kworker πŸ’»πŸ΄πŸŒ±

Everyone has opinions so I guess I do too now.

tl;dr: this really sucks but I'm not freaking out. Update passwords/2fa codes, use Tor/a VPN/the kolektiva hidden service (❀️), use fresh email accounts.

Having an unencrypted copy of a database backup locally is a bad screwup. Others have pointed out that it would've been better to have a staging/dev environment in the same hosting infrastructure so that debugging can be done without putting database copies anywhere more exposed than they already are. Hopefully that is one of the internal changes kolektiva admins make to tighten things up.

Aside from that, I think people are dealing with the shock of both feeling let down by a friendly project, and maybe having some illusions about mastodon shattered.

I haven't run an instance or dug through the code, but my understanding is that Mastodon focuses on federated social media, not secure or private social media. Last I checked there isn't any encryption of messages, and DMs are implemented more like hidden-by-default multi-person threads than a 1-on-1 conversation. In the typical use case toots are public and viewable by anyone, including a bot just scraping the web interface.

Information like IP addresses, email addresses and obviously hashed passwords should always stay private and it really sucks that cops have it now. But as far as I know it isn't public, or being traded on some darknet forum. Cops unintentionally got valuable data they weren't looking for. They don't have anything they couldn't have requested via subpoena, and I wouldn't personally expect kolektiva admins to go to jail rather than comply (although that would be incredibly fucking cool of them).

Also, I personally think people may overrate the security of collective services like this in comparison with corporate services, but I don't have solid experience in either so 🀷.

At the risk of coming off victim-blamey with advice too little too late, this all can be mitigated, and these are things someone should already be doing if they want to protect the anonymity of a mastodon account:
- IP address: VPN/Tor has always worked in my experience to use kolektiva. They even set up a Tor hidden service a while back (maybe before the breach? Not sure. But hugely appreciated!!)
- email: protonmail, or other email provider, can be used for a fresh email account unassociated with anything else to use for the kolektiva account.
- password: a password manager lets you easily use a unique password that isn't reused with something else, and that's strong enough to be unlikely to be cracked any time soon. You can likely change the password before it's cracked.

If mishandling user data like this totally destroys your trust in kolektiva admins and you want to change instances, that's fine! We're better off with more instances at least so no single admin screwup has a catastrophic impact. But also this is still the "publish things on the Internet" software. It's for communicating openly with strangers, not necessarily securely communicating with people you know.

Finally, here's hoping for a speedy release (if necessary) & dropping of any charges for the raided admin.

Jul 1, 2023 at 5:41pmWeb
Show threadEarthworm 🐌Jul 1, 2023

@kworker

Thank you for these very cool-headed thoughts!  

This crisis is a reminder that federation of many small to medium instances is the best thing we can have.
I hope we find ways to not cause an inefficient large amount of work by having to moderate/admin multiple smaller instances.
But it would be definitely safer and more resilient.

Show threadApenas um gaucho por aiJul 1, 2023

@kworker

My opinion is that there is not much to do about it.
You can migrate to other instance but how do you know that they actually put any effort in informational security ?
I think it might be reasonable hard to find other instance that has more security than this one.
At the end of the day most of this stuff is voluntary work and you can only have so much expectations about it.
Also as you said this site is about publishing stuff on the internet, not safely communicating with people you already know offline

Show threadkworker πŸ’»πŸ΄πŸŒ±Jul 1, 2023

@A_S_B yeah. I think people aren't as skeptical or cautious about server security as they could be. I haven't looked, but I'm unaware if instance admins talk about security practices they have. Is access to infrastructure logged audited and actively reviewed? Are admin machines secured and monitored for malware activity? Are backups both secure, and actually useful (disaster recovery)? Both for kolektiva, but also any other instance.

This shit can be hard, and even with less infrastructure to manage, there's less people to manage it with. Just moving to a different instance isn't necessarily a different or better situation.

IMO it's better to have a more guarded approach to interacting with tech in general. And like, thinking through your concerns and how to deal with them (threat modeling). If you really need anonymity with a mastodon account, you need to do things differently and take extra steps.

Show threadApenas um gaucho por aiJul 1, 2023
@kworker
(probably repeating myself)
Yeah the online surefire way to do it is to actually have an organization building this infrastructure with paid professional and all of that.
But again this cost money and you canΒ΄t really expect that from a team mainly formed of volunteers and without significant money/organizational weight behind it.
I hope they have some safeties protocol because this is an overtly anarchist instance so repression can happen at any moment but still it is mainly kept by volunteers and as a volunteer there is only so much you can do.
This instance is also one of the bigger anarchist instance in mastodon, so if they cant do because they lack funds, smaller or simular instances also cant.
There is a limit of how safe you can be in this site when you depend on a team that consists mostly of volunteers.