cross-posted from: https://lemmy.ml/post/1874605
A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.
I’m almost certain that if something like this happened to any fediverse instance - that a local police enforcement would contact the admin and asked for user’s data, which they are required by law to provide or they would go to jail/get a hefty fine and possibly a criminal record, they would do that too. That’s also why E2E is required, to prevent such problems for instance admins - but then again, there’s really nothing you can do against local law, and if it requires that you have to be able to cooperate, well… Then there’s not much the admin can do, without putting himself in a real risk of prosecution, because he is breaking the law by have E2E.
That’s also a good reason to be careful when selecting your home instance, and making sure that you choose one in a country that has all right laws in that regard.
Of course, that’s assuming the police makes contact. I don’t suppose that the admins would be searching through the DMs of people to snitch on them. And if Meta is doing that preemtively and is actively snitching on people - that’s downright evil.
the fediverse is not meant to be private…
EDIT: I though you are replying to the comment about just hosting single-user instances, and assumed that you meant that if everyone had their own single use private instances, it would be against the fediverse idea. Sorry about that.
I wouldn’t say that’s making the fediverse private - it’s only making my personal account and data about what I visit private. That’s what the ActivityPub protocol is for, and the more I think about it, the more I hope that some kind of app would show up - one that would be designed to just act as a personal front-end for the Fediverse, which would allow you to interact as a user from your instance with others, but also one that would keep all of your data, which are currently at mercy of your instance admins, at your personal instance.
Of course, you still need people to host instances that are actually made for communities and content, and that’s what Lemmy or Mastodon is designed for - but I’d like to see a Fediverse app that isn’t made for hosting content, but only for letting you interact with other instances. There’s no drawback - quite the contrary, instance admins don’t have to deal with and take care of my private data, because my instance is handling all of that, while I still will be providing content for their instance. I think that definitely fits into the idea of what Fediverse should be.
The only thing I’m not sure about yet is if it’s possible - if I create a Post on an instance that’s not my home, who is hosting the data? Do I only send ActivityPub Create Post with the data and the instance then saves it, or do I create the post on my own instance, send an ID, and if someone requests the Post data on the instance I posted to, it will be requested from mine? Because if it’s the first one, then such a client that only implements DMs, your own user account, and a frontend for showing posts on other instances would be doable. And definitely something important, because it solves the biggest privacy issues of Lemmy right now. I see no drawback in that - the only data I would not be in control of are the ones I post to other instances, but that’s ok. And even if you would be the one hosting it, all it means is that it would be a little bit harder do host it yourself.
Also, if I understand the ActivityPub right, if you’re ok with not getting notifications or DMs, your personal instance wouldn’t even need to be online at all times, since you only request data about communities and posts when you are browsing. But this would depend on whether the content and comments are hosted at your instance, or at the instance you are commenting or posting to.
I really like this idea. And from what I’ve seen of the ActivityPub protocol, it should even be that hard, aside from the UI.
Generally, choose any instance hosted in European Union and you should be good to go.
I hear what you’re saying. We have to take to the sea. We should all pitch in and make a mega instance that floats on international waters.
Why one? Let’s make several instances that float in international waters!!
E2E is technically illegal for any interstate communications in the USA, since refusal to comply with a wiretap order will put you in jail for contempt, regardless of whether the medium allows for interception or not.
How do communication apps get away with E2E in the US then? Is there a backdoor that allow for companies to comply or does law enforcement seek alternative means of obtaining the information?
There aren’t any US based e2e messaging or voice services as far as I know.
deleted by creator
Single user instance locally hosted, is the only way forward
The federation API isn’t using E2E either. It makes no difference if you use your mobile client to contact the mobile API or if you’re hosting your own instance to use the federation API in safety regards. You should always be aware that every message / post / image you publish (even in a closed group) in the internet could be traced back to you and with enough afford be available to anybody with the right skills.
Only end to end encryption can help you there - this is the way.
Is it even possible to implement E2E in the context of ActivtyPub? I mean, as far as I know, the federation doesn’t specify what content you send, only activities, groups and object definitions. There’s nothing stopping you from making the actual data E2E encrypted, altough making it so would be a hard problem.
On the other hand… As I’ve mused about in the other comments, it should be possible to create a fediverse app that serves as a self-hosted front-end for interacting with different fediverse apps. All of your personal data would live on it, and you are in full control. Which would also allow for a safe implementation of E2E, because you just publish your public key, and know that since the app is under your control, noone can get to it. However, this would mean that the other users whould have to use the same standart.
I actually really like that idea. If we can separate users from servers with content, so Lemmy instances would only host posts and comments, but DMs would be handled by the private user instances, it would make Fediverse a lot more private.
The only question standing in the way is - who hosts the content of the posts I make? If my home is programming.dev, and I post to lemmy.ml, do I send the post data through ActivityPub to Lemmy to host, or do I host in on programming.dev, and Lemmy.ml just gets the ID of the post? If it’s first one, making the self-hosted user frontend will be easy, since all you need is a few API calls to make posts, and the only storage you need is for DMs and your account details (which may actually static, so a faked webpage returning your data may suffice). If it’s the latter, then it will be a lot more difficult to easily self-host.
There is also the question of trust: The best solution should be an infrastructure that is due to E2E not able to read the messages it processes. The problem with this setup is, that you want to communicate publicly and you never know, who is part of your communication. I would advice to use signal or matrix if you need E2E. If not, use either Tor to proxy lemmy and try to stay anonymous or be aware, that your messages are not (which is always the best approach in my opinion).
Yes however they can’t get your phone without nearly as easily as a third party’s data
Hmm, that actually sounds like a great idea. Does it actually need to be reachable from the outside, if you don’t want to host any of your own communities on it? Or will it be enough for the instance to just pool data? Apart from no-one being able to contact you via DM, that is.
I’ll look into it, having my own home instance actually sounds pretty easy and it may work.
Actually - wouldn’t it even be possible to build a browser extension for that? One that just simulates ActivityPub calls, and you just browse on someone else’s instance without logging in while still allowing you to comment or vote on your behalf?
EDIT: I’ve posted some more thoughs about it to another comment, which I assumed was a reply to this one. The more I think about it, the more I really like the idea of a self-hosted front-end for Fediverse apps that doesn’t host communities, but only user interactions and allows you to interact with other apps and instances.
I think a cell phone is more than enough for one user, probably 100 users would still be fine. With a store and forward proxy even the momentary disconnections would cause missed messages nor notification
Most important is, a content discovery and sorting now lives on your device
An extension would be cool! I’m currently trying to do something similar, in some sense; I’ve patched my instance to filter out DB results from public queries so that only my posts and comments are visible (unless I am logged in).
I believe it might be possible, but I’m not sure. It seems that the protocol itself is mostly geared for synchronizing data and distributing updates. From my limited understanding, servers follow users or communities on other servers, which inform those servers that updates should be sent to the requesting inbox. These updates are then used to build up a local copy of the remote page. In the case of a remote community, users interact with their local copy and notify the remote community of those changes.
For example, I am viewing a local copy of this post that I received from lemmy.ml, and my reply to your comment will be stored locally. My server will notify lemmy.ml of this comment (including its contents), and lemmy.ml will notify my inbox if anyone interacts with it (because I am a follower).
It seems that at least some of this syncing might not be necessary… a lightweight frontend could rely on the API of each site it connects with to build up the activities it sends. However, this would probably cause some unnecessary traffic, as such a follower would both receive updates and query the API. Also it would probably break some things, such as
ap_id
(see the multicolored fedilink icon, which points the original copy of the content on my instance).Is this practical? How technically difficult is it? What are the hardware requirements?
Any potato that can run a docker container. I’d say for 1 user that’s going to be under 1gb ram and 1 vcpu
I honestly think the trick for E2EE is to just collect so little, that even by complying, you can’t give them very much. That trick has worked really well for Signal in the past.
PSA: I’m neither American nor a lawyer, but AFAIK, US law forbids the indiscriminate investigation of foreign individuals to prosecute US citizens, so having your account in a foreign instance is one more layer of protection.
Have you heard of the CLOUD act?