Very important context! The US is rapidly turning Christo-Fascist. I hate this country.

Thank you.

Actual context paints a whole different picture compared to the clickbait post.

Disclaimer: I've never run a Mastodon or similar server, so the software may have more privacy built in, but potentially the issue would be account setup information that could be associated with public posts. Email addresses, IP address logs, etc. Those would be critical in matching public "anonymous" speech with real-world identifiable information.

Or simply running their own server.

You bring up valid points, but you are being very antagonistic towards server admins in the process. I get that you're frustrated by being dismissed all the time

Yea, you could have served your points in a less agressiv mana

You have great points, I agree, and it's why I donate to support lemmy.world. I'm hoping that enough people will donate small funds that it will cumulatively enable the server admins to better protect the instance. Basically like Wikipedia's funding model.

Maybe it's not realistic, but I'm hoping that the fact that we all gave enough of a shit to start anew on lemmy, a decent percentage of the userbase may be more likely to donate than typically the case in online platforms.

I guess time will tell the future of lemmy and the main instances.

Edit: Here are the donation pages:

• https://opencollective.com/mastodonworld
• https://patreon.com/mastodonworld

The history of piratebay proves that you can host a website (or instance in this case) and have it be incredibly resilient, out of reach for US/EU law enforcement as long as you have the knowledge and energy to do so. How many millions of hollywood-dollars have been spent on taking it down, vs how many days has it actually been down since it's creation?

Enterprise starts at 20k a year before traffic

My Mastodon server has just under 1.5k MAUs and has raised $4k so far this year. We've only been open for six months. This is not hard money to raise.

I like the idea of it, but you're right. It's not going to scale because at some point, somebody has to pay for it. And most users, myself included, seem unwilling to dip into our own pockets to satisfy our crippling addiction to cat pictures and world weary cynicism.

In the old days we had Usenet newsgroups, hosted by ISPs, just like most of them still do with email. It's the ideal place for hosting a fediverse, maybe not necessarily this one. They already scale their stuff with the number of users. We already pay them. And it decentralises power away from a handful of tech billionaires.

Would they do it? Who knows. They're certainly best placed for it, but would they want the unenviable job of identifying and blocking kiddy porn and cartel torture videos? I know I wouldn't want to be looking at that shit all day. The big networks obviously have a solution for that, but automated AI image recognition stuff only goes so far. At some point there's a poor minimum wage worker looking at it in a third world country.

Cloud flare's business is protecting small websites as well as large across the world from DDOS attacks. You don't think there's a tier somewhere between "free" and "enterprise 20k base"? DDOS mitigation techniques have gotten pretty advanced and are no longer the sole domain of large companies.

I'm curious, how would you do this in such a way that it wouldn't come at the expense of effecting your high availability?

If the server were on-prem or in the cloud... and the system crashed/rebooted, how would you decrypt (or add the passphrase) to the encrypted drive?... cause the likehood of the kernel crashing or a reboot after and update is higher than an FBI raid... and it would get tiresome to have the site being down, while we wait for Bob to wake up, log in, and type the passphrase to mount the encrypted hdd.

You could use something like HashiCorp Vault, but it isn't perfect either. If the server were rebooted, it could talk to Vault and request the passphrase (automatically) , but this also means that the FBI could also "plug in" the server (at their leisure) and have it re-request the passphrase. ... and if Vault were restarted there's quite a process to unseal (unlock) a vault - so, it would be as cumbersome as needing to type in the passphrase on reboot.

My point / question is: yes, encryption (conceptually) is easy, but if you look at "the whole life cycle / workflow" - it's much more complicated and you (as an administrator) might ask yourself "does this complexity improve anything or actually protect my users?"

The reason we don't see seizure of those servers is that those services have established working relationships with law enforcement, so there's no need to physically seize the servers.

It's worth noting that while various CEOs claim not to cooperate with law enforcement, the Patriot Act created provisions for establishing that cooperation without CEO permission or awareness.

In the case of Meta and the Muskverse, it's because they regard themselves as a third party and cooperate with law enforcement in disclosing everything about you on request. As per MEGAupload and Backpage (and presently TikTok) this tactic doesn't always work.

Google used to claim that they would demand warrants, and then run them past their blue-haired lawyers to make sure all the jots and tittles were in place before releasing data, but that was back in the aughts and early 2010s. I don't know what Google's relationships is to law enforcement today.

Amazon will also totally snitch on you, as will all the telecommunications services (Verizon, AT&T, Comcast, T-Mobile, Astound, etc.) It's one of the reasons you want to get a VPN service that actively deletes its records, and law enforcement doesn't like very much.

Once US law enforcement wants to get you, do not expect your civil rights to protect you. And don't talk to law enforcement. Wait for council and get a lawyer, because they will try to nail you for CFAA violations which can land you 25 years (which is more than some murder).

That's a great question. The EFF article gives answers that I find somewhat unsatisfactory (but may be possible solutions given what're there at the moment):

For users joining the fediverse, you should evaluate the about page for a given server, to see what precautions (if any) they outline. Once you’ve joined, you can take advantage of the smaller scale of community on the platform, and raise these issues directly with admin and other users on your instance. Insist that the obligations from Who has Your Back, including to notify you and to resist law enforcement demands where possible, be included in the instance information and terms of service. Making these commitments binding in the terms of service is not only a good idea, it can help the host fight back against overbroad law enforcement requests and can support later motions by defendants to exclude the evidence.

Another benefit of the fediverse, unlike the major lock-in platforms, is that if you don’t like their answer, you can easily find and move to a new instance. However, since most servers in this new decentralized social web are hosted by enthusiasts, users should approach these networks mindful of privacy and security concerns. This means not using these services for sensitive communications, being aware of the risks of social network mapping, and taking some additional precautions when necessary like using a VPN or Tor, and a temporary email address.

OpenPGP still exists. I've been saying this forever

I mean, given there are companies that scrape user data and sell them to interested parties including governments, it's seems highly likely that there will be entities that create instances just to collect people's data in the fediverse.