this post was submitted on 05 Feb 2025
67 points (88.5% liked)

Fediverse

29615 readers
667 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
67
Changes to Lemmy/PieFed to adjust to living under fascism (piefed.social)
submitted 15 hours ago by rimu@piefed.social to c/fediverse@lemmy.world
42 comments fedilink hide all child comments
 

What do we need to change about how we operate, now that the political environment is darkening?

The overall goals would be to safeguard user identities, ensure communication privacy, and protect against censorship and state surveillance.

User Anonymity and Privacy

  • End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
  • Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
  • Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.

Data Storage

  • Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
  • Ephemeral content: auto-deleting posts, messages, etc after a set period.
  • Instance chooser that flags which instances are in unsafe countries.
  • Defederate from instances in unsafe countries?

Communities

  • Private communities - currently all are public
  • Communities where every post is encrypted
  • Approval process to join some communities
  • Better opsec around instance owners, admins and moderators

What else?

top 42 comments
sorted by: hot top controversial new old
[–] rglullis@communick.news 22 points 8 hours ago (5 children)

No. Federation is the wrong decentralization model for anyone worried about malicious state actors. Just like email encryption, it doesn't matter how secure you/your server is, you still need to rely on the weakest link on the chain and that is simply unacceptable.

If you want to have secure social media, we need to move away from Federation and we will have to build a fully distributed network where data only lives at the edge nodes and participants can only communicate after exchanging their own personal keys.

Anything else is just infosec cosplaying.

[–] Kichae@lemmy.ca 13 points 7 hours ago (1 children)

Yup. Really don't get the constant drumming of "I want to use someone else's website or server while pretending it's a secure platform". Peer-to-peer coms have been around for literal generations now. If you actually care about privacy, e2ee p2p is what you do.

Security runs opposite to convenience.

[–] rglullis@communick.news 5 points 4 hours ago

This is also why I get so pissed about the Fediverse "don't scrape me bro" crybabies and their whole talk about "consent-based following".

Malicious actors do not ask for consent. Malicious actors know how to bypass authorized fetch. Malicious actors will have absolute no qualms creating accounts on the same server as you just to be able to follow you. You can even argue that malicious actors will even build an instance that you find super appealing in order to be able to collect your communication.

It doesn't matter how you feel you are entitled to a "safe space", if you are talking in public. People might ignore you, but they are never go around with their ears covered just because you are asking them to.

[–] recklessengagement@lemmy.world 2 points 6 hours ago

Yep. And besides, the only people actually taking significant risk here are the instance hosters storing the content.

[–] poVoq@slrpnk.net 2 points 6 hours ago (1 children)

I think this is a fallacy, and anyone that is old enough to remember the popular days of Bittorrent will have stories to tell.

Yes, in theory p2p models can be more secure if you really know what you are doing.

But in reality the users' end devices are often the weakest link and most people have bad opsec. A server operator has often a much better idea what they are doing and systems like Tor or xmpp that allow servers to protect their users by not sharing all the metadata with every participant are safer for the majority of users.

[–] rglullis@communick.news 1 points 4 hours ago (1 children)

You don't need to go full p2p. You can still have servers and you can still have operators who work to prevent issues at the edges, but the servers need to be only blind communication relays and routers.

[–] poVoq@slrpnk.net 1 points 4 hours ago (1 children)

There is no such thing as a blind relay. There will always be meta-data accumulation at such points in the network.

It is possible to try to minimize the meta-data accumulation and obfuscate it further and there are certainly some interesting theorectical concepts for that in systems like SimpleX, Nostr etc. but in the end most of these are just giving a false sense of security.

In addition many of these systems engage in what I call "trust-washing", i.e. them proudly proclaming: "there is no need to trust us, bro!" When in reality there are multiple points of failure in their pretend to be trustless system that they just chose to ignore or try to distract you from.

And when it comes to the real-world, tried and battle tested system like Tor are where I would put my safety, not some brand new crypto-bro dondogle that is funded by venture capital investors (like SimpleX).

[–] rglullis@communick.news 1 points 3 hours ago

Even with Tor you also have to trust the exit nodes. So, yes, I agree you will still need to trust someone, but we can control/design to have less things depending on this trust.

Specifically with ActivityPub, everything is designed around the idea that the server owns it all. It doesn't have to be all-or-nothing.

[–] artificialfish@programming.dev 1 points 7 hours ago

Secure Scuttlebutt is the way

[–] iopq@lemmy.world 0 points 8 hours ago (1 children)

So you're saying we should use Nostr

[–] rglullis@communick.news 2 points 7 hours ago (1 children)

No. Nostr is even worse because it ties your identity to your encryption keys.

[–] iopq@lemmy.world 1 points 6 hours ago (1 children)

How is that worse? You can always prove that you are the same person by encrypting a message with the same key. There is no way for me to prove whether my Instagram account is really me

[–] rglullis@communick.news 1 points 4 hours ago

The problem is the inverse. There are times where you don't want to be connected to any message.

Nostr is being developed by stupid bitcoiners, and it suffers from the same stupid mistakes as BTC. Pseudonymous transactions is not enough for a payment network. Just like pseudonymous messaging is not enough for secure communication.

[–] poVoq@slrpnk.net 8 points 6 hours ago

Ugh, the comments here...

I think these are some good ideas, but e2ee in a browser that depends on server supplied javascript will never be really safe.

I think you would be better off making a nice XMPP integration so that people can use existing native apps with good e2ee for their private messages.

Otherwise the ideas are sensible and worth a shot, looking forward to what you come up with in Piefed 😊

[–] OpenStars@piefed.social 7 points 7 hours ago

OUR NEW AUTHORITARIAN OVERLORDS ARE PERFECT IN EVERY WAY

[–] artificialfish@programming.dev 5 points 7 hours ago

So something I want to point out: plain text encryption exists. Cyphers and the like. You could have your instance use all the standard stuff but with a really hard cypher, and it would work everywhere. Then you just need a front end to read it… but then the cops could read it… oh public encryption makes no sense.

[–] hendrik@palaver.p3x.de 9 points 10 hours ago* (last edited 9 hours ago)

  • A lock or panick button that immediately wipes everything and makes the logs unusable

  • Easy support for canaries and transparency from the admins, like on Peertube where you're incentivised to write something about your newly installed instance, where it's located etc

  • Maybe take inspiration from European GDPR, assess which information can be used for what, make it transparent to the user what gets stored where and why... Somewhat assisted by the software ao not every admin has to figure that out on their own.

  • secure DMs

Btw, nice atmosphere here /s I don't think the general Lemmy audience is very receptive to change. I mean sure, this contradicts with a few fundamentals within how this place is designed. But I think we should make an effort. If I remember correctly, social media played an important role in recent (peaceful) protests and opposition. Like the Arab Spring. And nowadays the big social media platforms are bootlickers and likely to cooperate with the problematic administration. So it's down to the Fediverse if we want to address a general audience. I don't think a complex peer-to-peer solution, maybe backed by onion routing and elaborate encrytion is going to be appealing to the masses. It'd be the correct tool for proper confident conversation. But likely not the tool that connects the millions of regular people.

And I'd aegue "defederate from instances in unsafe countries" doesn't work. We have to treat every one as unsafe and not federate private information in the first place. All other optiins are just error-prone and likely easy to circumvent.

[–] Emmie@lemm.ee 2 points 7 hours ago* (last edited 6 hours ago)

Wait I thought we use disposable emails. Is there some rule against it oops. And which instance wants a phone number?

The way I see it there are 5 ingredients: VPN, disposable email, doxx aware usage, no phone numbers, random browser fingerprint.

Then from the Lemmy side that’s pretty private. all depends on your vpn and email providers. Choose no logs services from the countries that don’t have relations with the country you are in.

I imagine some Lemmy instances also could have logging off in the countries where it isn’t necessary by law to store such things.

I guess there are those kinda timing attacks that check ISP logs against some user web activity but are they really realiable? In which case though you could have a mode that would make a comment/post after a random delay.

[–] Pamasich@kbin.earth 4 points 9 hours ago

I know you're a Piefed developer, so you probably know what's possible and what's not better than me. But honestly, the encryption part makes me think you probably want a new protocol designed with that in mind from the start. In my opinion, it's too destructive for compatibility with other ActivityPub software and instances running older versions of them especially.

Combating spam despite the simplified account creation will probably require the implementation of something like Reddit's karma system. Which isn't a very popular idea I think.

Regarding the ephemeral content.... please don't. It might sound cool on paper, but it just adds FOMO. We shouldn't promote doomscrolling and brainrot with the addition of features which require you to quickly scroll through shit to not miss out on posts that disappear after a timer has passed.

[–] Max_P@lemmy.max-p.me 26 points 14 hours ago (3 children)

You probably want something like Aether instead of the fediverse: https://getaether.net/

It's peer to peer, encrypted, anonymous, ephemeral and all that.

[–] rglullis@communick.news 4 points 8 hours ago

And pretty much dead, I was following this project but they stopped development in 2020.

[–] maegul@lemmy.ml 2 points 11 hours ago (1 children)

That is interesting! Thanks for the tip!

Also, it’s their icon a community reference?

[–] Max_P@lemmy.max-p.me 2 points 11 hours ago

No idea, never used it, I just happen to know it exists.

[–] amino@lemmy.blahaj.zone 2 points 13 hours ago

thanks for the rec

[–] Max_P@lemmy.max-p.me 22 points 14 hours ago* (last edited 14 hours ago) (1 children)

The fediverse is plainly just not appropriate for this. The ActivityPub makes too many assumptions that the data is fully public.

End-to-end encryption: Encrypt all user communications, private messages, and sensitive data

That could work probably, it's a lot of work and will break interoperability but could be done. You'd still have to vet your users very well though, which might contradict the next point. It takes one user to leak everything.

Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?

There's a fair amount of instances already that will let you sign up with a disposable email

Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.

A fair chunk of instances already allow VPN/Tor traffic. The bigger ones don't because of spam and CSAM and all that crap, but even Reddit is fully functional over a VPN.

Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.

That'd be very hard to enforce, and the instance owners have to do some collection for the sake of being able to handle lawsuits and pass the blame. But you can protect yourself using a VPN or Tor.

Ephemeral content: auto-deleting posts, messages, etc after a set period.

As an admin, I can literally just restore last month's backup and undelete everything that got deleted. If someone's seen it, you must assume it can at minimum have been screenshot.

Instance chooser that flags which instances are in unsafe countries.

Anyone can get a VPS in just about any country, so you'd have to personally verify the owner which is PII and probably one of the most vulnerable part of the group. You take down the owner you take down the whole thing.

Once again however users have plenty of choices already for that, if you trust your instance's admins.

Defederate from instances in unsafe countries?

Same as previous point. Plus, one can still use the API to fetch the content anyway.

Better opsec around instance owners, admins and moderators

Also pretty hard to enforce.

[–] iopq@lemmy.world 2 points 8 hours ago

Reddit blocks VPNs unless you're already logged on

[–] souperk@reddthat.com 15 points 13 hours ago

Lemmy is a public forum, if you want to communicate privately exchange matrix handles and communicate there.

[–] Ulrich@feddit.org 13 points 14 hours ago

Lemmy is simply not the place for that sort of communication.

My recommendation would be SimpleX.

[–] solrize@lemmy.world 10 points 15 hours ago (4 children)

Right, like the other person says, Lemmy fundamentally doesn't work like that. IDK what Piefed is. Ironically, in a sense, 4chan was ahead of us by decades.

[–] coldsideofyourpillow@lemmy.cafe 11 points 14 hours ago (1 children)

piefed is Lemmy, but with 🥧

[–] SouthEndSunset@lemm.ee 2 points 8 hours ago

But do users get fed?

[–] Cris_Color@lemmy.world 10 points 14 hours ago

Piefed is another fediverse link aggregator project, like lemmy and kbin

https://piefed.social/

You'll periodically see piefed accounts if you pay attention to user instances here :)

[–] PhilipTheBucket@ponder.cat 7 points 15 hours ago

After a brief period of lawlessness, 4chan became a big gluey honeypot on behalf of every big law enforcement agency in the country. You’d have been a lot better off posting your drug offers and revenge porn in a Yahoo Chess chat room.

You’re not completely wrong, though. The idea of thinking through some basic measures like Tor-friendliness and anonymous signups (as if requiring an email address does a microgram’s worth of good to prevent abusive users from signing up) sounds okay, but grafting real OPSEC against the government onto these federated platforms at this stage sounds nigh-impossible to do in any reliable fashion.

[–] Lost_My_Mind@lemmy.world 3 points 15 hours ago

I've been on Lemmy since May. I've never been on 4Chan, but I've heard stories of who 4Chan users are, and what their posts are.

God, I HOPE they aren't way ahead of us.....

[–] burgersc12@mander.xyz 10 points 15 hours ago

Lol. Just make a new software at this point, because what you describe is not Lemmy and never will be.

[–] Lost_My_Mind@lemmy.world 6 points 14 hours ago (2 children)

looks left

.....

looks right

.........

Hellooooo? Fascists? Are you on Lemmy?

looks around

Yeah, I don't think I'm on the right part of Lemmy where fascists are engaging. Not that I'm complaining. It just feels like you're living in an igloo complaining that a cactus might grow.

[–] PhilipTheBucket@ponder.cat 10 points 14 hours ago

I think it's extremely likely that the Trump DOJ will start looking over all internet activity to try to find evidence of terroristic and/or leftist activity, and charging people with crimes for same. The fact that Lemmy is a niche platform probably won't make much difference.

[–] tofuwabohu@slrpnk.net 4 points 14 hours ago

It's not about fascists on the platform but living in a fascist country where posting on a left leaning platform is already suspicious.

[–] Cris_Color@lemmy.world 4 points 14 hours ago (1 children)

I think encryption at rest for account data should be a thing, but there are better ways to communicate and organize if that's what you're trying to do

I think the biggest thing would just be making sure that it's not easy for the government to get user data. So making signups without personally identifiable info would potentially be worthwhile, so that info can't just be subpoenaed to identify users irl

[–] Docus@lemmy.world 2 points 6 hours ago (1 children)

Glossing over the fact that DOJ can’t subpoena instances like world as they are outside the US (but, like world, may be subject to EU GDPR) having an account without PII if your IP address is all over the servers isn’t going to save you.

[–] Cris_Color@lemmy.world 2 points 4 hours ago* (last edited 4 hours ago)

You're right, that's very true.

Like I said, I don't think it's really what a platform like lemmy is for

[–] zecg@lemmy.world -4 points 13 hours ago

Imagine pasting this LLM bullshit unabashedly as if it's something people should sagely nod through recognizing how necessary it is to turn this poor man's reddit into NSA internal messaging forum. "Better opsec around instance owners", did you even read that before pasting? Who are you writing that for, instance owners' handlers?