this post was submitted on 09 Jul 2023
2106 points (98.1% liked)

Technology

34781 readers
235 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.ml/post/1874605

A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.

you are viewing a single comment's thread
view the rest of the comments
[–] WindyRebel 25 points 1 year ago (3 children)

Are you saying that the individuals who run these servers and instances aren’t subject to the same laws? I read the article, and Facebook complied with a court order.

You don’t think anyone running Lemmy would do the same without access to lawyers and capital like Facebook has?

[–] [email protected] 11 points 1 year ago (1 children)

Lemmy promotes using Matrix, which is a separate service, so instance admins don't need to be in the business of hosting private conversations.

Matrix is end-to-end encrypted so even the admins of your Matrix server could not provide your chats to law enforcement.

[–] [email protected] 3 points 1 year ago (1 children)

I wish Lemmy was as well. Ah well.

[–] [email protected] 1 points 1 year ago (1 children)

It's not really possible as long as Lemmy is a website. E2EE works on Matrix because it's an app, and therefore it can manage your encryption keys in ways a browser cannot do for you. (You can save things in the client, but not in a reliable enough way for something like the master key for every communication you ever had that if you lose you get locked out of all your chat history.) In the case of Lemmy, the signing keys for your federated actions are handled by the server, which is perfectly fine for 99% of what you use Lemmy for (public posts and comments), but it also means that even if they implemented E2EE for chats, the keys to decrypt the convo would be right on the same server.

That's why Lemmy actively pushes you to set up a Matrix account, because Matrix makes better tradeoffs for the purposes of messaging, while Lemmy's tradeoffs are more relevant to a link aggregator style social media.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Matrix is also a website and you don't need an app to use it. The first time I used Matrix, I didn't use an app, I merely signed in on a browser window (in my case, Mozilla's instance). I first signed up on my work laptop, then later signed in on my desktop and had to confirm the new account on my laptop before my desktop would work with the same account.

The more devices it's on the better, but it's totally usable with just one web client. I now also have the phone app, but I didn't at first.

If Matrix can do that, lemmy can as well. It would probably degrade the user experience because you'd need a decryption step for every post and comment you load (just like loading a new Matrix room), but it is technically possible.

I'm not necessarily asking for every comment to be encrypted, I just think it would be a good idea for DMs to be encrypted using keys the admin doesn't have access to. It would be cool for communities to allow encryption as an option as well (i.e. all posts and comments would be E2E encrypted to all members, and not viewable unless you join), but it shouldn't be the default everywhere.

[–] Arbiter 3 points 1 year ago

Complying with the law is less of an issue than keeping that data accessible in the first place.