FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse Users and Hosts to Protect their Users - eviltoast

I thought this might be of interest to other users as well as admins.

  • money_loo@1337lemmy.com
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an unencrypted state when the raid occurred and it was seized, along with everything else.

    The database is the heart of a Mastodon server. A database copy such as the one seized may include any of the following user data, in this case up to date as of early May 2023:

    – User account information like the e-mail address associated with your account, your followers and follows, etc. – All your posts: public, unlisted, followers-only, and direct (“DMs”). – Possibly IP addresses associated with your account – IP addresses on Kolektiva.social are logged for 3 days and then deleted, so IP addresses from any logins in the 3 days prior to the database backup date would be included. – A hashed (“encrypted”) version of your password.

    In case you thought you were safer doing any illegal stuff here, yikes.

  • buwho@lemmy.ml
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    Good article. I’m curious, what warranted a warrant for the FBI to seize the DB and other things?

    • Mike@postit.quantentoast.deOP
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      1 year ago

      As far as I know they seize everything if there’s a warrant. No matter whether it’s relevant for said warrant.

      Edit: Sorry, misunderstood your comment; Don’t know what the reason for the warrant was.

  • erogenouswarzone@lemmy.ml
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    How can any Fediverse instance withstand that kind of force? Really the only way is to not save anything, or perhaps some sort of blockchain for all the comments and posts?

    • Mike@postit.quantentoast.deOP
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      That’s an interesting question. At the time being, I think the only way is to do regular backups and store them at a friends for example. That way an instance can be restored after the server has been taken.

      Really the only way is to not save anything, or perhaps some sort of blockchain for all the comments and posts?

      Blockchain is an interesting thought - or maybe something similar to Matrix. All instances have their own copy of a post and sync with each other. That way it doesn’t matter if one instance disappears. Though, that would probably not comply with the Fediverse idea? Interesting thought experiment non the less!

    • buwho@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’m wondering if you use cloud based hosting what kind of protections you can get. For instance if you’re running an AWS EC2 instance to host an Mastadon instance. Primarily running from outside of the USA, but utilizing Edge locations so the primary server hardware is not actually in the USA in this example.