question for instance admins, please boost 

Are there any instance admins in the fediverse who would take significant steps in order to avoid cooperating with a police investigation (anything from declaring a refusal to cooperate to destroying any data that seems like it could be obtained by the police)?

re: specific answer to question for instance admins 

In our opinion any admin who feels this way (not making any judgments about someone feeling this way - there are both good and bad reasons for it) should make that known to their users.
pl.neko.bar/objects/7fa2d4ac-8

Show thread

re: question for instance admins, please boost 

@romainelaprophetesse I'm not a big instance moderator, but I'll say that from what I know, for probably a large portion of instances, it'd likely be out of their hands - the authorities could easily go to their web hosting provider, who with the exception of a very select few, would probably happily hand over everything.

re: question for instance admins, please boost6 

@holly So are there any instance admins who either a) use one of these select few providers or b) have taken or would take steps to counteract the possibility of the host handing over data?

re: question for instance admins, please boost6 

@romainelaprophetesse For the first point, I just know that a lot of servers tend to use hosts like Hetzner, Linode, Vultr, OVH, and DigitalOcean that I feel would be more likely to hand over data than not, should authorities come knocking. (I'd link the page I recall seeing such statistics on, but the website - I believe fediverse.network - appears to be down at the moment.) I don't know how many instances actually use more protective hosts, admittedly I'm not too sure on which ones there are out there, I just know they exist. I'll go ahead and boost for visibility for perhaps further clarification on both points from those who do host public instances ^^

re: question for instance admins, please boost6 

@holly Yeah visibility boosts would be great! Don't expect many people to have immediate answers but hopefully at least this will get people seriously thinking about it & taking meaningful steps.

re: question for instance admins, please boost6 

@holly @romainelaprophetesse so I do use Linode, but I don't host my insurance on their servers. I host my instance from where I live and use their servers as a forward for Internet traffic through an encrypted tunnel. If they were logging things, they would only see that encrypted traffic.

I think the only other precaution sysadmins could take would be to use a recursive DNS solution and encrypt DNS traffic for good measure. It's difficult to get around ISP snooping. However, I am more than willing to be corrected on this.

question for instance admins, please boost 

@romainelaprophetesse I'm not the main admin, but I'll do whatever I can to protect my users. We do not cooperate we police in this house.

question for instance admins, please boost 

@romainelaprophetesse important but maybe people should limit it to serious self-reflection and shouldn't post vows on this public network *sweats profusely*

re: question for instance admins, please boost 

@oya That is a good suggestion. We think public vows are meaningful **if admins feel prepared to make them** but to be clear aren't demanding any *specific* steps, especially since as non-admins we don't know what's best & whatever works may vary widely depending on the instance.

re: question for instance admins, please boost 

@romainelaprophetesse
Interesting question. One should not openly confirm this in case something happens going forward.

re: question for instance admins, please boost 

@ultem You may be right. We won't tell anyone how to respond but we believe that posing the question publicly is very very important.

question for instance admins, please boost 

@romainelaprophetesse I'd straight up delete the instance tbh

re: question for instance admins, please boost 

@dragon (Assuming you're an admin) Do you know what you would do if for some reason you are unable to delete the instance, or have something set up that could work without you needing to "be there"?

re: question for instance admins, please boost 

@romainelaprophetesse so right now my instance is hosted on ovh which has a convenient "format server" button, but I don't fully trust them so I'll be migrating the instance to an encrypted server in my home once I manage to get stable housing

If I was unable to delete I'd just warn everyone on the instance via DM cause I personally know the active users to delete their posts and get to work on deleting mine (there's a tool for it that I don't remember the name of), I'd also warn the "offending" user if the cops are knocking on my door about something specific

Do you have ideas on more things I could do?

re: question for instance admins, please boost 

@dragon We're not admins so we may be missing some potential suggestions but may come back to this later if we have better/more ideas

re: question for instance admins, please boost 

@romainelaprophetesse cool thanks :) always good to hear other peoples ideas

re: question for instance admins, please boost 

@dragon @romainelaprophetesse

> Do you have ideas on more things I could do?

know a lawyer that you can call in emergencies before all of this happens

re: question for instance admins, please boost 

@bootie_fringe @dragon That can make an enormous difference, even when it can't prevent certain information from "coming out"

re: question for instance admins, please boost 

@bootie_fringe @romainelaprophetesse oh shit yea good call!!

re: question for instance admins, please boost 

@dragon @romainelaprophetesse

> Do you have ideas on more things I could do?

the admin of cock.li is a major asshole, but he has perfected the fine art of being an asshole to law enforcement.

one of the tools in his arsenal is live streaming calls from authorities to different jurisdictions via mumble in case he is legally banned from commenting on or revealing something

police: “btw, you can't tell anyone” – asshole: “I already did”

re: question for instance admins, please boost 

@dragon @romainelaprophetesse he details his process & reactions to it here: vc.gg/blog/soundcloud-bad-for-

> When the phone call was over, one of the listeners and a friend of mine […] informed me that he had recorded [it] and intended to publish it. Skipper proceeded to publish the call on SoundCloud and share it with cock.li users. Hooray for transparency! That is until recently, when SoundCloud removed the recording from its site by request of the FBI.

re: question for instance admins, please boost 

@dragon @romainelaprophetesse just in case you do things like that, know that states can & will retaliate:

vc.gg/blog/so-its-been-a-while

> I was detained by Customs and Border Protection (CBP) […] I refused to answer any questions and instead gave them the contact information for my lawyer. They demanded I decrypt my phone […]. When I told them no, they said they would seize all of my electronics and search all of them for "contraband".

warning about admin of cock.li, racism, sexism, fascism, pedophilia 

@dragon @romainelaprophetesse

> the admin of cock.li is a major asshole

just in case anyone doubts this, vincent canfield (VC) advertises email hosting for the following domains:

• nigge.rs
• hitler.rocks
• getbackinthe.kitchen
• rape.lol
• nuke.africa

As far as I know he actually believes in free speech (i.e. purposely being as offensive as possible) with the single exception being that he bans pedophiles from his service.

@dragon @romainelaprophetesse tbh except for the weird pedophile thing (he bans them even if they do not do anything illegal) all of it makes sense under “ppl should be free to say whatever they want” ethics

@dragon @romainelaprophetesse so that belief system plus a lack of any respect for laws means OF COURSE he will offend law enforcement, just to make a point

@dragon @romainelaprophetesse also you still can learn from him how to be an asshole to LE in an effective way

@dragon @romainelaprophetesse I would, however, strongly advise ppl to not ever talk to him, invite him, or piss next to him in a public bathroom

extremly cursed insight 

@dragon @romainelaprophetesse btw I kinda hate to admit it, but even with all the shit VC pulls he is still a better person than most cops are …

re: question for instance admins, please boost 

@dragon @romainelaprophetesse

Encrypted is the only way to roll

question for instance admins, please boost 

@dragon @romainelaprophetesse at that point they already have the evidence & will fuck you over for not cooperating

re: question for instance admins, please boost 

@romainelaprophetesse most likely absolutely yes, but I still think I would need context. Like if it involves nazi fucks getting locked up I would probably cooperate

question for instance admins, please boost 

@romainelaprophetesse not an admin but if i was id be too wary to answer this question, and id remind users that that kinda data shouldn't be shared on here :blobspy:

re: question for instance admins, please boost 

@ox It's a reasonable course of action, but it doesn't do much to counteract the reality that for most people what kind of data counts as "something police would be interested in" is largely out of their hands, or that simply being progressive/leftist/radical/revolutionary/saying anything political at all/being Black can make someone a target, does it?

re: question for instance admins, please boost 

@ox (That's in response to the "reminder", not the choice to not respond to our post publicly)

re: question for instance admins, please boost 

@romainelaprophetesse nope it's no help at all :\ id just assume everything here is already copied onto a gov't hard drive somewhere, even if an admin is cool

re: question for instance admins, please boost 

@ox Right. Safe assumption. Then the question becomes *which* government hard drive, if they can find it & piece things together fast enough, & many other social questions & conditions that underlie the reality that no state is invincible & the cops fuck up all the time for all kinds of reasons.

re: question for instance admins, please boost 

@romainelaprophetesse i hope so. im just a little extra fucked up today because i read that wired article that went around earlier

re: question for instance admins, please boost 

@ox Wait, what article? Missed it (apparently)

re: question for instance admins, please boost 

re: question for instance admins, please boost 

@romainelaprophetesse @ox mastodon uses activity pub, which in turn uses activity streams, a data format that uses Json-ld, the LD standing for linked data. It would be trivial to make a network graph out of the data if they have it, like pretty much just loading it into a commodity database that understands Json-ld

re: question for instance admins, please boost 

@stitchandsew @romainelaprophetesse @ox

the BBC (yes, the state broadcaster of the United Kingdom) already uses technology like this to scrape web forums, chatrooms etc and monitor social media trends (although mostly only for content discoverable via the public Internet)and has done so 20+ years, originally at Caversham in SE England but since 2018 via a base in London which works alongside the UK government and security services. >>

re: question for instance admins, please boost 

@stitchandsew @romainelaprophetesse @ox

parts of this operation are classified but others are widely known about, particularly the historical operations at Caversham which started in World War II as a method of monitoring propaganda broadcasts of the Axis powers but carried on well into the Cold War and beyond into the Internet age.

en.wikipedia.org/wiki/BBC_Moni

re: question for instance admins, please boost 

@romainelaprophetesse my instance, the database, and all media are full disk encrypted. Pigs aren't getting anything but noise if they seize it.

re: question for instance admins, please boost 

@feld Even if they coerce you into giving them access, or somehow are able to gain it through a method you hadn't thought of?

re: question for instance admins, please boost 

@romainelaprophetesse I ran my own instance for a year. The answer is, hell no. I'm not going to jail for someone else's stupidity.

question for instance admins, please boost 

@romainelaprophetesse it depends; we do have a @thecanary ; "any data that seems like it could be obtained by the police" is unclear how we'd cooperate as cops could be obtaining this post as soon as it federates.

re: question for instance admins, please boost 

@t54r4n1 @thecanary You're right, it's not totally clear & this conversation is largely public.

Are you aware of the situation with riseup where they intentionally covered up their canary in order to cooperate with cops without being detected (until they decided to tell people)?

re: question for instance admins, please boost 

@romainelaprophetesse i am not! please share links with details.

re: question for instance admins, please boost 

@romainelaprophetesse interesting, thanks for the link. i think this happening is one of the reasons i have a policy of posting semi-regular updates on @thecanary ; one could take meaning out of the last post date this way even if i decide to comply and am gag ordered.

re: question for instance admins, please boost 

@t54r4n1 @thecanary Er, that phrasing may be unclear - they kept up the impression that the canary was fine when in fact they were cooperating.

question for instance admins, please boost 

@romainelaprophetesse a significant step would be to have DMs with end to end encryption btw.

can't snitch if you don't know a thing!

question for instance admins, please boost 

@romainelaprophetesse unfortunately the structure of mastodon means it’s not so much about having your admin take those steps, but having *every admin of every peer instance* take those steps. Gargron has already closed various suggestions to make DMs more private as wontfix, saying that truly private comms should be done over a different medium. So yeah, I’d rather delete the contents of my server than cooperate with police (and at least I’m not in the US), but even if I did full-disk encrypt the server, anything not local is sent all over the place.
Running a matrix server seems like a better option for that at the moment.

question for instance admins, please boost 

@romainelaprophetesse I could set up a disk-encrypted server hosting a “limited-federation” mastodon server (I.e. federate with nobody, local only), hosted via tor/VPN in a country with no US LE cooperation pretty easily, though my budget for extra projects is starting to stretch thin without much work. It could be done but you’d need everyone you want to contact to also have an account on there, and the encryption is still far less robust than ground-up E2E secure platforms like matrix.

question for instance admins, please boost 

@s0 @romainelaprophetesse

the Fediverse is more like CB radio / PMR446 / (the equivalent for your country) but with repeaters allowed and everything interlinked to allow comms with other nations - its still easy for those determined enough to simply lurk and monitor the "channels" and its not at all the best thing for secure private comms or anything that would risk getting you in big trouble (ofc that varies depending where you are)

Sign in to participate in the conversation
Eldritch Café

Une instance se voulant accueillante pour les personnes queers, féministes et anarchistes ainsi que pour leurs sympathisant·e·s. Nous sommes principalement francophones, mais vous êtes les bienvenu·e·s quelle que soit votre langue.

A welcoming instance for queer, feminist and anarchist people as well as their sympathizers. We are mainly French-speaking people, but you are welcome whatever your language might be.