this post was submitted on 09 Jul 2023
2190 points (97.9% liked)

Technology

34795 readers
247 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.ml/post/1874605

A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 81 points 1 year ago* (last edited 1 year ago) (22 children)

I'm almost certain that if something like this happened to any fediverse instance - that a local police enforcement would contact the admin and asked for user's data, which they are required by law to provide or they would go to jail/get a hefty fine and possibly a criminal record, they would do that too. That's also why E2E is required, to prevent such problems for instance admins - but then again, there's really nothing you can do against local law, and if it requires that you have to be able to cooperate, well... Then there's not much the admin can do, without putting himself in a real risk of prosecution, because he is breaking the law by have E2E.

That's also a good reason to be careful when selecting your home instance, and making sure that you choose one in a country that has all right laws in that regard.

Of course, that's assuming the police makes contact. I don't suppose that the admins would be searching through the DMs of people to snitch on them. And if Meta is doing that preemtively and is actively snitching on people - that's downright evil.

[–] [email protected] 6 points 1 year ago (9 children)

Single user instance locally hosted, is the only way forward

[–] [email protected] 3 points 1 year ago (2 children)

The federation API isn't using E2E either. It makes no difference if you use your mobile client to contact the mobile API or if you're hosting your own instance to use the federation API in safety regards. You should always be aware that every message / post / image you publish (even in a closed group) in the internet could be traced back to you and with enough afford be available to anybody with the right skills.

Only end to end encryption can help you there - this is the way.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Is it even possible to implement E2E in the context of ActivtyPub? I mean, as far as I know, the federation doesn't specify what content you send, only activities, groups and object definitions. There's nothing stopping you from making the actual data E2E encrypted, altough making it so would be a hard problem.

On the other hand... As I've mused about in the other comments, it should be possible to create a fediverse app that serves as a self-hosted front-end for interacting with different fediverse apps. All of your personal data would live on it, and you are in full control. Which would also allow for a safe implementation of E2E, because you just publish your public key, and know that since the app is under your control, noone can get to it. However, this would mean that the other users whould have to use the same standart.

I actually really like that idea. If we can separate users from servers with content, so Lemmy instances would only host posts and comments, but DMs would be handled by the private user instances, it would make Fediverse a lot more private.

The only question standing in the way is - who hosts the content of the posts I make? If my home is programming.dev, and I post to lemmy.ml, do I send the post data through ActivityPub to Lemmy to host, or do I host in on programming.dev, and Lemmy.ml just gets the ID of the post? If it's first one, making the self-hosted user frontend will be easy, since all you need is a few API calls to make posts, and the only storage you need is for DMs and your account details (which may actually static, so a faked webpage returning your data may suffice). If it's the latter, then it will be a lot more difficult to easily self-host.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

There is also the question of trust: The best solution should be an infrastructure that is due to E2E not able to read the messages it processes. The problem with this setup is, that you want to communicate publicly and you never know, who is part of your communication. I would advice to use signal or matrix if you need E2E. If not, use either Tor to proxy lemmy and try to stay anonymous or be aware, that your messages are not (which is always the best approach in my opinion).

[–] [email protected] 1 points 1 year ago

Yes however they can't get your phone without nearly as easily as a third party's data

load more comments (6 replies)
load more comments (18 replies)