• daniskarma@lemmy.world
    link
    fedilink
    English
    arrow-up
    56
    arrow-down
    1
    ·
    1 year ago

    I don’t know who expected the fediverse to be the most secure and private network of the world.

    It’s a “independent” and open source social media platform. A better place to be than corporate social media. That’s it.

    • MuchPineapples@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      ·
      edit-2
      1 year ago

      I wouldn’t even be surprised if it came out the FBI was hosting fediverse servers aimed at some crime. Like a instance dedicated to digital piracy.

    • kanzalibrary@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      There’s some fediverse that we can call it “the most secure and private” network. Not all of them, but yes… the fallacy of pop culture understanding the fediverse hype by many people is too much. I agree…

  • Carighan Maconar@lemmy.world
    link
    fedilink
    English
    arrow-up
    58
    arrow-down
    3
    ·
    1 year ago

    Well, I don’t really see the headline in it, tbh. That is, yeah of course servers can be seized? That’s kinda a given?

    It doesn’t really matter what software they run in regards to whether they can be seized or not.

    • zerofk@lemm.ee
      link
      fedilink
      English
      arrow-up
      52
      arrow-down
      1
      ·
      1 year ago

      The points made in the article are that server admins should have policies regarding privacy and data retention, that users should be aware of this possibility, and that developers should ensure more of the users’ data is encrypted at all times.

      • starlinguk@kbin.social
        link
        fedilink
        arrow-up
        17
        arrow-down
        32
        ·
        1 year ago

        They should also be held accountable and not turn a blind eye to illegal behaviour on their server. If someone uses their server to organise a terrorist attack, they’ve facilitated it.

        • Aesthesiaphilia@kbin.social
          link
          fedilink
          arrow-up
          36
          arrow-down
          1
          ·
          1 year ago

          Ah the age old bullshit.

          “Hey, I kinda care about my rights–”

          “FUCK YOU, YOU’RE AIDING TERRORISTS AND PEDOPHILES”

        • pjhenry1216@kbin.social
          link
          fedilink
          arrow-up
          21
          ·
          1 year ago

          I mean, that’s not even remotely related to the scenario in the article. It wasn’t even related to the server. The admin was raided for an entirely different reason.

          Yes, if you commit crimes you should be held responsible. No one said otherwise at any point. So, I guess thanks captain obvious?

    • pjhenry1216@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Did you read the article? Its not just about hardware being taken and there’s things that can be done to even minimize that issue.

  • Fizz@lemmy.nz
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    1
    ·
    1 year ago

    I don’t think this is a wakeup call to anyone tbh. Servers are constantly getting seized by government authorities. Anyone who is worried about this already knows the risks and have likely vetted their instance.

    • gammasfor@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      Yeah at the end of the day the fact the Fediverse is decentralised doesn’t grant some magic immunity to local laws. I’m surprised there are people who think this?

  • Roundcat@kbin.social
    link
    fedilink
    arrow-up
    24
    ·
    edit-2
    1 year ago

    I think the we should use fediverse with the expectations we had using the internet of old: Don’t post anything you want to keep secret, and anything you put online is potentially permanent.

    I was always a little skeevy towards Facebook and other major social media sites when everyone was encouraged to use real names, post personal details, and share real photos of themselves and friends. Hell I still don’t get how people here share everything from faces to nudes and not expect their privacy to be compromised.

    • Kecessa@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Why do people trust their info with a person that lives who knows where more than with a company established somewhere that can be verified and that actually has to follow laws? 🤔

  • woshang@kbin.social
    link
    fedilink
    arrow-up
    9
    arrow-down
    3
    ·
    1 year ago

    A correction/clarification for those people who are trying to find freedom of speech on Fediverse,
    as Nate says, nothing on the Fediverse is private.
    Because everything is transparent, and they all link to your personal email address.

    Freedom of speech on Fediverse is still limted cuz it is not private, and still has moderator.

    Remember, Freedom can’t exist without Privacy.

    • dooger_chogany@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      No space on the internet was ever private. But it is even less private with Lemmy as it stands because even your voting history can be determined by others running their own instance.

      • woshang@kbin.social
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        I mean, that depends on how you categorize privacy rights. If I am wrong, feel free to correct me.
        From my understanding, 100% private means secret, things that are only known by yourself.

        But what if we want to release some of them to the world but make sure we don’t expose our identity?
        To me, that somehow falls under the category of privacy rights as well.

        And you know what? Using a decentralized social platform like WireMin gives you the private space you are talking about.

        It has DM, Chat space, Feed for blog post (everything is E2EE, so pretty private for me)

      • Aesthesiaphilia@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Some spaces approach like 99% private. Tails + encryption for example. Still can’t ensure against governments monitoring tor exit nodes but other than that you’re pretty well golden.

  • samokosik@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Not surprising imho. Once in a while we will see a fediverse instance which is not sympathetic to authorities and will be seized. Hosting child porn is not that difficult here.

  • OldWoodFrame@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Not that I want crypto bros in on this, nor do I really think avoiding the police should even be a goal of Lemmy, but is it possibly to build a fully decentralized Lemmy executing via blockchain or is that gibberish?

    • AdventureSpoon@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Since you opened up to a response; Yeah. A little bit gibberish. But thats okay.

      blockchain is a public ledger. There is no increased anonimity in it. Its core essence is that it is open and public, and everyone can check and validate it. The privacy part comes from not knowing which person is behind which wallet. But hey! You can do that here! Or anywhere.

      Looking at the article:

      According to Kolektiva, the seized database, now in the FBI’s possession, includes personal information such as email addresses, hashed passwords, and IP addresses from three days prior to the date the backup was made. It also includes posts, direct messages, and interactions involving a user on the server. Because of the nature of the fediverse, this also implicates user messages and posts from other instances.

      Focussing on that last part first; Posts, PMs, and other interactions are open and public in the ActivityPub protocol (which lemmy and KBin and Mastodon work on). If the FBI wants that, they can just go to the website and make an account, no raid needed. Blockchain tech wouldnt chance that.

      Focussing on the first part: email addresses, hashed passwords, and IP addresses, those are not all open to the public. And you may want to protect those better. But as I said, you dont need hip blockchain for that!

      • Dont use your primary email directly when making an account, but hide behind an email-alias. SimpleLogin, HideMyEmail, Guerilla Email, 10minute mail, Proton Pass, are all services that let you provide an email that is not your own, but does connect to your actual inbox.

      • Dont reuse passwords. Use a password manager to generate random ones for each website. Bitwarden has a good rep. LastPass is still used, KeePass exists, Proton Pass is new and promising.

      • Dont browse without a VPN.

      • bonus (use a privacy focussed browser with extensions that block un-whitelisted javascripts, block trackers, and block canvassing/fingerprinting).

      Can your private info now still be obtained? The answer ranged somewhere in between possibly and probably. But you’ve made it a lot of work. Work that almost only a governmental agency can perform, in a way that takes manpower time and warrants. You’ll have to have them very interested in you as an individual to go through all of that.

      I compare it to going outside. You wear clothes so that you arent naked, shoes that protect your feet, and if you touch something icky you’ll want to wear gloves. The internet is basically the same. Just remember, like outside, most of the internet is a public space. Information that you volunteer, conversations that you have are public. And differently from the real world, they are recorded forever. Need to discuss sensitive stuff in private, switch to “private places” such as encrypted email, Signal, or Matrix based platforms like Element.

      Now this post probably isnt complete, and flawed. So I welcome anyone who wants to build further from it.

    • HTTP_404_NotFound@lemmyonline.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Doesn’t really help anything.

      Things on the blockchain are still easily readable in most cases. For example: https://www.blockchain.com/explorer

      You can go see ANY bitcoin transaction which has ever occured.

      I also don’t think blockchain would scale performance wise, to the level needed by lemmy. In the example of bitcoin, processing transactions is already painfully slow.

      For encryption, its easiest to just enable in-place data encryption on your instance… But, again, that does not help ANYTHING, because all of your data is replicated to every other subscribed instance.

      Hell, the Feds don’t even need to seize your server. They just need to federate with it.

    • lemming934@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It would be possible to have a fully decentralized Lemmy. For example, just have everyone self host an instance and perhaps change how caching works. But there’s a downside of being harder for users to use and more duplation of moderation.

      Federation is a balance between the decentralization and centralization

  • eleitl@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Encrypted file systems requiring secrets at mount time can make seizing physical servers harder. It’s more difficult with the cloud hosters, since these likely have an API for law enforcement.

    • Durotar@lemmy.ml
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      1 year ago

      This can happen to any service, including lemmy.world you’re using.

        • eleitl@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          I presume federation does not propagate diagnostics available in the instance logs. We definitely need privacy-hardening docs for running Lemmy instances.