You must log in or register to comment.
Ok … so I think false preconceptions are polluting this topic. Apart from the passwords, nothing serious has happened here for your data. As for the DMs … yea there aren’t DMs with any real privacy on the fediverse, they don’t exist … you should presume DMs are public.
Because the fediverse is not in any way private. See for a good treatment of this: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/
The basic story is that the fediverse is all about duplicating what we post all over the place … essentially to anyone who decides to run a server on the fediverse. The FBI could (and probably do?) have a server scooping up all sorts of stuff onto their server and you wouldn’t know about and probably couldn’t do much about it. Google is scraping mastodon (and probably lemmy?) … try a google search for mastoodn content.
This is all public internet stuff, you’re basically running a public blog that happens to be well connected to lots of other public blogs.
As nice as the fediverse is as a nice anti-capitalist-big-corp monopolisation of our social online lives … it is very much born out of the web2.0 era and doesn’t have any of the privacy concerns many of us would now hope for from technologies.
I’ve argued this elsewhere … I like the fediverse and am here out of principle … but in many ways it highlights some of the failings of our world at this time … because it’s about 10 years too late and the future is coming in hot and fast … in retrospect I wouldn’t be surprised if it will make a lot of sense to look back on the fediverse and think that it was effectively redundant at just about the time it gained popularity. An AI dominated internet with massive privacy concerns is here very soon, and the fediverse isn’t ready IMO, it’s still trying to catch up to web2.0 big social circa 2010.
What about 2013 seemed more favorable to the fediverse than now? Twitter, reddit and Facebook were pretty useful at that time - I don’t think I’d have left.
Principles. That the whole internet and all of the freedom and diversity it can harbour was being monopolised by big giant corporations that had no interest in embracing an open web. Instead, they were convincing the world, especially those growing up in that/this era that the internet had to be constrained to the few walled gardens of big platforms.
These principles were as obvious and relevant then as they are now. Unfortunately convenience is a helluva drug. And, in the “Google” era of the internet (~2005-2020 ?), there was a certain naive optimism about big-tech and the internet, which no doubt lulled us in by its being “free”.
In reality, we all really thought that good and useful world-changing stuff was just going to be made for us for free. That the internet was going to inexorably make the world a better place. It was dumb and naive IMO and marks very well the failings of the Millennial generation (to which I belong FWIW). Unfortunately, it’s a lesson we had to learn the hardway. There were probably only a handful of people in the world that understood what the new industry was actually doing and was actually about and that had the philosophical will and ability to think it through and communicate to the masses what the choices we were actually making.
If the fediverse represents the soon-to-be-replaced web 2.0 of the past, what do you see replacing it and why do you think that will be incompatible with the fediverse apps?
I could see some block chain security/authentication features added to federated apps, and hopefully end-to-end encrypted DMs will be enabled by that same technology too. I’m just having a hard time imagining something “new” that will replace this completely.
There will probably be several TikTok-like entertainment platforms, likely filled with ad-friendly AI generated content that is 100% under corporate control and costs almost nothing to produce, but that type of platform attracts a different audience than what we have here.
I don’t think the fediverse necessarily needs to be replaced. We still have, afterall, Twitter going hard and strong after nearly 20 years! THe fediverse may very well go strong for many years to come, and that’d be a good thing … it’s nice!!
In an ideal world … what would replace this? IMO, technology that basically gives every person a secure home on the internet in the same way that (most of us) can have a secure home in real life. Control, ownership and privacy over what you consume and publish and how. That technology would need to involve a number of things on a number of levels, but I’d bet it’s quite viable today, it just needs buy-in and people to have the time and resources to build it.
thanks for the link, explains it very well. how bout my activity, like IP address, up/down votes, clicks on links, favorites and whatnot, is that federated around or how does that work, i.e. who has access to it?
Up and down votes are federated with your username, along with posts and comments (obviously).
Clicking on links, favourites, email address (if you put one in when signing up), password and IP address are all only on your local instance.
Basically, unless another server needs to know about it for federation to work, it’s going to be local to the instance you’re using.
As far as I know (which isn’t too far, because I’m not a Beltway bandit anymore), the Fediverse isn’t on the FBI’s radar in any meaningful way. It /might/ be on the radar of the information contractors they hire for bulk data gathering and analysis (Palantir, ZeroFox, Dataminr, probably others these days) but none of me have heard anything specific.
[…] This is exactly what the admins over at Kolektiva.social have done and now one of them has been raided and charged by the FBI for activities unrelated to Mastodon
Clickbait.
Data was seized though
Yes, but the title makes it sound like it was because he was running an anarchist Mastodon instance. That’s not why, he just happened to be doing a backup when he was raided, the backup was unencrypted, and they seized it. Has nothing to do with him running an anarchist instance from what I can tell.
You aren’t allowed to have anarchist worldviews in the US?
In mid-May 2023, the home of one of Kolektiva.social’s admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest.
tldr: yes
The raid was part of an investigation into a local protest.
Protests are illegal? Since when?
It says he was arrested for activities unrelated to Mastodon, just happened to be working on an unencrypted backup which was also seized. No clue why he was arrested.
mfs doing stuff like this really need to stop living in america bruh 💀
Wait til you hear about extradition
- mihor ( @mihor@lemmy.ml ) 4•1 year ago
Of course Slovenia is a part of the extradition club, why should we ever be free from fascism? 😖
plenty of places w/ no extradition 🤷♀️
Well thats worrying for everyone federated with them.
Is it? As far as I know, identifying data such as IP addresses are not transmitted between instances.
The only instance that knows your IP and has your hashed password is the one you signed up on
oh no! they have all the posts that people publicly posted onto the Internet!
Does anyone have a eli5 explanation/read/video of being federated? When I joined lemmy i thought it was lemmy exclusive thing, but now it seems being federated is a copy of your data shared among servers that multiple communities/applications use including outside entities, such as lemmy communicating w/ mastodon? Or am I way off? Any explanation would be greatly appreciated help me get up to speed.
Lemmy & KBin & Mastodon & Misskey & Calckey & others all use the ActivityPub protocol to deliver posts to your inbox no matter which account / software created the post in the first place.
How the posts are interpreted changes a bit depending on what software was used to create and display your inbox.
This is very much like how email works in Outlook & Gmail, but how the labels or tagging changes depending on which you use.
Try this video:
Another good video is showing what things look like.
https://toot.jeena.net/users/jeena/statuses/110568555005254698
FBI claiming it’s for non-Mastodon related reasons, but that could be a cover. https://kolektiva.social is still up
Regardless, I don’t think they even have to ask to get this sort of data from any of the big platforms.
There was never any lag in service. I’m on that instance. I believe the person was raided due to their activism and had a backup of some data but not the actual server. They made an announcement and told people to change their passwords. Many lost a degree of trust but are being as transparent as possible with members. https://kolektiva.social/@admin/110637031574056150
Yeah, what the fuck are you supposed to do? Ask the FBI to please come back later?
It’s a good reminder for folks with concerns to not say anything on a platform that isn’t end-to-end encrypted that you don’t want folks finding out about, to not use an email you don’t want associated with yourself, and to use some sort.of VPN or Tor if you need to hide your IP address.
And if course use unique passwords but I would really hope people do that already.
Yeah the ‘happened to have a bunch of unencrypted data laying around’ bit seems odd. Would make sense if they got picked up for something else and that was the bargain. Fucked if I know though
Not really? If you’re trying to debug something, or if you’re gearing up for an upgrade (like the Mastodon upgrade this week that’s giving a lot of admins grief) it’s plausible to have one of your backups locally to mess around with. As an example of this principle, I run Part-DB-server to manage my workshop inventory. For various reasons I migrated from a hosted MySQL database to a local SQLite database, and I’m in the process of moving back to the MySQL database. To facilitate this I have a copy of the SQLite database that, as needed, I run SELECTs on to backfill details on entries. I have a local copy of that database on my laptop, in other words.
It’s also plausible that the kolektiva.social admin was mocking up a clone of the service on their laptop to test something.
Without more data (gentlebeings, start your FOIA requests) I’m not sure that it’s a good idea to speculate. We might learn something that we can use later.
You’re almost right: they do have to ask. They get a warrant, and they ask, and they are never told no.
What did they get raided for?
Something involving a local protest here’s the post announcing what happened https://kolektiva.social/@admin/110637031574056150
Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an unencrypted state when the raid occurred and it was seized, along with everything else.
Oh the FBI just happened to visit when they unencrypted the database? How convenient!
The FBI surveils targets prior to executing raids. It’s possible they deduced that there was some useful information available on the target’s laptop and acted in such a way to capture it easily.
How is the data handled on Lemmy compared to Mastodon?
Probably the same. This bears repeating: All your information online is and always has been available for others to collect and see, from FBI to advertisers. If you want any amount of protection, it must be with E2E encryption for which you own the keys.
We taught online safety in the 90s. Did we all just collectively forget this in the last two decades?
They stopped teaching about computers. I tutored high schoolers about 10 years ago and they didn’t know how to use computers fluently. It moved to the realm of expecting parents to teach to their kids along with taxes and career planning.
Speaking of which, I grew up in the 90s pre Internet, and started using the Internet in middle school. Definitely never got any official Internet safety lessons. Maybe I was a little too early? Idk. But by the time I was 30 schools were not teaching this at least from what I saw
The other day, I spoke to an 18 year old who didn’t know the difference between “copy and paste” and “cut and paste”. I want to know what the hell they’re doing in IT classes. Do they just assume that kids these days are good at tech because it’s so ubiquitous? Because that’s a dangerous assumption
I don’t know that they have classes like that
I work in Finance for a big corp. I have people who indirectly work for me that also don’t know this and they’re older than me. It’s crazy.
I’ve taught multiple college students how to copy and paste.
Thing is, a lot of this was in hacker OPSEC text files as far back as '1989. The principles haven’t changed overmuch. And, for the most part, it was (and is) all common sense.
Yeah pretty much. As soon as facebook broke the ice on “never use your real name on the internet” it was over. Now we have entire generations that were introduced to the internet as one that was ruled by social media sites. They were never even taught the same online safety stuff that we grew up with.
I met some speedrunners during the Before Times. Definitely younger than me, probably about half my age. They had a hell of a time wrapping their brains around the fact that folks a) use handles, and b) answer to them. FirstnameLastnameAFewDigits was just on the edge of what they thought was normal.
This isn’t a slam on them by any means. For a lot of folks, usernames don’t actually mean anything, they’re just a barrier to entry to log into something. They still go by and use their walletnyms, and don’t connect the ideas of “usernames,” “online handles,” and “something somebody answers to.” Which, yes, we can blame Facebook for.
For real. The goal is to not say anything online that you’d regret coming out to public in a worst case scenario. Also, account switching every few months is a good habit as well.
We taught online safety in the 90s. Did we all just collectively forget this in the last two decades?
All of those people signed up for Facebook and thought their data was private because they marked their page private. While they post with their real name. With a company that will collect your data and do whatever the fuck they want with it.
I think a lot of people have forgotten this. Very few folks these days remember bloggers getting shut down for stuff they posted. Or stuff posted on mailing lists (like dc-stuff). Or for stuff they posted on Usenet (the Co$ was behind that one, most notably).
Seriously, folks. If you post it online, someone can get to it. It’s public in deed if not in intent.
And that’s why it’s good to join a small instance that aligns well with your privacy stance.
You need to consider anything and everything you post to the Fediverse to be part of a public, everlasting record. At least in it’s current state, the Fediverse is not the place for privacy oriented users.
- fugepe ( @fugepe@lemmy.ml ) 7•1 year ago
The fed glowing N. Why am I not surprised. Never fully trust your government
Screw the FBI. As long as the admin in their activism wasnt breaking the NAP i see no problems. “Anarchists” are not for chaos, they just want no governmyth
