Per the announcement from kolektiva that the FBI obtained unencrypted access to all of their database files via a raid:
NO INSTANCE IS SECURE. DO NOT POST ANYTHING INCRIMINATING ON ANY INSTANCE. DO NOT PLAN ILLICIT ACTIVITIES HERE. DO NOT EXPECT THAT WHAT YOU ENGAGE WITH HERE REMAINS INVISIBLE TO PRYING EYES, IT IS NOT. ALL WALLS CAN BE BREACHED.
@exiliaex That's something I had hoped everyone knew. And I can be an edgy fuck sometimes, but even I know that.
On a realistic level, they're probably *not* going to go after people for posting themselves smoking a joint or for an upload of some obscure 2000s musical performance unless they already have it out for you, specifically, so it's not like everyone has to BE AFRAID BE VERY AFRAID but... just use some common sense.
Like, no true threats on others' lives more specific/targeted than general "eat the billionaires" level hyperbole, no weapons + bragging about them, no posting yourself having enough of a banned substance beyond a single personal dose post consuming it, no using fedi for actual protest/action plans any more than you'd use say gmail or your phone (and if you're doing either, STOP THAT too).
And if you used said common sense, your feelings of privacy violation are valid! But you're also likely safe, at least for now, *because* the First Amendment hasn't been entirely eviscerated yet.
I always treat Fedi like the old CB radio (I grew up in the era where it was still widely used) and assume anyone can monitor/record it and even "private" conversations aren't that private (more like having CTCSS/selcall)
I've always assumed the old bill, MI5/GCHQ etc (as well as "soft" surveillance orgs such as the BBC [0]) are scraping everything for later use...
[0] yes, our state broadcaster - look up what "BBC Monitoring" does if you are curious...
@exiliaex All very true...however...
1) They can't raid all of us. Mastodon is surely safer than traditional social media. All they usually have to do to get data from corporate social is write a letter.
2) This risk can be mitigated by careful server/admin selection. I live in the US. My server lives in France. There are certainly ways they could still get access (through me pretty much), but that will absolutely make it harder.
@exiliaex
Amazing that anyone still thinks that what they post on the internet might remain private imo.
@exiliaex@masto.anarch.cc Yup! The entire #fediverse runs on an open protocol. It's not just Mastodon. It's anything based on ActivityPub... intentionally designed for open and PUBLIC social media.
If we consider the "Fediverse" to be the larger domain of federated social media services, then that also includes tech like #matrix for secure encrypted chat.
As the fediverse grows, I expect we'll see scaling (and subsequent decoupling) of tech, and more domain-specific federated services. Currently mastodon et al are fairly monolithic in instance architecture.
I can see federated OAuth identity providers becoming a thing... where you create an identity and profile on one service, and use it across all compatible federated services. Use the same identity in Mastodon, Calckey, Pixelfed, Lemmy, etc. etc.
@exiliaex NGL, its pretty cringe that people are out there doing potentially-illegal activity and not using dm-crypt/LUKs on their computer.
@ryan source?
@exiliaex oh god what the hell did I miss AAAAaaa
@Nizzy yeah it literally just happened. eris is right, change your pw. change instances if you want but i dont think you need to.
@exiliaex uhm… this never had even the pretense of being private? It’s ActivityPub so you publish your activities…
@exiliaex if you to avoid being breached, I recommend using direct Peer to Peer and End to End encrypted means (preferably with software with open standards, and open source code to ensure that the programs does what it says). ActivityPub wasn't really built with to be resilient to those types of attacks. Also it can help possibly protect the admin should anything go wrong since they can't view or moderate stuff that's encrypted.
@exiliaex I mean, it is in the damn warning when you post
@exiliaex OFC!
Use #XMPP-#OMEMO and/or #PGP/MIME-encrypted #eMail!
NEVER EVER TRUST ANY PROVIDER!
NEVER EVER USE ANY #SingleVendor / #SignleProvider services or solutions!
Because there are no "logless" providers and no provider will risk getting shut down and it's personnel jailed for non-compliance with a warrant!
https://twitter.com/thegrugq/status/1085614812581715968