A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
TLDR
He was raided for unrelated reasons to his mastodon server, the police have a seize it all policy.
There is talk about changing policy to exclude things like servers and similar devices that are not related to the initial reason for the search. There doesn’t seem to currently be laws or rules about what police can or can’t do with data.
That’s the whole article basically
Good TLDR
I would also add:
Data gathered from the raid can be used to investigate and prosecute crimes unrelated to the original seizure.
Mastodon does not currently encrypt direct messages.
That's because Mastodon doesn't have direct messages. It is not a chat platform. You can bend the privacy settings to publish posts similarly to DMs, but no one should use it as such.
Poor data management practices on the part of this admin.
According to Kolektiva, the seized database, now in the FBI’s possession, includes personal information such as email addresses, hashed passwords, and IP addresses from three days prior to the date the backup was made. It also includes posts, direct messages, and interactions involving a user on the server.
This is all stuff you should assume isn't private anyway. I'm not so sure about "wakeup call".
And people say what instance you choose doesn't matter. Wild that the choice often seems to be between giving your info to mega corps or trusting a random person who's servers could be raided at any moment for entirely unrelated reasons.
Given what we've learned about illegal and secret government surveillance from whistleblowers like Edward Snowden, I wouldn't trust a megacorp any more than "a random person".
The government already has the keys to all the megacorps' kingdoms. The only possible way to protect your data is to make sure it uses client-side encryption, and that those encryption keys never under any circumstances travel over the internet.
You should assume that any information you give to ANY site is readily available to all major world governments.
Keep your private messages on end-to-end encrypted platforms like Signal or Matrix. Consider everything else public.
or trusting a random person who's servers could be raided at any moment for entirely unrelated reasons.
IMO the end goal of a decentralized network should be to have a large number of small servers. Any raid/takedown should only affect a small subset of users.
Right but the instance I'm on could get taken over by an asshole, and get defederated by, or defederates from, my favourite subs. Then I've got to abandon that account and start a whole new one, same as I did leaving Reddit. I'm really not sold on this model until I can transfer my account somehow.
I believe Mastodon has a "transfer accounts" feature. I don't know if Lemmy and Kbin do though.
It's tricky to implement though. Unfortunately ActivityPub didn't really consider account transfers as part of the initial protocol design.
It's something Bluesky is doing better, since they designed their system to be able to handle transfers from day 1, as a core part of the protocol. (it's going to become federated, eventually, but using their own protocol instead of ActivityPub).
🚨 Kolektiva.social SECURITY ALERT 🚨
This is an alert for Kolektiva.social users. Please read this post in its entirety!
In mid-May 2023, the home of one of Kolektiva.social's admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest.
Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an unencrypted state when the raid occurred and it was seized, along with everything else.
The database is the heart of a Mastodon server. A database copy such as the one seized may include any of the following user data, in this case up to date as of early May 2023:
🚨 👉 As a precaution we highly recommend that all users on Kolektiva.social change their password immediately to a new, unique, and strong password.
We sincerely apologize to all our users and regret this breach. In hindsight, it was obviously a mistake to leave a copy of the database in an unencrypted state. Unfortunately, what would otherwise have been a small mistake happened to coincide with a raid, due to bad luck and spectacularly bad timing.
We understand that our users and other people on the Fediverse will have a lot of questions. We will try to answer them as best we can, but please be patient and bear in mind that we may be overwhelmed with messages, and may be delayed in responding or unable to provide answers to certain questions for legal or technical reasons. As a security culture reminder, it can be extremely harmful to the individuals charged and to our community to openly speculate on the Internet about alleged criminal activity or about what law enforcement may be able to do with seized data. Our present awareness is that the seized Kolektiva data is unrelated to the federal investigation and prosecution and we are exploring legal avenues to have the seized data returned and copies destroyed.
Thank you for your understanding and solidarity :black_sparkling_heart:
👇 Please see our replies to this post for additional information (1/?) 👇
Oh that's nothing. Remember what happened to kfcc?