I don't know who expected the fediverse to be the most secure and private network of the world.
It's a "independent" and open source social media platform. A better place to be than corporate social media. That's it.
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
I don't know who expected the fediverse to be the most secure and private network of the world.
It's a "independent" and open source social media platform. A better place to be than corporate social media. That's it.
I wouldn't even be surprised if it came out the FBI was hosting fediverse servers aimed at some crime. Like a instance dedicated to digital piracy.
This reminds me that they finance the Tor project (onion browser).
The Tor project was started by the governement in the first place for secure connections for the military and stuff anyway.
Lemmy.cp they have done stings like that
And exactly what information are people putting here that they're worried about?
There's some fediverse that we can call it "the most secure and private" network. Not all of them, but yes.. the fallacy of pop culture understanding the fediverse hype by many people is too much. I agree..
Well, I don't really see the headline in it, tbh. That is, yeah of course servers can be seized? That's kinda a given?
It doesn't really matter what software they run in regards to whether they can be seized or not.
The points made in the article are that server admins should have policies regarding privacy and data retention, that users should be aware of this possibility, and that developers should ensure more of the users’ data is encrypted at all times.
Did you read the article? Its not just about hardware being taken and there's things that can be done to even minimize that issue.
I don't think this is a wakeup call to anyone tbh. Servers are constantly getting seized by government authorities. Anyone who is worried about this already knows the risks and have likely vetted their instance.
Yeah at the end of the day the fact the Fediverse is decentralised doesn't grant some magic immunity to local laws. I'm surprised there are people who think this?
I think the we should use fediverse with the expectations we had using the internet of old: Don't post anything you want to keep secret, and anything you put online is potentially permanent.
I was always a little skeevy towards Facebook and other major social media sites when everyone was encouraged to use real names, post personal details, and share real photos of themselves and friends. Hell I still don't get how people here share everything from faces to nudes and not expect their privacy to be compromised.
An entire generation has grown up not expecting privacy. It's their normal.
Why do people trust their info with a person that lives who knows where more than with a company established somewhere that can be verified and that actually has to follow laws? 🤔
A correction/clarification for those people who are trying to find freedom of speech on Fediverse,
as Nate says, nothing on the Fediverse is private.
Because everything is transparent, and they all link to your personal email address.
Freedom of speech on Fediverse is still limted cuz it is not private, and still has moderator.
Remember, Freedom can't exist without Privacy.
No space on the internet was ever private. But it is even less private with Lemmy as it stands because even your voting history can be determined by others running their own instance.
I mean, that depends on how you categorize privacy rights. If I am wrong, feel free to correct me.
From my understanding, 100% private means secret, things that are only known by yourself.
But what if we want to release some of them to the world but make sure we don't expose our identity?
To me, that somehow falls under the category of privacy rights as well.
And you know what? Using a decentralized social platform like WireMin gives you the private space you are talking about.
It has DM, Chat space, Feed for blog post (everything is E2EE, so pretty private for me)
Some spaces approach like 99% private. Tails + encryption for example. Still can't ensure against governments monitoring tor exit nodes but other than that you're pretty well golden.
Not that I want crypto bros in on this, nor do I really think avoiding the police should even be a goal of Lemmy, but is it possibly to build a fully decentralized Lemmy executing via blockchain or is that gibberish?
Since you opened up to a response; Yeah. A little bit gibberish. But thats okay.
blockchain is a public ledger. There is no increased anonimity in it. Its core essence is that it is open and public, and everyone can check and validate it. The privacy part comes from not knowing which person is behind which wallet. But hey! You can do that here! Or anywhere.
Looking at the article:
According to Kolektiva, the seized database, now in the FBI’s possession, includes personal information such as email addresses, hashed passwords, and IP addresses from three days prior to the date the backup was made. It also includes posts, direct messages, and interactions involving a user on the server. Because of the nature of the fediverse, this also implicates user messages and posts from other instances.
Focussing on that last part first; Posts, PMs, and other interactions are open and public in the ActivityPub protocol (which lemmy and KBin and Mastodon work on). If the FBI wants that, they can just go to the website and make an account, no raid needed. Blockchain tech wouldnt chance that.
Focussing on the first part: email addresses, hashed passwords, and IP addresses, those are not all open to the public. And you may want to protect those better. But as I said, you dont need hip blockchain for that!
Dont use your primary email directly when making an account, but hide behind an email-alias. SimpleLogin, HideMyEmail, Guerilla Email, 10minute mail, Proton Pass, are all services that let you provide an email that is not your own, but does connect to your actual inbox.
Dont reuse passwords. Use a password manager to generate random ones for each website. Bitwarden has a good rep. LastPass is still used, KeePass exists, Proton Pass is new and promising.
Dont browse without a VPN.
bonus (use a privacy focussed browser with extensions that block un-whitelisted javascripts, block trackers, and block canvassing/fingerprinting).
Can your private info now still be obtained? The answer ranged somewhere in between possibly and probably. But you've made it a lot of work. Work that almost only a governmental agency can perform, in a way that takes manpower time and warrants. You'll have to have them very interested in you as an individual to go through all of that.
I compare it to going outside. You wear clothes so that you arent naked, shoes that protect your feet, and if you touch something icky you'll want to wear gloves. The internet is basically the same. Just remember, like outside, most of the internet is a public space. Information that you volunteer, conversations that you have are public. And differently from the real world, they are recorded forever. Need to discuss sensitive stuff in private, switch to "private places" such as encrypted email, Signal, or Matrix based platforms like Element.
Now this post probably isnt complete, and flawed. So I welcome anyone who wants to build further from it.
Doesn't really help anything.
Things on the blockchain are still easily readable in most cases. For example: https://www.blockchain.com/explorer
You can go see ANY bitcoin transaction which has ever occured.
I also don't think blockchain would scale performance wise, to the level needed by lemmy. In the example of bitcoin, processing transactions is already painfully slow.
For encryption, its easiest to just enable in-place data encryption on your instance.... But, again, that does not help ANYTHING, because all of your data is replicated to every other subscribed instance.
Hell, the Feds don't even need to seize your server. They just need to federate with it.
It would be possible to have a fully decentralized Lemmy. For example, just have everyone self host an instance and perhaps change how caching works. But there's a downside of being harder for users to use and more duplation of moderation.
Federation is a balance between the decentralization and centralization
Encrypted file systems requiring secrets at mount time can make seizing physical servers harder. It's more difficult with the cloud hosters, since these likely have an API for law enforcement.