We’re in an exciting time for users who want to take back control from major platforms like Twitter and Facebook. However, this new environment comes with challenges and risks for user privacy, so we need to get it right and make sure networks like the Fediverse and Bluesky are mindful of past...
I thought this might be of interest to other users as well as admins.
> Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an unencrypted state when the raid occurred and it was seized, along with everything else.
>The database is the heart of a Mastodon server. A database copy such as the one seized may include any of the following user data, in this case up to date as of early May 2023:
>– User account information like the e-mail address associated with your account, your followers and follows, etc.
– All your posts: public, unlisted, followers-only, and direct (“DMs”).
– Possibly IP addresses associated with your account – IP addresses on Kolektiva.social are logged for 3 days and then deleted, so IP addresses from any logins in the 3 days prior to the database backup date would be included.
– A hashed (“encrypted”) version of your password.
In case you thought you were safer doing any illegal stuff here, yikes.
How can any Fediverse instance withstand that kind of force? Really the only way is to not save anything, or perhaps some sort of blockchain for all the comments and posts?
That's an interesting question. At the time being, I think the only way is to do regular backups and store them at a friends for example. That way an instance can be restored after the server has been taken.
Really the only way is to not save anything, or perhaps some sort of blockchain for all the comments and posts?
Blockchain is an interesting thought - or maybe something similar to Matrix. All instances have their own copy of a post and sync with each other. That way it doesn't matter if one instance disappears. Though, that would probably not comply with the Fediverse idea? Interesting thought experiment non the less!
I'm wondering if you use cloud based hosting what kind of protections you can get. For instance if you're running an AWS EC2 instance to host an Mastadon instance. Primarily running from outside of the USA, but utilizing Edge locations so the primary server hardware is not actually in the USA in this example.