

  • All your posts: public, unlisted, followers-only, and direct ("DMs")

Shit.

load more comments (3 replies)
load more comments
view more: ‹ prev next ›