You must log in or # to comment.
TLDR
He was raided for unrelated reasons to his mastodon server, the police have a seize it all policy.
There is talk about changing policy to exclude things like servers and similar devices that are not related to the initial reason for the search. There doesn’t seem to currently be laws or rules about what police can or can’t do with data.
That’s the whole article basically
Good TLDR
I would also add:
Data gathered from the raid can be used to investigate and prosecute crimes unrelated to the original seizure.
Mastodon does not currently encrypt direct messages.
That’s because Mastodon doesn’t have direct messages. It is not a chat platform. You can bend the privacy settings to publish posts similarly to DMs, but no one should use it as such.
Poor data management practices on the part of this admin.
It seems like yes, but also:
To make matters worse, it appears that the admin targeted in the raid was in the middle of maintenance work which left would-be-encrypted material on the server available in unencrypted form at the time of seizure.
What type of maintenance work leaves the drive unencrypted?
The drive wasn’t encrypted, a not-encrypted database dump was on the laptop when the raid happened. It might have had to do with gearing up for the Mastodon update that caused us a lot of grief across Fedi a couple of weeks back. Or it could have been database server debugging; the timing was incredibly bad.
But if the drive wasn’t encrypted, how is it “would be encrypted material”?
I’m surprised that people are hosting Mastodon servers without full disk encryption given the overhead isn’t significant plus the fact that people have private messages in the DB.
And people say what instance you choose doesn’t matter. Wild that the choice often seems to be between giving your info to mega corps or trusting a random person who’s servers could be raided at any moment for entirely unrelated reasons.
Given what we’ve learned about illegal and secret government surveillance from whistleblowers like Edward Snowden, I wouldn’t trust a megacorp any more than “a random person”.
The government already has the keys to all the megacorps’ kingdoms. The only possible way to protect your data is to make sure it uses client-side encryption, and that those encryption keys never under any circumstances travel over the internet.
You should assume that any information you give to ANY site is readily available to all major world governments.
Keep your private messages on end-to-end encrypted platforms like Signal or Matrix. Consider everything else public.
or trusting a random person who’s servers could be raided at any moment for entirely unrelated reasons.
IMO the end goal of a decentralized network should be to have a large number of small servers. Any raid/takedown should only affect a small subset of users.
Right but the instance I’m on could get taken over by an asshole, and get defederated by, or defederates from, my favourite subs. Then I’ve got to abandon that account and start a whole new one, same as I did leaving Reddit. I’m really not sold on this model until I can transfer my account somehow.
