Synopsis: The article discusses the FBI’s seizure of the Mastodon server and emphasizes the need for privacy protection in decentralized platforms like the Fediverse. It calls for hosts to implement basic security measures, adopt policies to protect users, and notify them of law enforcement actions. Users are encouraged to evaluate server precautions and voice concerns. Developers should prioritize end-to-end encryption for direct messages. Overall, the Fediverse community must prioritize user privacy and security to create a safer environment for all.

Summary:

Introduction

  • We are in an exciting time for users wanting to regain control from major platforms like Twitter and Facebook.
  • However, decentralized platforms like the Fediverse and Bluesky must be mindful of user privacy challenges and risks.
  • Last May, the Mastodon server Kolektiva.social was compromised when the FBI seized all electronics, including a backup of the instance database, during an unrelated raid on one of the server’s admins.
  • This incident serves as a reminder to protect user privacy on decentralized platforms.

A Fediverse Wake-up Call

  • The story of equipment seizure echoes past digital rights cases like Steve Jackson Games v. Secret Service, emphasizing the need for more focused seizures.
  • Law enforcement must improve its approach to seizing equipment and should only do so when relevant to an investigation.
  • Decentralized web hosts need to have their users’ backs and protect their privacy.

Why Protecting the Fediverse Matters

  • The Fediverse serves marginalized communities targeted by law enforcement, making user privacy protection crucial.
  • The FBI’s seizure of Kolektiva’s database compromised personal information, posts, and interactions from thousands of users, affecting other instances as well.
  • Users’ data collected by the government can be used for unrelated investigations, highlighting the importance of strong privacy measures.

What is a decentralized server host to do?

  • Basic security practices, such as firewalls and limited user access, should be implemented for servers exposed to the internet.
  • Limit data collection and storage to what is necessary and stay informed about security threats in the platform’s code.
  • Adopt policies and practices to protect users, including transparency reports about law enforcement attempts and notification to users about any access to their information.

What can users do?

  • Evaluate a server’s precautions before joining the Fediverse and raise privacy concerns with admins and users on the instance.
  • Encourage servers to include privacy commitments in their terms of service to resist law enforcement demands.
  • Users have the freedom to move to another instance if they are dissatisfied with the privacy measures.

What can developers do?

  • Implement end-to-end encryption of direct messages to protect sensitive content.
  • The Kolektiva raid highlights the need for all decentralized content hosts to prioritize privacy and follow EFF’s recommendations.

Conclusion

  • Decentralized platforms offer opportunities for user control, but user privacy protection is vital.
  • Hosts, users, and developers must work together to build a more secure and privacy-focused Fediverse.
  • BrikoX@lemmy.zip
    link
    fedilink
    English
    arrow-up
    183
    arrow-down
    1
    ·
    1 year ago

    Original post: https://kolektiva.social/@admin/110637031574056150

    Important context missing from the EFF article is that the Mastodon instance wasn’t the target of the raid according to the admins.

    In mid-May 2023, the home of one of Kolektiva.social’s admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest.

      • metaStatic@kbin.social
        link
        fedilink
        arrow-up
        38
        arrow-down
        9
        ·
        1 year ago

        it has always been a Christian theocracy and American exceptionalism is just open source fascism.

        Nothing new is actually happening.

        • HousePanther@lemmy.goblackcat.com
          link
          fedilink
          English
          arrow-up
          21
          arrow-down
          5
          ·
          1 year ago

          Yeah, it’s always had something of theocratic leaning. It’s just getting even worse nowadays.

          American exceptionalism is just open source fascism.

          Great expression! I love it.

    • PaulDevonUK@lemmy.world
      link
      fedilink
      English
      arrow-up
      45
      arrow-down
      2
      ·
      1 year ago

      Thank you.

      Actual context paints a whole different picture compared to the clickbait post.

    • cynetri (he/any)@midwest.social
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      The article didn’t mention a protest, but the server being compromised due to some sort of unrelated charges was the main topic for a lot of the article

  • iarigby@lemm.ee
    link
    fedilink
    English
    arrow-up
    112
    ·
    1 year ago

    I actually have a question about this - can’t anyone already see the posts and users’ data? Even a simple user account/script can query most stuff, like posts and comments, and you can indirectly query less easily available things like upvotes by compromising any connected server

    • radix@lemmy.world
      link
      fedilink
      English
      arrow-up
      63
      arrow-down
      1
      ·
      1 year ago

      Disclaimer: I’ve never run a Mastodon or similar server, so the software may have more privacy built in, but potentially the issue would be account setup information that could be associated with public posts. Email addresses, IP address logs, etc. Those would be critical in matching public “anonymous” speech with real-world identifiable information.

      • TWeaK@lemm.ee
        link
        fedilink
        English
        arrow-up
        48
        ·
        1 year ago

        The article also mentions that DM’s were available to the admin.

        However it should be assumed that DM’s on lemmy or others are not secure in the first place. If you want secure chat, move to Matrix.

          • Eldritch@lemmy.world
            link
            fedilink
            English
            arrow-up
            19
            arrow-down
            1
            ·
            1 year ago

            If there’s no way to verify that they aren’t. You should assume that they are. Basic security 101.

          • Saik0@lemmy.saik0.com
            link
            fedilink
            English
            arrow-up
            16
            ·
            1 year ago

            Click a persons account name… then click “send message”

            Read the bright yellow notice at the top of the screen.

            Warning: Private messages in Lemmy are not secure. Please create an account on Element.io for secure messaging.

          • TWeaK@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Because admin can inherently see it and, as this post proves, sometimes law enforcement can gain access as well.

    • Raisin8659@monyet.ccOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      One way to look at this is to separate the information available into what’s available locally and what’s available across the Lemmyverse (I am not familiar with others). The information that you mentioned probably are available on all the servers that pull the posts/comments from the community in question.

      Info that is local only: IP address, email, password, usage information. Info available to the two participants’ servers: DM

      I think the mitigations that the EFF article mention mostly protect the locally available information.

      • lolcatnip@reddthat.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        BTW passwords shouldn’t be stored anywhere. Best practice since forever is to only store a cryptographic hash of a user’s password.

        • abhibeckert@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Passwords also shouldn’t be re-used, in which case if they are stolen it doesn’t matter as much - since whoever stole your password likely doesn’t need it to access your stuff.

  • EatMyDick@lemmy.world
    link
    fedilink
    English
    arrow-up
    120
    arrow-down
    55
    ·
    1 year ago

    I have been laughed at and down voted every single fucking time I point out how woefully unprepared every fucking instance is.

    The free model is flawed and will be unsuccessful every fucking time there is any signs popular server. And users aren’t going to tolerate moving fucking servers every month.

    You think cloudflare is going to keep on protecting lemmy.world each week on their free/professional their? Enterprise starts at 20k a year before traffic, good luck raising that kind of yearly money on a hobby server.

    And then there is GDPR and CCPA all of which are ignored and clearly not being enforced just waiting for a lawsuit.

    Oh and I do I need to explain to you people the child porn reporting mechanisms that need to be in place?

    The only way if this bullshit is successful it’s if someone starts a no profit e.g Mozilla foundation and acts like a functioning adult running a business vs a 16 year old tinkering with Linux.

    Bring on the down votes and compium.

    • Kayn@dormi.zone
      link
      fedilink
      English
      arrow-up
      84
      arrow-down
      2
      ·
      1 year ago

      You bring up valid points, but you are being very antagonistic towards server admins in the process. I get that you’re frustrated by being dismissed all the time

    • SpookySnek@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      26
      ·
      edit-2
      1 year ago

      The history of piratebay proves that you can host a website (or instance in this case) and have it be incredibly resilient, out of reach for US/EU law enforcement as long as you have the knowledge and energy to do so. How many millions of hollywood-dollars have been spent on taking it down, vs how many days has it actually been down since it’s creation?

      • deafboy@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        1
        ·
        1 year ago

        The history of piratebay also proves that you have to be ready to face the consequences, and run to Cambodia if needed. Not many operators would do that for their users.

        • SpookySnek@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          1 year ago

          You’re right, but I highly doubt that anyone will throw enough money on influencing a foreign country enough to prosecute a Lemmy admin under US law with a Hollywood chosen judge that has ties to MGM, Warner Bros, and Sony, as Hollywood did with Gottfrid (co-creator of piratebay) in Sweden, leading him to seek shelter in Cambodia.

          Edit: Spelling

    • GONADS125@lemmy.world
      link
      fedilink
      English
      arrow-up
      26
      arrow-down
      1
      ·
      edit-2
      1 year ago

      You have great points, I agree, and it’s why I donate to support lemmy.world. I’m hoping that enough people will donate small funds that it will cumulatively enable the server admins to better protect the instance. Basically like Wikipedia’s funding model.

      Maybe it’s not realistic, but I’m hoping that the fact that we all gave enough of a shit to start anew on lemmy, a decent percentage of the userbase may be more likely to donate than typically the case in online platforms.

      I guess time will tell the future of lemmy and the main instances.

      Edit: Here are the donation pages:

      • EatMyDick@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        2
        ·
        1 year ago

        Wikipedia is run by a central NGO which is something I’ve advocated for. What we have now, and what folks are conversing about isn’t a sane model like you propose. People really believe this place isn’t going to have serious child porn, disinformation, and censorship issues without someone competent taking over the main policing and privacy concerns.

    • epicspongee [they/them or he/him]@midwest.social
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      Enterprise starts at 20k a year before traffic

      My Mastodon server has just under 1.5k MAUs and has raised $4k so far this year. We’ve only been open for six months. This is not hard money to raise.

      • UFO64@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        People are willing to contribute to well run services. Make the contributions manageable for users and they will happy chip in a few dollars here and there.

    • nomadjoanne@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      I think part of the problem is that laws in the developed world essentially make in extremely expensive to run one of these services if you have a lot of users per month.

      Te heart of the issue is that at some point it becomes more useful for mega-corporations to have a cozy relationship with the government than with you. It used to be that if a service found that there was child porn on their service, the law simply required them to remove it and report it to the police. Very reasonable.

      The thing is though, if that is all the compliance one needs to follow, then the creation of new firms and services is quite easy. Mega-corporations don’t like this. They want to slow the creation of new services and firms because this slows the appearance of new competition. Hence they become pro-regulation, and, I’d argue, attempt to shift the entire culture towards paranoia and a demand for more regulation.

      Perhaps the only defense is to stay small. Obviously don’t allow any abusive or illegal content. But stay small so that you can skirt by without having to deal with compliance with the big-boy regulations.

      • EatMyDick@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        14
        ·
        1 year ago

        Laws + costs of a server. Cloudflare is 100% in talks warning lemmy.world they aren’t going to support them for free/$20/month.

        I love how you dismiss the compliance as all you need. As if it isn’t a crazy topic that requires a lawyer every other day plus hiring a team and creating a process to deal with child porn shit.

        None of you know half the reality of running successful digital services.

        • nomadjoanne@lemmy.world
          link
          fedilink
          English
          arrow-up
          14
          arrow-down
          1
          ·
          1 year ago

          I love how you’re an asshole for no apparent reason. We both like this place and are on the same team, even if we disagree about some things.

          But, in all seriousness, I really have the feeling that you are approaching this from the standpoint of a lawyer or someone on the marketing team of a large corporation. Of course a service like lemmy.world, or any of the larger instances, should consult with a lawyer at some point if they haven’t already. But this is not a mega-corporation, and I don’t think many people in Lemmy apart from you have any intention of running it like one.

          Of course these services cost money to run and protect. No one is saying it’s free. To give a similar example, some of the largest Invidious instances blow though several terabytes a day. So they are very much dependent on donations. We should all try and chip in if we are able.

          • archomrade [he/him]@midwest.social
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 year ago

            This person honestly just sounds frustrated with the idealism of a not-for-profit social media alternative. Their concerns have some validity, but to suggest that it can’t work without following a paid or ad-supported model is a little dogmatic in my view.

    • astral_avocado@programming.dev
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      Cloud flare’s business is protecting small websites as well as large across the world from DDOS attacks. You don’t think there’s a tier somewhere between “free” and “enterprise 20k base”? DDOS mitigation techniques have gotten pretty advanced and are no longer the sole domain of large companies.

    • Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      I like the idea of it, but you’re right. It’s not going to scale because at some point, somebody has to pay for it. And most users, myself included, seem unwilling to dip into our own pockets to satisfy our crippling addiction to cat pictures and world weary cynicism.

      In the old days we had Usenet newsgroups, hosted by ISPs, just like most of them still do with email. It’s the ideal place for hosting a fediverse, maybe not necessarily this one. They already scale their stuff with the number of users. We already pay them. And it decentralises power away from a handful of tech billionaires.

      Would they do it? Who knows. They’re certainly best placed for it, but would they want the unenviable job of identifying and blocking kiddy porn and cartel torture videos? I know I wouldn’t want to be looking at that shit all day. The big networks obviously have a solution for that, but automated AI image recognition stuff only goes so far. At some point there’s a poor minimum wage worker looking at it in a third world country.

      • Rodeo@lemmy.ca
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        In the old days we had Usenet newsgroups, hosted by ISPs … it decentralises power away from a handful of tech billionaires.

        And into the hands of the ISPs, which are also owned by billionaires.

        • Blackmist@feddit.uk
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Depends where you are. In the US, probably. You don’t even get a choice of ISP in some places, although there’s probably more choice if you use a mobile. In the UK, there are a few dozen. Small ones all over most other countries. It’s still an improvement over Facebook and Twitter.

          And you wouldn’t have to use your ISP’s one. You could use any. But you will have to accept that it costs money. You’ll be having to pay at some point, either with adverts, a subscription, or some Discord style nonsense waved in your face every day.

      • nomadjoanne@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        3
        ·
        1 year ago

        I’m a bit unconvinced that we would want to scale. Why is growth necessarily good? We’d end up looking much like mainstream social media by that point. A lot of regulatory compliance, a lot of normie BS on the platform, etc. There is still probably some room to grow before that becomes a reality though.

        I think it’s a fine line to walk, but being and staying a bit niche isn’t such a bad thing.

    • Auli@lemmy.ca
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      2
      ·
      1 year ago

      Naw it doesn’t cost money to run anything. You don’t understand it all just there in the cloud /s.

      • EatMyDick@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        5
        ·
        1 year ago

        The funny thing is I manage the NIST/ISO/GDPR for our company. I would have been coding slinging yaml and terraform just a few years ago. I literally have experience managing 75M of resources in such systems and have in depth discussions with my lawyer about this fascinating time bomb.

        At some point a while back I just gave up having educated conversations over SM. For every one you’ll have 10 jackasses who have been widely unsuccessful in their career bitching in anti work how you doing know Jack shit. I stated my first two responses responses to incorrect or uneducated information and was immediately attacked as usual. It’s a race to the bottom that everyone is getting tired of.

        • iByteABit [he/him]@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          I’m not disagreeing with your points on running an online service, I just have to point out that you seem like an asshole of a person.

          Take a damn chill pill

    • valveman@lemmy.eco.br
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      You have good points, and yeah, I too want data privacy and everything, but the Fediverse in general always was a niche place. I mean, people only got to know this because the mainstream social media fucked up badly this time (and keeps doing it very well). Now we have thousands of new instances, users and everything, but no one was prepared for it.

      My point is: your proposals are totally valid, but there was no need for this level of security until yesterday, since this was just a niche place with a couple hundreds of users. Give it a few months and we might get some updates on instance infrastructure and the ActivityPub protocol itself to make it safer.

    • deafboy@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      If we want the ecosystem to be resilient, we need to migrate to a model where:

      1. The data is redundant, in a way it matters. Yes, I know the posts are currently replicated, but if the primary replica is gone, the usefulness of the copies is limited.
      2. The identities are not tied to a provider

      NOSTR does this, AND provides an incentive for keeping the content online - you simply pay one, or even multiple relay operators, for keeping your data online. However:

      1. NOSTR client UX currently sucks even more than lemmy/mastodon
      2. There is no useful content whatsoever. They’re in the “only political extremists use this” phase at the moment.
      • astral_avocado@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The type of people that inhabit these instances will never ever agree to a no-moderation type of setup. That’s what true decentralization means, right?

    • mrmanager@lemmy.today
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I don’t think gdpr is required when it’s not a company running the instances? We have 1389 instances running now, rented or owned by individuals. Interesting point though, wonder if gdpr applies still.

      And if an instance is hosted in America, does it still apply? It seems many advertising companies are avoiding Europe because there is privacy laws like gdpr.

      • Atemu@lemmy.ml
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        IANAL.

        I don’t think gdpr is required when it’s not a company running the instances?

        Depends on whether your thing is intended for public or private use. If it’s just a static website to share files with friends and family or a chat service for a similarly limited group, then no, the GDPR does not apply.

        Most popular Fediverse instances are clearly made for public use however.

        if an instance is hosted in America, does it still apply

        As long as it processes data of EU citizens, the GDPR applies. Whether the EU is able to enforce it is a different question.

      • Atemu@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        IANAL.

        I don’t think gdpr is required when it’s not a company running the instances?

        Depends on whether your thing is intended for public or private use. If it’s just a static website to share files with friends and family or a chat service for a similarly limited group, then no, the GDPR does not apply.

        Most popular Fediverse instances are clearly made for public use however.

        if an instance is hosted in America, does it still apply

        As long as it processes data of EU citizens, the GDPR applies. Whether the EU is able to enforce it is a different question.

      • Zetaphor@zemmy.cc
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        edit-2
        1 year ago

        When the regulation does not apply

        Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.

        Source: European Commission

        This has been my primary understanding, since many of us instance admins are not specifically targeting individuals in the EU, say as opposed to a company like Facebook or Spotify, we are not subject to the GDPR.

        • mrmanager@lemmy.today
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          1 year ago

          It also says company here. We (instance owners) don’t have companies (corporations), which also makes gdpr not apply on it’s own, correct?

          • Zetaphor@zemmy.cc
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            It says “company or entity” further up in the page, that quote is just an example they provided.

            I am neither a lawyer or an EU citizen, so honestly I don’t know. This is the law as I understand it from reading that source.

            This is one of the many reasons I have a semi-private instance, so I’m only liable to myself and maybe a few friends.

            • mrmanager@lemmy.today
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              I asked chatgpt and it seems to apply to instance owners:

              The General Data Protection Regulation (GDPR) is a data protection law that was implemented by the European Union (EU) to protect the personal data and privacy of individuals within the EU. It applies to both corporations and individuals who process personal data in the context of offering goods or services to individuals in the EU or monitoring the behavior of individuals within the EU, regardless of where the company is located.

              So, the GDPR does not only apply to corporations but also to any individual or organization that handles personal data of individuals within the EU, irrespective of their size or location. This means that even small businesses, non-profit organizations, and individuals who process personal data falling within the scope of the GDPR must comply with its provisions.

              • Zetaphor@zemmy.cc
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I’m definitely not taking legal advice from ChatGPT lol

                This does beg the question, what constitutes personal data? If I don’t require an email for signup, does information you publicly post count as personal data?

                It seems we’d be best asking a lawyer for these kinds of things

                • mrmanager@lemmy.today
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Chatgpt is usually accurate enough in my experience and also what it says below is what i I know myself is included:

                  Personal data, as defined by various data protection laws, refers to any information that relates to an identified or identifiable natural person. This means that personal data includes any data that can be used, directly or indirectly, to identify an individual. It can be a name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

                  Examples of personal data include:

                  1. Name: Full name, first name, last name, or initials.
                  2. Contact Information: Email address, phone number, physical address, or social media handles.
                  3. Identification Numbers: National ID number, passport number, social security number, or driver’s license number.
                  4. Location Data: GPS coordinates, IP address, or data from tracking systems.
                  5. Online Identifiers: Usernames, account numbers, or device-specific identifiers.
                  6. Biometric Data: Fingerprints, facial recognition data, or voiceprints.
                  7. Health Information: Medical history, health conditions, or health insurance details.
                  8. Financial Information: Bank account numbers, credit card details, or income information.
                  9. Racial or Ethnic Information: Information about race, ethnicity, or cultural background.
                  10. Sexual Orientation: Information regarding a person’s sexual orientation or preferences.

                  It’s important to note that even if a single piece of data seems innocuous or does not appear personally identifiable by itself, when combined with other data points, it might lead to the identification of an individual. Therefore, data controllers and processors are obligated to treat all such data with care and follow data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union or other relevant laws, to ensure the privacy and security of individuals’ personal data.

    • Dr. Dabbles@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You seem to be collecting downvotes because you generally have bad takes. Why be here if you’re angry at the existence of servers run as a hobby? Which instance are you on?

      Yeah, there’s a ton more work that needs to be done, and the first professionally operated instance is likely to become extremely successful. But literally zero of the other web properties started with any of the controls or funding you’re angry about. Shit, Twitter has disbanded most of the departments responsible for compliance.

      Be less angry about it. It’s not life or death, it’s bullshitting with strangers online.

      • Teaism@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        You’re getting my downvote because you and whoever upvoted you, are greatly missing the point of the GDPR. The whole point of it IS end-user personal data protection and transparency on the ways that a company will gather data from you.

        If anything, we need more of it in other non-EU countries. Let me give you a short example: in the EU you have the right to be “forgotten” by a company in terms of the data they have on you. As in, you contact that company, request they delete all the data they have on you which they have to legally comply to. That’s all thanks to the GDPR.

  • phx@lemmy.ca
    link
    fedilink
    English
    arrow-up
    60
    arrow-down
    1
    ·
    1 year ago

    Interesting no mention of encryption-at-rest (disk encryption), which is something I’d recommend for servers in general.

    • LedgeDrop@lemm.ee
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      1 year ago

      I’m curious, how would you do this in such a way that it wouldn’t come at the expense of effecting your high availability?

      If the server were on-prem or in the cloud… and the system crashed/rebooted, how would you decrypt (or add the passphrase) to the encrypted drive?.. cause the likehood of the kernel crashing or a reboot after and update is higher than an FBI raid… and it would get tiresome to have the site being down, while we wait for Bob to wake up, log in, and type the passphrase to mount the encrypted hdd.

      You could use something like HashiCorp Vault, but it isn’t perfect either. If the server were rebooted, it could talk to Vault and request the passphrase (automatically) , but this also means that the FBI could also “plug in” the server (at their leisure) and have it re-request the passphrase. … and if Vault were restarted there’s quite a process to unseal (unlock) a vault - so, it would be as cumbersome as needing to type in the passphrase on reboot.

      My point / question is: yes, encryption (conceptually) is easy, but if you look at “the whole life cycle / workflow” - it’s much more complicated and you (as an administrator) might ask yourself “does this complexity improve anything or actually protect my users?”

      • zmej420blazeit@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        Encrypting user data is pretty standard in the industry, and even required by law in the instance of servers hosting medical information in the US. Consumer software for disk encryption like you mentioned is substantially different from usual encryption solutions employed by data centers. Whole disk encryption is commonly done at a firmware or hardware level. For an example, iPhone embedded storage is fully encrypted and tied to the rest of the phone’s hardware. No user input required.

        It wouldn’t have mattered if the guy had encryption any way because, as the article mentioned:

        To make matters worse, it appears that the admin targeted in the raid was in the middle of maintenance work which left would-be-encrypted material on the server available in unencrypted form at the time of seizure.

        • Auli@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Where does HIPA state the medical data must be encrypted on the machine? I am not an expert on HIPA put don’t remember seeing that when looking at it before.

      • tuffers@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        There are several methods available for encrypting server disks without compromising availability but the best I’ve used is Network Bound Disk Encryption in the form of tang and clevis utilities. The encrypted server consults a tang server (or multiple servers using Shamir’s Secret Sharing) for the decryption key and then boots without user intervention. You can put a range of controls and redundancies around tang servers but the idea is they are only available on the local network.

        Before you say there’s no point encrypting a disk and then automatically decrypting it, think about the use case. The encrypted server will auto decrypt if everything is fine, but remain protected if that server is stolen or the decryption servers are shutdown or modified. It provides convenience while maintaining a level of protection. It also ensures disks are preemptively encrypted if they ever need to be returned for a warranty claim, which is a much more likely event.

      • phx@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        If you’ve got proper HA, then your secondary could still be up and running just but not receiving connections or running certain services (assuming a standard active/passive). Yes, one could still have a passphrase on encrypted boot and enter that via RA (DRAC,ILO, SSH preboot), or the credentials could be in a TPM etc.

        None of those are foolproof, but protecting users’ data isn’t just about FBI raids, and disk encryption in general should still be part of the security toolkit because stuff like lost drives or improper disposal still happens.

      • phx@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Well yeah, with a cloud host your data is on call l somebody else’s hardware. The cloud host themselves do implement some form of encryption closer to said hardware (i.e. for the SAN arrays) so that a lost disk doesn’t mean exposed data.

    • thepianistfroggollum@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Encryption at rest only protects you if the system is off and someone takes the physical drive or disk file. Once the system is running the data is unencrypted.

      • phx@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Mostly true. It protects against access to the data when the encrypted volume is actively open.

        Is it going to protect against physical access to active hardware in most cases? Probably not (though some might also l consider some layers such as immediately closing the volume and/or wiping keys if certain circumstances are net)

        Is it still a good idea? Yes, as it offers reasonable protection for data (along with other layers) when one considers stuff like drive disposal etc.

  • Novman@feddit.it
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    2
    ·
    1 year ago

    Why the state seize mastodon/exit nodes/megaupload/private servers and NEVER amazon/apple/facebook/twitter/google servers? The law is different if you are a zuckemberg?

    • MajorHavoc@lemmy.world
      link
      fedilink
      English
      arrow-up
      38
      ·
      1 year ago

      The reason we don’t see seizure of those servers is that those services have established working relationships with law enforcement, so there’s no need to physically seize the servers.

      It’s worth noting that while various CEOs claim not to cooperate with law enforcement, the Patriot Act created provisions for establishing that cooperation without CEO permission or awareness.

      • Novman@feddit.it
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        It is, sadly, like to say in the 1800: if your newspaper cooperates with government it is not closed, otherwise we can close it at will. A lot of established freedom of press laws now will never had passed.

    • Uriel238 [all pronouns]@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      In the case of Meta and the Muskverse, it’s because they regard themselves as a third party and cooperate with law enforcement in disclosing everything about you on request. As per MEGAupload and Backpage (and presently TikTok) this tactic doesn’t always work.

      Google used to claim that they would demand warrants, and then run them past their blue-haired lawyers to make sure all the jots and tittles were in place before releasing data, but that was back in the aughts and early 2010s. I don’t know what Google’s relationships is to law enforcement today.

      Amazon will also totally snitch on you, as will all the telecommunications services (Verizon, AT&T, Comcast, T-Mobile, Astound, etc.) It’s one of the reasons you want to get a VPN service that actively deletes its records, and law enforcement doesn’t like very much.

      Once US law enforcement wants to get you, do not expect your civil rights to protect you. And don’t talk to law enforcement. Wait for council and get a lawyer, because they will try to nail you for CFAA violations which can land you 25 years (which is more than some murder).

  • Proteus@lemmy.world
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    2
    ·
    1 year ago

    great info! question: how can users, “Evaluate a server’s precautions before joining the Fediverse”? ELI5 please.

    • Raisin8659@monyet.ccOP
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      2
      ·
      1 year ago

      That’s a great question. The EFF article gives answers that I find somewhat unsatisfactory (but may be possible solutions given what’re there at the moment):

      For users joining the fediverse, you should evaluate the about page for a given server, to see what precautions (if any) they outline. Once you’ve joined, you can take advantage of the smaller scale of community on the platform, and raise these issues directly with admin and other users on your instance. Insist that the obligations from Who has Your Back, including to notify you and to resist law enforcement demands where possible, be included in the instance information and terms of service. Making these commitments binding in the terms of service is not only a good idea, it can help the host fight back against overbroad law enforcement requests and can support later motions by defendants to exclude the evidence.

      Another benefit of the fediverse, unlike the major lock-in platforms, is that if you don’t like their answer, you can easily find and move to a new instance. However, since most servers in this new decentralized social web are hosted by enthusiasts, users should approach these networks mindful of privacy and security concerns. This means not using these services for sensitive communications, being aware of the risks of social network mapping, and taking some additional precautions when necessary like using a VPN or Tor, and a temporary email address.

      • Proteus@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        very informative. thank you! I like to think I’m pretty good with privacy, but without scoping out the servers, that might not be good enough.

    • Rivalarrival@lemmy.today
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Well, you could determine what jurisdiction the server is physically located in, to determine what law enforcement agencies will be targeting it. For example, a community focused on abortion rights is going to attract users who have had abortions. It would be a tremendously bad idea for such a community to be hosted in Texas, where law enforcement agencies would be directed to target it for harassment. California would be a better option, but that still leaves the server under the jurisdiction of US courts, who may direct the server owner to provide user data to Texas.

      Pirates would want to avoid a physical presence in copyright-unfriendly jurisdictions. Potheads would want to avoid weed-hating jurisdictions.

      Most “servers” now are virtual machines. Police don’t seize VMs. Police seize the physical hardware running the VM. When they target a torrent seedbox VM running on the same physical server as a Lemmy VM instance, they have access to everything on the Lemmy site as well. It would be useful, from a risk assessment profile, to know what else is attracting attention.

      • Proteus@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        very helpful, thanks! IIRC, lemmy.world is based in Poland? I need to look into that. 🤔

    • AnonymousLlama@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      People also need to factor in their choice of platform. Things like kbin and Lemmy are always being worked on and improved, but like any software there’s definitely going to be bugs, blindspots and issues. I’ve found a lot of these fediverse systems are being made as best as they can but they don’t have the resources like a full on commercial funded endeavor will have (with a dedicated security team etc)

      • Rhaedas@kbin.social
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Being open source is a huge advantage though. Plenty of commercial proprietary systems have failed terribly because they only had their own security eyes on things. Just pointing how many separate large companies have had client info and passwords stored in plain text on servers. Anyone in IT knows better, and yet… But also open source is as good as the number of people reviewing it though, so it’s potential, not guarantee.

  • KᑌᔕᕼIᗩ@lemmy.ml
    link
    fedilink
    English
    arrow-up
    21
    ·
    edit-2
    1 year ago

    I would love defederated identity management in the Fediverse that came with direct and encrypted DM capabilities too. I don’t use DMs but there’s no need for an admin or anyone else to see what’s in them either.

      • zmej420blazeit@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        1 year ago

        haha yeah, for 26 years now. year of the OpenPGP any day now.

        I agree with you, but the vast majority of people will always sell themselves out for convenience. If PGP caught on, you’d have iPhones with a built-in PGP messaging feature that sends everything unencrypted straight to apple before it sends the encrypted version.

      • EatMyDick@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        12
        ·
        1 year ago

        And it’s the year of the Linux desktop 🤦‍♂️

        You aren’t making any relevant point. Just showing how incompetent oss designers and the Linux desktop teams really are.

        Stop trying to make PGP happen. It’s not going to happen.

  • Gnubyte@lemdit.com
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    edit-2
    1 year ago

    EDIT: I’m just going to note that kolektiva was an anarchist collective. Doesn’t sound quite as trivial as before.

    This says that the server was grabbed during an unrelated raid?

    How is that even legal. You can just get seized because your neighbor in the server rack is doing something? I feel like that should be a lawsuit for taking down someone’s business essentially. I’ll be real with you it doesn’t matter if the shits encrypted or not - in 15-20 years if Feds hold onto your messages trivial or not, with their budget and resources they can probably crack hashed data, if Quantum computing comes online especially, where quantum was stuck in a state of laughable doubt just like ML or AI was eight years back.

    • Uriel238 [all pronouns]@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Law enforcement in the US, including the FBI has long since abandoned the doctrine of staying within the threshold of legality, and the court system, right up to SCOTUS has defended them. Since the 9/11 attacks, the PATRIOT act and the creation of Homeland Security, the US Supreme Court has been chipping away at the protections established in the Fourth and Fifth amendments to the Constitution of the United States.

      So, the question is not whether a given action (illegal seizure of property and the illegal search thereof) is legal rather if it’ll be upheld.

      SCOTUS has already established if a crime is severe enough, that the evidence from an illegal search can be admitted anyway. And they’re talking about drug possession, not finding the leg of a child in the back of a van.

      When police seize your computer arbitrarily, there is a risk that a judge will not accept it as a legal search, such as if a warrant wasn’t sufficiently specific, or if probable cause wasn’t sufficiently established. But in the majority of cases, judges side with law enforcement regardless in the US. (YMMV depending on what county you’re in. Portland, OR is better about constitutional rights than Oakland, CA).

      That said, the FBI is no longer law enforcement but its mission was changed to National Security by James Comey when he was director (it improved his budget to do so, and gave the FBI more latitude regarding operations). I’m tempted to say the FBI acts less as law enforcement and more like the secret police of the US (that is, hunts and investigates enemies of the current administration and those who might bring embarrassment to officials or the US state). So it’ll seize what it wants, and aim to extract intel from what it gets while you fight in the courts to get your stuff back.

      That said, if you’re doing anything of interest to the FBI it’s best to encrypt the snot out of it, including having alternate accounts filled with images of furry porn and victims of police violence. And yes, if you’re plotting or signalling on the fediverse, do so in code.

    • x4740N@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      1 year ago

      Take this with a grain of salt but what if the unrelated server raid was an excuse

      There’s plenty of right wing bigots in the US government that would take the chance to take down anything they don’t agree with

  • magnetosphere@kbin.social
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    To look at the bright side (or less horribly depressing side, anyway) it’s good that this happened now, while the fediverse is relatively young. Making the necessary changes won’t be quite as complicated.

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    4
    ·
    1 year ago

    No it’s not, stop posting this sensational bullshit. Or did you guys forget websites and http are also decentralized with the same issues?

    • Raisin8659@monyet.ccOP
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      5
      ·
      1 year ago

      I did. I thought it did quite a nice job actually. I even did the formatting.

      • Kayn@dormi.zone
        link
        fedilink
        English
        arrow-up
        23
        arrow-down
        2
        ·
        1 year ago

        One should always proofread those summaries though and make sure the info lines up with the article, since AIs still tend to hallucinate.

        I personally would like to see a disclaimer whenever AI is being used to generate post bodies.

        • Raisin8659@monyet.ccOP
          link
          fedilink
          English
          arrow-up
          16
          arrow-down
          3
          ·
          1 year ago

          I did proofread it to make sure that it followed the article; wasn’t just generate and post. OTH, human summary isn’t free of misunderstandings either.

      • HiddenLayer5@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        No offense, but Lemmy is a space for human discussions. Using AI to generate content is nor conducive to what the goal of Lemmy is.

  • GustavoM@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    1 year ago

    That’d be funny if a random sends me a private message, like

    "Hey, nice cock.

    Love, FBI"

    That’d make my day ngl

    • HiddenLayer5@lemmy.ml
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      3
      ·
      edit-2
      1 year ago

      If you federate with other instances they have a copy of your public facing account data. That’s how ActivityPub works and it’s very far from ideal.

      • loutr@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        1
        ·
        1 year ago

        But if it’s public law enforcement agencies can just browse/scrape the website to collect the data, or am I missing something?

        • HiddenLayer5@lemmy.ml
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          edit-2
          1 year ago

          The only actual confidential data stored off instance that I can think of is DMs, if you message someone on another instance (which is why you shouldn’t use DMs for any sensitive communication unless they’re e2ee).

          The other major issue is whether they delete your data when you delete it from your home instance, or if you edit your post, whether they update their version in a timely manner. ActivityPub sends edits and deletion signals to federated instances, but if they have since defederated without purging your instance’s data or is keeping backups, then they could well have posts you think you deleted or display a version of your post that’s out of date (you should assume all versions of an edited post are kept, some platforms keep them all by design presumably to try and mitigate edit-trolling).

        • krakenx@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Things like PMs, your subscription lists,and upvote/downvotes aren’t possible (or are difficult?) to scrape, but are shared across federated instances. Those things were considered private on Reddit, so a lot of folks might assume they are also private on Lemmy.

      • HughJanus@lemmy.ml
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        1
        ·
        1 year ago

        LOL no public social media can function without “public facing account data”. I’m not not worried about that. I’m worried about things like IP address, login info, account metadata, etc