FBI Seizure of Mastodon Server is a Wakeup Call to Fediverse Users and Hosts to Protect their Users
FBI Seizure of Mastodon Server is a Wakeup Call to Fediverse Users and Hosts to Protect their Users
We’re in an exciting time for users who want to take back control from major platforms like Twitter and Facebook. However, this new environment comes with challenges and risks for user privacy, so we need to get it right and make sure networks like the Fediverse and Bluesky are mindful of past...
- Step 1: Don't host in the USA
- Step 2: Don't host in a USA puppet ally
Probably good advice but not exactly relevant. The person was hosting a server in their house and got raided for unrelated reasons and all their electronics were seized. Had they hosted in a data center or at least had off premises back ups, this wouldn’t have happened.
I thought one of the points of the fediverse was to not be centralized in data centers that are more easily controlled. It's supposedly supposed to be easy and relatively cheap to spin up your own instance on your own hardware. Just outsourcing to a data center I think goes against what the fediverse promised.
This is exactly why I only host on DefinitelyNotAHoneypot.sk. everyone knows that the CIA can't run colo services in Slovakia.
The US again continuing to flex its muscles that it truly does own and control half the world, as it so affectionately reminds us daily.
It is absolutely hysterical how bad authoritarianism has engulfed all modern governments. This isn’t remotely a left vs right thing or a US thing, almost all modern governments have become this way.
The person referenced in the article was raided for completely unrelated charges. It just happened they took the server and backups as part of the raid. Had they hosted off-site or kept the backups off-site, the damage would have been minimal. This article brings up a good point, but it's not the nefariousness that the title implies.
No autocracy is when rule of law. Wake up sheeple.
But this is the strength of federation. One tiny bit of the fediverse was taken down. This did not affect the rest of it. There will always be bad actors, whether the cops, the administrators of a particular instance or the owners of a mega-forum like twitter or reddit. With a decentralized system the damage is localized and minimized.
The US in living its own Brezhnev Era
I’d argue a great majority of the world has entered this era now, and consider it a standard. I hate it. They took 1984 and used it as an instruction manual.
Yeah, I want to know what these unrelated charges were for before I get up in arms about a nothing burger. Sound sus as hell.
It's irrelevant to the EFF's point here, because a database backup containing user data was seized by the FBI. Those users almost certainly had nothing to do with whatever the charges were.
Permanently Deleted
Get Tor Browser and/or Tails OS. When privacy is important and you need to be anonymous, use only Tor-friendly instances only via Tor (never once log in showing your real IP - if you accidentally do that, you'll have to re-create another account as a different person).
When an email address is necessary to sign up, get one anonymously (again using Tor Browser), from a privacy-centric company or group, e.g. Tutanota, Disroot. Needless to say never ever use Gmail. https://tosdr.org/en/service/217
Still no guarantee of privacy. Tor exit nodes have been known to have been monitored, and tons of sites seized.
He's talking about instances with .onion addresses, you never touch an exit node.
True. Tor, Tails, PGP (GPG), Monero etc. are not magic: you can be still de-anonymized especially if you post your private info by yourself. One thing I've been feeling a little uneasy about Tor is, the project is largely funded by the US Government itself, and in the past the US intentionally weakened Netscape browser (*1). While I would like to believe that something similar is not happening to Tor Browser, I'm not an absolute believer of Tor (like you said, there may be bad actors in the Tor network too). I might be feeling somewhat more comfortable if Tor Project were based on Europe, not the US.
Nevertheless, using Tor should be surely safer and more privacy-friendly than just using clearnet. Tor Browser is FLOSS and free as in free beer too. Using it when you'd like to be anonymous is not such a bad idea, especially if your instance is Tor-friendly.
(*1) https://wl.vern.cc/wiki/Crypto Wars?lang=en#PC_era Onion - http://wl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/wiki/Crypto Wars?lang=en#PC_era
Another example of intentional back doors standardized by the US is: https://wl.vern.cc/wiki/Dual_EC_DRBG?lang=en Onion - http://wl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/wiki/Dual_EC_DRBG?lang=en
There should be a way to encrypt things when the server is off and then have a Killswitch for situations like this. Idk if it'd be overkill in this case thougj
Luks is a thing. No reason it can’t be done on the server though things like patching won’t be automated.
Kill switch is well, not as easy. But possible.
That said. The government would just lampoon you in the media as some child porn hoster or whatever they want and taint the jury pool. And probably charge you with obstruction and a host of other things if you didn’t decrypt the server.
There is case law where refusing a description password isn’t covered by the 4th or 5th amendment so they could just Guantanamo your ass as pressure.
TL:DR - there’s no established case law that protects you from withholding the encryption key from government and there’s conflicting rulings in the current US districts. In some places you can be held indefinitely. Unsure what occurs if you can’t remember the key though.
Is there anything instance owners can do? Are there things you can do with your server to get better security for your users (and yourself)