Deborah PickettMar 22

So with the revelation that the owner of a big Fedi server is a target of a lawsuit, and that if things go badly the server may find itself seized—

I realize that that users on that instance follow users on my instance, so there are going to be semiprivate posts of mine that may fall into the hands of people—law enforcement, data brokers—who are not beholden to any Fedi Admin Code of Honour.

(I already do not post about my crimes on Fedi, if I were the kind to do crimes.)

Server seizure is just not a part of the ActivityPub threat model. What if it was? How would it change the protocol to protect data at rest, or perhaps not even keep it at rest on a server but defer to the originating server?

End-to-end encryption [user-to-user, not server-to-server] could be part of the answer, but it need not be the whole answer.

I welcome considered thoughts, so any response I see within an hour of my posting this will be ignored.

Show threadJonMar 22
@futzle encryption at rest (even without E2EE) could provide some mitigation … for example when the FBI seized a copy of kolekitva’s database back in 2023, people in general seemed to think that the fact that the fact that the admin had unencrypted it to do some maintenance work made the situation worse than it would have been otherwise. Of course if the admin of the instance has the decryption keys they can be forced to reveal them (or could do so with poor opsec) so it’s certainly less protection than E2EE but assuming good opsec could be helpful in cases like the current one.
Show threadDeborah PickettMar 22
@jdp23 Agree, it does only work in certain jurisdictions (and mine is not one of them: they’ll just lock me up until I provide the keys).
Show threadJon
@futzle yeah in general if law enforcement has specific grounds to seize the server they’ll probably be able to compel disclosure if any keys the admin has access to. The kolektiva situation was kind of weird, as I understand it they weren’t particularly going after the DB (they were going after the admin for something unrelated) so not sure how that would have played out.
Mar 22 at 4:07amWeb