Paris is burning again. And so it Marseille, Lyon and... loads of other places. This is the result of police murdering 17 year old Nahel M in the Paris suburb of Nanterre, and then, as usual, lying about what happened. The murder is just the latest in a long row of recent as well as historical events within France's racist and colonial tradition of exploitation, marginalization and violence directed towards people who have their roots in France's old colonial sphere. Few events exemplify this horrific tradition as strongly as the Paris massacre of 1961, when up to 300 Algerian protestors were killed by the cops.

But this issue also goes deeper. When the workers are constantly exploited for the benefit of a small political end economic elite, when we're manipulated by arrogant and corrupt politicians, when we see no hope, future or place in the society they force us to endure, when we live through climate disasters caused by the rapacious capitalist exploitation of our planet and are repeatedly faced with violence from the state when we raise our voices and take action - why would we have any loyalty at all with the system that is killing us and undermining our very conditions of existance?

The rebels in France are leading the way by burning down the system that daily tramples them, exploits them and murders them. Police stations and luxury cars are on fire, and so are banks. Barricades are erected, cops are being attacked, and the stores, where commodities that we cannot afford are mocking us from the selves, are now breached using stolen luxury cars. Great! Full solidarity with those that have had enough and are showing it in the streets!

However, in order for the riots to go beyond being just a spark that is eventually put out by the violence of the state, it has to not only spread geographically, but also socially. They have to link up with resistance against neoliberal austerity, against the pension reforms, and with the slumbering working class organization in the workplaces where our salaries are increasingly eroded while the rich are laughing at us and drowning in profits. The riots need to engulf schools and universities, in our neighborhoods where people are evicted and forced to live in squalid environments while the landlords make profits and gentrify.

Only then can the riot turn from a flickering promise to a burning revolutionary situation that really threatens the power and position of the capitalist elites and state bureaucrats. Let's do what we can to stimulate and encourage this development, while at the same time remembering that the same system is keeping us in chains wherever we are at, be it in Sweden or someplace else, and that we also need to organize resistance and build alternatives where we are, in the ways available to us. 🔥 🏴 🖤

#france #riots #acab #racism #colonialism #revolution

Everyone has opinions so I guess I do too now.

tl;dr: this really sucks but I'm not freaking out. Update passwords/2fa codes, use Tor/a VPN/the kolektiva hidden service (❤️), use fresh email accounts.

Having an unencrypted copy of a database backup locally is a bad screwup. Others have pointed out that it would've been better to have a staging/dev environment in the same hosting infrastructure so that debugging can be done without putting database copies anywhere more exposed than they already are. Hopefully that is one of the internal changes kolektiva admins make to tighten things up.

Aside from that, I think people are dealing with the shock of both feeling let down by a friendly project, and maybe having some illusions about mastodon shattered.

I haven't run an instance or dug through the code, but my understanding is that Mastodon focuses on federated social media, not secure or private social media. Last I checked there isn't any encryption of messages, and DMs are implemented more like hidden-by-default multi-person threads than a 1-on-1 conversation. In the typical use case toots are public and viewable by anyone, including a bot just scraping the web interface.

Information like IP addresses, email addresses and obviously hashed passwords should always stay private and it really sucks that cops have it now. But as far as I know it isn't public, or being traded on some darknet forum. Cops unintentionally got valuable data they weren't looking for. They don't have anything they couldn't have requested via subpoena, and I wouldn't personally expect kolektiva admins to go to jail rather than comply (although that would be incredibly fucking cool of them).

Also, I personally think people may overrate the security of collective services like this in comparison with corporate services, but I don't have solid experience in either so 🤷.

At the risk of coming off victim-blamey with advice too little too late, this all can be mitigated, and these are things someone should already be doing if they want to protect the anonymity of a mastodon account:
- IP address: VPN/Tor has always worked in my experience to use kolektiva. They even set up a Tor hidden service a while back (maybe before the breach? Not sure. But hugely appreciated!!)
- email: protonmail, or other email provider, can be used for a fresh email account unassociated with anything else to use for the kolektiva account.
- password: a password manager lets you easily use a unique password that isn't reused with something else, and that's strong enough to be unlikely to be cracked any time soon. You can likely change the password before it's cracked.

If mishandling user data like this totally destroys your trust in kolektiva admins and you want to change instances, that's fine! We're better off with more instances at least so no single admin screwup has a catastrophic impact. But also this is still the "publish things on the Internet" software. It's for communicating openly with strangers, not necessarily securely communicating with people you know.

Finally, here's hoping for a speedy release (if necessary) & dropping of any charges for the raided admin.

Kit de boas vindas pra quem está chegando ao Mastodon 🤗

Aqui é diferente, mas parecido com o que você ja conhecia. Esses links vão te ajudar:

1️⃣ Minha thread de dicas pro 🐘: https://social.br-linux.org/@augustocc/109937984949287336

2️⃣ Minha thread apresentando o 🐘 pra quem conhece bem o Twitter: https://social.br-linux.org/@augustocc/110238312018508428

3️⃣ Pra seguir gente legal e não ficar com a timeline vazia: https://mastodon.br-linux.org/falantes/

4️⃣ Pra escolher uma boa instância de brasileiros: https://mastodon.br-linux.org/instancias/

💥 Temos mais dicas em https://boasvindas.io !

🚨 Kolektiva.social SECURITY ALERT 🚨

This is an alert for Kolektiva.social users. Please read this post in its entirety!

In mid-May 2023, the home of one of Kolektiva.social's admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest.

Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an *unencrypted* state when the raid occurred and it was seized, along with everything else.

The database is the heart of a Mastodon server. A database copy such as the one seized may include any of the following user data, in this case up to date as of early May 2023:

- User account information like the e-mail address associated with your account, your followers and follows, etc.
- All your posts: public, unlisted, followers-only, *and direct ("DMs")*.
- Possibly IP addresses associated with your account - IP addresses on Kolektiva.social are logged for 3 days and then deleted, so IP addresses from any logins in the 3 days prior to the database backup date would be included.
- A hashed ("encrypted") version of your password.

🚨 👉 As a precaution we highly recommend that all users on Kolektiva.social *change their password immediately* to a new, unique, and strong password.

We sincerely apologize to all our users and regret this breach. In hindsight, it was obviously a mistake to leave a copy of the database in an unencrypted state. Unfortunately, what would otherwise have been a small mistake happened to coincide with a raid, due to bad luck and spectacularly bad timing.

We understand that our users and other people on the Fediverse will have a lot of questions. We will try to answer them as best we can, but please be patient and bear in mind that we may be overwhelmed with messages, and may be delayed in responding or unable to provide answers to certain questions for legal or technical reasons. As a security culture reminder, it can be extremely harmful to the individuals charged and to our community to openly speculate on the Internet about alleged criminal activity or about what law enforcement may be able to do with seized data. Our present awareness is that the seized Kolektiva data is unrelated to the federal investigation and prosecution and we are exploring legal avenues to have the seized data returned and copies destroyed.

Thank you for your understanding and solidarity  

👇 Please see our replies to this post for additional information (1/?) 👇