Kit Rhett AultmanWhew...a day of upgrading #SignsAndCodes off of the Mastodon 4.0 versions and on to 4.2.7. Glad to just have that all out of the way.
Hi #SignsAndCodes friends. Looks like we had a bit of an outage this morning when the database stopped running for some reason. I've got it restarted and I'm also doing my best to do a little spring cleaning on the storage while I'm at it.
I ForgetActivist instance kolektiva.social suffered a data breach. FBI seized an admin's computer, which had an instance database dump. That dump includes public posts from many instances, including ours. It also includes DM conversations with users on that instance.
Any time a #SignsAndCodes user has concern that their account info may be a risk to their safety for any reason, please contact an admin. We'll do what we can to keep you safe.
admin :heart_cyber: (@[email protected])
🚨 Kolektiva.social SECURITY ALERT 🚨 This is an alert for Kolektiva.social users. Please read this post in its entirety! In mid-May 2023, the home of one of Kolektiva.social's admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest. Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an *unencrypted* state when the raid occurred and it was seized, along with everything else. The database is the heart of a Mastodon server. A database copy such as the one seized may include any of the following user data, in this case up to date as of early May 2023: - User account information like the e-mail address associated with your account, your followers and follows, etc. - All your posts: public, unlisted, followers-only, *and direct ("DMs")*. - Possibly IP addresses associated with your account - IP addresses on Kolektiva.social are logged for 3 days and then deleted, so IP addresses from any logins in the 3 days prior to the database backup date would be included. - A hashed ("encrypted") version of your password. 🚨 👉 As a precaution we highly recommend that all users on Kolektiva.social *change their password immediately* to a new, unique, and strong password. We sincerely apologize to all our users and regret this breach. In hindsight, it was obviously a mistake to leave a copy of the database in an unencrypted state. Unfortunately, what would otherwise have been a small mistake happened to coincide with a raid, due to bad luck and spectacularly bad timing. We understand that our users and other people on the Fediverse will have a lot of questions. We will try to answer them as best we can, but please be patient and bear in mind that we may be overwhelmed with messages, and may be delayed in responding or unable to provide answers to certain questions for legal or technical reasons. As a security culture reminder, it can be extremely harmful to the individuals charged and to our community to openly speculate on the Internet about alleged criminal activity or about what law enforcement may be able to do with seized data. Our present awareness is that the seized Kolektiva data is unrelated to the federal investigation and prosecution and we are exploring legal avenues to have the seized data returned and copies destroyed. Thank you for your understanding and solidarity :black_sparkling_heart: 👇 Please see our replies to this post for additional information (1/?) 👇
Hey, #SignsAndCodes friends! Let's all give a welcome to @Solestria, the latest to join our community. They're a friend I've known for years through various queer circles, and I told them this is a nice, quiet place to get going on the Fediverse. They can introduce themselves, but consider following them, saying hello, and all that.
So, @epilanthanomai and the #SignsAndCodes family, I figure we should have a conversation about this and out-in-the-open is best. This place was originally created in response to Meta's (then Facebook's) anti-sex-work and, briefly, anti-queer policies. Now it seems that Meta is looking into Fediverse-related projects, and has been meeting with major instance admins under NDA. If/when Meta arrives here, what sould our policy towards them be? All thoughts and opinions welcome, public or private.
#SignsAndCodes admin note. I unilaterally and preemptively defederated the boks.moe instance today. The user base regularly and routinely posts content that includes slurs against various marginal groups of people. It's basically 4chan culture on a Mastodon server, and I felt sufficiently justified in taking action without consultation with others. If anyone disagrees, I'm happy to consider an alternative plan.
@mcmcgreevy Welcome to #SignsAndCodes! You're sure to find some fun new friends on our local timeline, too!
@epilanthanomai So, a new follow bot to discuss. This one is @relay. The prospectus here appears to be an ActivityPub to Matrix bridge, which I guess is...okay? At this point, I'm kinda getting tired of people's follow bots in general. #SignsAndCodes
We've defederated from takesama.com. They're a private social network who state in their whitepaper that their goal is to bypass defederation and nonconsensually index user content.
@epilanthanomai @scalene #SignsAndCodes I have removed the full instance block and we'll take a policy of going after individual offender accounts in the future. Thanks for the patience and discourse. This is why we have an open process here.