Synopsis: The article discusses the FBI’s seizure of the Mastodon server and emphasizes the need for privacy protection in decentralized platforms like the Fediverse. It calls for hosts to implement basic security measures, adopt policies to protect users, and notify them of law enforcement actions. Users are encouraged to evaluate server precautions and voice concerns. Developers should prioritize end-to-end encryption for direct messages. Overall, the Fediverse community must prioritize user privacy and security to create a safer environment for all.

Summary:

Introduction

  • We are in an exciting time for users wanting to regain control from major platforms like Twitter and Facebook.
  • However, decentralized platforms like the Fediverse and Bluesky must be mindful of user privacy challenges and risks.
  • Last May, the Mastodon server Kolektiva.social was compromised when the FBI seized all electronics, including a backup of the instance database, during an unrelated raid on one of the server’s admins.
  • This incident serves as a reminder to protect user privacy on decentralized platforms.

A Fediverse Wake-up Call

  • The story of equipment seizure echoes past digital rights cases like Steve Jackson Games v. Secret Service, emphasizing the need for more focused seizures.
  • Law enforcement must improve its approach to seizing equipment and should only do so when relevant to an investigation.
  • Decentralized web hosts need to have their users’ backs and protect their privacy.

Why Protecting the Fediverse Matters

  • The Fediverse serves marginalized communities targeted by law enforcement, making user privacy protection crucial.
  • The FBI’s seizure of Kolektiva’s database compromised personal information, posts, and interactions from thousands of users, affecting other instances as well.
  • Users’ data collected by the government can be used for unrelated investigations, highlighting the importance of strong privacy measures.

What is a decentralized server host to do?

  • Basic security practices, such as firewalls and limited user access, should be implemented for servers exposed to the internet.
  • Limit data collection and storage to what is necessary and stay informed about security threats in the platform’s code.
  • Adopt policies and practices to protect users, including transparency reports about law enforcement attempts and notification to users about any access to their information.

What can users do?

  • Evaluate a server’s precautions before joining the Fediverse and raise privacy concerns with admins and users on the instance.
  • Encourage servers to include privacy commitments in their terms of service to resist law enforcement demands.
  • Users have the freedom to move to another instance if they are dissatisfied with the privacy measures.

What can developers do?

  • Implement end-to-end encryption of direct messages to protect sensitive content.
  • The Kolektiva raid highlights the need for all decentralized content hosts to prioritize privacy and follow EFF’s recommendations.

Conclusion

  • Decentralized platforms offer opportunities for user control, but user privacy protection is vital.
  • Hosts, users, and developers must work together to build a more secure and privacy-focused Fediverse.
  • Uriel238 [all pronouns]
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Law enforcement in the US, including the FBI has long since abandoned the doctrine of staying within the threshold of legality, and the court system, right up to SCOTUS has defended them. Since the 9/11 attacks, the PATRIOT act and the creation of Homeland Security, the US Supreme Court has been chipping away at the protections established in the Fourth and Fifth amendments to the Constitution of the United States.

    So, the question is not whether a given action (illegal seizure of property and the illegal search thereof) is legal rather if it’ll be upheld.

    SCOTUS has already established if a crime is severe enough, that the evidence from an illegal search can be admitted anyway. And they’re talking about drug possession, not finding the leg of a child in the back of a van.

    When police seize your computer arbitrarily, there is a risk that a judge will not accept it as a legal search, such as if a warrant wasn’t sufficiently specific, or if probable cause wasn’t sufficiently established. But in the majority of cases, judges side with law enforcement regardless in the US. (YMMV depending on what county you’re in. Portland, OR is better about constitutional rights than Oakland, CA).

    That said, the FBI is no longer law enforcement but its mission was changed to National Security by James Comey when he was director (it improved his budget to do so, and gave the FBI more latitude regarding operations). I’m tempted to say the FBI acts less as law enforcement and more like the secret police of the US (that is, hunts and investigates enemies of the current administration and those who might bring embarrassment to officials or the US state). So it’ll seize what it wants, and aim to extract intel from what it gets while you fight in the courts to get your stuff back.

    That said, if you’re doing anything of interest to the FBI it’s best to encrypt the snot out of it, including having alternate accounts filled with images of furry porn and victims of police violence. And yes, if you’re plotting or signalling on the fediverse, do so in code.