289
top 46 comments
sorted by: hot top controversial new old
[-] ICastFist@programming.dev 92 points 1 year ago
  • Step 1: Don't host in the USA
  • Step 2: Don't host in a USA puppet ally
[-] insomniac@sh.itjust.works 79 points 1 year ago

Probably good advice but not exactly relevant. The person was hosting a server in their house and got raided for unrelated reasons and all their electronics were seized. Had they hosted in a data center or at least had off premises back ups, this wouldn’t have happened.

[-] JohnDClay@sh.itjust.works 22 points 1 year ago

I thought one of the points of the fediverse was to not be centralized in data centers that are more easily controlled. It's supposedly supposed to be easy and relatively cheap to spin up your own instance on your own hardware. Just outsourcing to a data center I think goes against what the fediverse promised.

[-] PapstJL4U@lemmy.world 35 points 1 year ago

Fediverse does not use magic. They are bound cabels and cpu.

In average any datacenter wil have a better connection to everywhere else.

[-] kakes@sh.itjust.works 25 points 1 year ago

I disagree.

It's about control of the platform. A datacenter isn't going to start making administrative decisions about the "business direction" of your instance. They can shut the server down, but so could a thunderstorm on a home server.

Even if the data center did (for whatever reason) administrate an instance, the idea of federation still holds because users get to decide if they like the decisions being made - regardless of who is making them.

[-] insomniac@sh.itjust.works 24 points 1 year ago

Like anything, it’s a trade off. The fact that you can do whatever you want is the good thing. As long as everyone isn’t in the same datacenter, it’s fine. There’s datacenters all over the planet.

If you’re self hosting, you can mitigate the risks by having some kind of contingency plan though. Just having backups in another location would have made it possible to get back up after the interruption. Now, this instance is probably just screwed.

Data centers aren’t inherently bad and neither is self hosting. But there’s different risks that need to be planned for.

[-] Revan343@lemmy.ca 11 points 1 year ago

If you’re self hosting, you can mitigate the risks by having some kind of contingency plan

Like a degaussing loop hidden in the door frame?

Just having backups in another location would have made it possible to get back up after the interruption

Oh. Not that kind of contingency plan

[-] Arael15th@sh.itjust.works 3 points 1 year ago

Like a degaussing loop hidden in the door frame?

I deeply enjoy that your mind has a rail for this train of thought to run on

[-] Tylerdurdon@lemmy.world 4 points 1 year ago

Seems like a nice goal, but in the end aren't you geographically limited to where ISP's offer equivalent upstream bandwidth? Even then there are caps sometimes and other ways we still get controlled.

[-] vd1n@sh.itjust.works 11 points 1 year ago

As an American, feel free to just mute us. Watch the slow motion collapse from a distance.

[-] DarkSpectrum@lemmy.world 17 points 1 year ago

I have dreamed about the ability to do this for so long. Cut US communications off and prohibit travel in/out. You can come out in 100 years when you're ready to play nice.

[-] Socsa@sh.itjust.works 6 points 1 year ago* (last edited 1 year ago)

Lemmy: please do no use the term "Chinese shills" as this is sinophobic.

Also Lemmy:

[-] wanderingmagus@lemmy.world 4 points 1 year ago

Unfortunately, good old Uncle Sam may take offense at that, and his six-shooter contains somewhere on the order of a few thousand thermonuclear weapons, which he's already used, twice. He's also not afraid of ignoring national sovereignty and borders when it's in his interests.

Not saying this is a good thing by any means, and sorry for raining on your parade, but the situation is what it is. Hopefully sometime in the next few decades, if not sooner, some kind of change for the better can be made. Who knows?

[-] Arael15th@sh.itjust.works 6 points 1 year ago

Sorry to be a pedant but we used two atomic bombs, not thermonuclear ones. Encyclopaedia Britannica

[-] AnyOtherIdiot@sh.itjust.works 3 points 1 year ago

If this happened, the first Americans to land in Paris in 100 years time would be greeted with "Privyet".

[-] Socsa@sh.itjust.works 2 points 1 year ago

This is exactly why I only host on DefinitelyNotAHoneypot.sk. everyone knows that the CIA can't run colo services in Slovakia.

[-] Repossess6855@lemmy.dbzer0.com 47 points 1 year ago

The US again continuing to flex its muscles that it truly does own and control half the world, as it so affectionately reminds us daily.

It is absolutely hysterical how bad authoritarianism has engulfed all modern governments. This isn’t remotely a left vs right thing or a US thing, almost all modern governments have become this way.

[-] Underwear@lemmy.world 51 points 1 year ago

The person referenced in the article was raided for completely unrelated charges. It just happened they took the server and backups as part of the raid. Had they hosted off-site or kept the backups off-site, the damage would have been minimal. This article brings up a good point, but it's not the nefariousness that the title implies.

[-] girlfreddy@sh.itjust.works 25 points 1 year ago

Cops took what wasn't needed and haven't returned it (that we know of).

I'd say that's about as nefarious as it gets.

[-] ZodiacSF1969@sh.itjust.works 16 points 1 year ago

How do we know it wasn't needed? What were the charges?

[-] some_guy@lemmy.sdf.org 11 points 1 year ago

Any time they take all electronics, there's bound to be something there that wasn't needed. It's overly broad.

[-] Zorque@kbin.social 14 points 1 year ago

And that's often because what is needed isn't in plain site, so it makes sense to just grab everything and take it back to their lab and have experienced techs go over it rather than having the site team sit on the computers going through files to find what they need.

[-] MomoTimeToDie@sh.itjust.works 13 points 1 year ago

Yeah, because humans can't just pick up a drive and instantly read every single thing on it. The cops have no idea how many pieces of storage you have or how you organize your files.

[-] xkforce@lemmy.world 7 points 1 year ago* (last edited 1 year ago)

How do you know that it was? Were you involved in this case enough to know something the rest of us dont? Or are you just a bystander playing devil's advocate?

EDIT: since I apparently cant reply to your comment below, you cant just claim that the hardware was involved in a crime by "just asking questions" then accuse me of "stirring up shit" after calling you out on making unsubstantiated claims. If you make a claim it is YOUR job to defend that claim. Not everyone elses' job to disprove your assertion.

[-] Zorque@kbin.social 10 points 1 year ago

Were you involved enough to know that it wasn't? There's devil's advocate, and then there's devil's PR. Why are you trying so hard to stir up shit where none exists? It's not wrong to want more information before going on a paranoia bender.

[-] MomoTimeToDie@sh.itjust.works 4 points 1 year ago* (last edited 1 year ago)

Were you involved in this case enough to know something the rest of us dont?

I could say the same to you. Trying to research it literally only surfaces what the admins of the instance have said. As far as I could tell, they didn't publish anything concerning what was in the warrant, or any specifics of what crime was being investigated. The most they've said is that it's related to a protest.

Beyond that, it's basically just standard procedure to seize all or most computers and drives on a warrant since they can't possibly know exactly which ones do and don't contain evidence in advance.

So yeah, I'd would say it's entirely reasonable to question the person calling it "as nefarious as it gets" for more information

[-] ZodiacSF1969@sh.itjust.works 2 points 1 year ago
  1. I'm not the person you can't reply to below.

  2. I was literally just asking. If the warrant was in relation to a charge that they were hosting CSAM, then yes the seizure of the server would be appropriate.

[-] MomoTimeToDie@sh.itjust.works 7 points 1 year ago

Executing a warrant is as nefarious as it gets?

[-] Odo@lemm.ee 8 points 1 year ago

From what I read, it looks like they were hosting off-site, but had an unencrypted backup of the database locally at the time of the raid.

[-] Zorque@kbin.social 6 points 1 year ago

So the reaction we should be having is to be careful whose instance you sign up for?

[-] Socsa@sh.itjust.works 4 points 1 year ago

No autocracy is when rule of law. Wake up sheeple.

[-] Bridger@sh.itjust.works 2 points 1 year ago

But this is the strength of federation. One tiny bit of the fediverse was taken down. This did not affect the rest of it. There will always be bad actors, whether the cops, the administrators of a particular instance or the owners of a mega-forum like twitter or reddit. With a decentralized system the damage is localized and minimized.

[-] Dave@lemmy.nz 7 points 1 year ago

It wasn't even taken down. The dude was raided probably because of some electronic crime, they took his electronics to get evidence. Completely reasonable.

On their backup hard drive happened to be a backup a mastodon instance, so by extension they got that too. The backed up data, not the server.

It's not some nefarious collusion, it's completely reasonable actions.

Now whether the backup should have been stored unencrypted on a hard drive at their house? Well that's a server admin problem not an FBI issue, but the comments here come across like the FBI shouldn't have done what they did.

But I'd argue that you should not store anything on Mastodon where it would be an issue if it became public. It's basic 90s internet safety. We know that the data isn't encrypted (the same for Lemmy), don't go sharing passwords on a site designed for public sharing.

[-] Arael15th@sh.itjust.works 7 points 1 year ago

But I’d argue that you should not store anything on Mastodon where it would be an issue if it became public.

One of the first things new fediverse users should be told is that the fediverse is not the darknet.

The US in living its own Brezhnev Era

[-] Repossess6855@lemmy.dbzer0.com 1 points 1 year ago

I’d argue a great majority of the world has entered this era now, and consider it a standard. I hate it. They took 1984 and used it as an instruction manual.

[-] CodeMonkeyDance@lemmy.world 18 points 1 year ago

Yeah, I want to know what these unrelated charges were for before I get up in arms about a nothing burger. Sound sus as hell.

[-] traches@sh.itjust.works 1 points 1 year ago

It's irrelevant to the EFF's point here, because a database backup containing user data was seized by the FBI. Those users almost certainly had nothing to do with whatever the charges were.

[-] Saki@monero.town 11 points 1 year ago* (last edited 1 year ago)

Get Tor Browser and/or Tails OS. When privacy is important and you need to be anonymous, use only Tor-friendly instances only via Tor (never once log in showing your real IP - if you accidentally do that, you'll have to re-create another account as a different person).

When an email address is necessary to sign up, get one anonymously (again using Tor Browser), from a privacy-centric company or group, e.g. Tutanota, Disroot. Needless to say never ever use Gmail. https://tosdr.org/en/service/217

[-] wanderingmagus@lemmy.world 4 points 1 year ago

Still no guarantee of privacy. Tor exit nodes have been known to have been monitored, and tons of sites seized.

[-] blargh@lemmy.dbzer0.com 3 points 1 year ago

He's talking about instances with .onion addresses, you never touch an exit node.

[-] Saki@monero.town 3 points 1 year ago

True. Tor, Tails, PGP (GPG), Monero etc. are not magic: you can be still de-anonymized especially if you post your private info by yourself. One thing I've been feeling a little uneasy about Tor is, the project is largely funded by the US Government itself, and in the past the US intentionally weakened Netscape browser (*1). While I would like to believe that something similar is not happening to Tor Browser, I'm not an absolute believer of Tor (like you said, there may be bad actors in the Tor network too). I might be feeling somewhat more comfortable if Tor Project were based on Europe, not the US.

Nevertheless, using Tor should be surely safer and more privacy-friendly than just using clearnet. Tor Browser is FLOSS and free as in free beer too. Using it when you'd like to be anonymous is not such a bad idea, especially if your instance is Tor-friendly.

(*1) https://wl.vern.cc/wiki/Crypto%20Wars?lang=en#PC_era Onion - http://wl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/wiki/Crypto%20Wars?lang=en#PC_era

Another example of intentional back doors standardized by the US is: https://wl.vern.cc/wiki/Dual_EC_DRBG?lang=en Onion - http://wl.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/wiki/Dual_EC_DRBG?lang=en

[-] KyRoLen@sh.itjust.works 5 points 1 year ago

There should be a way to encrypt things when the server is off and then have a Killswitch for situations like this. Idk if it'd be overkill in this case thougj

[-] freeman@lemmy.pub 2 points 1 year ago

Luks is a thing. No reason it can’t be done on the server though things like patching won’t be automated.

Kill switch is well, not as easy. But possible.

That said. The government would just lampoon you in the media as some child porn hoster or whatever they want and taint the jury pool. And probably charge you with obstruction and a host of other things if you didn’t decrypt the server.

There is case law where refusing a description password isn’t covered by the 4th or 5th amendment so they could just Guantanamo your ass as pressure.

https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/

https://arstechnica.com/tech-policy/2020/08/nj-supreme-court-no-5th-amendment-right-not-to-unlock-your-phone/

https://www.zdnet.com/article/florida-court-says-password-disclosure-not-protected-by-fifth-amendment/

https://www.eff.org/press/releases/appeals-court-upholds-constitutional-right-against-forced-decryption

https://www.postschell.com/insights/third-circuit-imprisonment-refusing-order-decrypt-device-cannot-exceed

TL:DR - there’s no established case law that protects you from withholding the encryption key from government and there’s conflicting rulings in the current US districts. In some places you can be held indefinitely. Unsure what occurs if you can’t remember the key though.

[-] lemmy@lemmy.stonansh.org 1 points 1 year ago

Is there anything instance owners can do? Are there things you can do with your server to get better security for your users (and yourself)

load more comments
view more: next ›
this post was submitted on 25 Jul 2023
289 points (100.0% liked)

sh.itjust.works Main Community

7693 readers
2 users here now

Home of the sh.itjust.works instance.

Matrix

founded 1 year ago
MODERATORS