Oddbean new post about login | logout FBI #Seizure of #Mastodon Server Data is a Wakeup Call to Fediverse Users and Hosts to Protect their Users https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their #privacy
For users, #tor fixes this - servers and relays can't be force to reveal your real IP and identity if they never had it. For operators, #tor also fixes this - they can't kick in your door and steal all your stuff if they can't even tell which continent your server is really in. https://torproject.org for users, https://whonix.org for operators. nostr:nevent1qqs808zgku4ya6ut5tzjl0pl0t5ln3dz6hs0zqr0526ehkj36k890aqpg3mhxw309ahhsarjv3jhvctkxc685d35093rw7pkwf4xwdrww3a8z6ngv4jx6dtzx4ax5ut4d36kw6mwdpa8ydpkdeunyutzv9jzummwd9hkutczyq0x0h3h2st3quwne7d5fdh9g67eflg29j3lkndmkxc9g6zujytwgqcyqqqqqqgz8tasa
It's like they're doing the nostr marketing for us at this point
When they come for Nostr they will: 1. Target the biggest relays first. 2. Some might/will fall 3. There will always be some that won't AND that content, identity will always live forever 4. Torrents never ended. The model is simply too hard to beat and then there's the private tracker thing, etc, etc Nostr is truly an incredible work and an incredible tool.
right… but why the fuck no Tor for Nostr?
Some are working on it. At least on mobile. note1qmfeg4gslr5faawp5xnux4lvfh0dfe0g5yxqud4uyztwa5mx8kms3mar0q
Wait a minute…it’s possible for Mastodon server hosts to decrypt user data? Yikes. 😬
Hasn't DMs always been unencrypted in Mastodon servers?
I’m sure @Alex Gleason 🐍 knows.
Did you read all the feminist dms @Alex Gleason 🐍 ? 😂
The mastadon admin has access to everything, pretty sure.
If this is what I think, the dude had plaintext database backups at his house. They seized those. And DMs weren't encrypted last time I looked at it. Gleason knows for sure.
Not a mention to Nostr… which is likely better
Nostr relays are likely better because their only job is to store and forward information. They have no concept of private vs public information and are untrusted by default. It's up to the client, rather than the relays, to keep private information encrypted and secure. A seizure of a nostr relay would be useless in this same situation.
One difference between the fediverse and the nosterverse are accounts. If it has a username and password vs permissionless login. This is what I'm noticing in many of v4v style hosting programs. Step 1, make an account. Making accounts is lame. And then that server becomes a target. Where we're going, we don't need accounts. nostr:nevent1qqs808zgku4ya6ut5tzjl0pl0t5ln3dz6hs0zqr0526ehkj36k890aqppemhxue69uhkummn9ekx7mp0qgspue77xa2pwyr3608ek39ku4rtm98apgk2876dhwcmq4rgtjg3deqrqsqqqqqpy7mll7
A pro tip I got from an actual digital forensic person who did this stuff. Just have a shit ton of sd cards filled with everything. It's like a denial of service on the investigator. He admitted to me he will hate you and if it takes longer than a month he will give up. It pays to be a hoarder.
This also makes me think of what happens when they seize your hardware wallets. I know that LE has drawers of ledgers waiting for an exploit. If only there were a way to store bitcoin on commodity hardware. nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpzpmhxue69uhkummnw3ezuamfdejs92xe5k
The best part is that even if they find your SeedSigner, there's nothing there! 🙂
