Fediverse

29615 readers

1424 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago

MODERATORS

ruud@lemmy.world

Xylinna@lemmy.world

MrCenny@lemmy.world

TragicNotCute@lemmy.world

automodbeta@lemmy.world

woelkchen@lemmy.world

Changes to Lemmy/PieFed to adjust to living under fascism (piefed.social)

submitted 14 hours ago by rimu@piefed.social to c/fediverse@lemmy.world

43 comments fedilink hide all child comments

What do we need to change about how we operate, now that the political environment is darkening?

The overall goals would be to safeguard user identities, ensure communication privacy, and protect against censorship and state surveillance.

User Anonymity and Privacy

End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.

Data Storage

Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
Ephemeral content: auto-deleting posts, messages, etc after a set period.
Instance chooser that flags which instances are in unsafe countries.
Defederate from instances in unsafe countries?

Communities

Private communities - currently all are public
Communities where every post is encrypted
Approval process to join some communities
Better opsec around instance owners, admins and moderators

What else?

you are viewing a single comment's thread
view the rest of the comments

[–] Max_P@lemmy.max-p.me 30 points 13 hours ago* (last edited 13 hours ago) (1 children)

The fediverse is plainly just not appropriate for this. The ActivityPub makes too many assumptions that the data is fully public.

End-to-end encryption: Encrypt all user communications, private messages, and sensitive data

That could work probably, it's a lot of work and will break interoperability but could be done. You'd still have to vet your users very well though, which might contradict the next point. It takes one user to leak everything.

Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?

There's a fair amount of instances already that will let you sign up with a disposable email

Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.

A fair chunk of instances already allow VPN/Tor traffic. The bigger ones don't because of spam and CSAM and all that crap, but even Reddit is fully functional over a VPN.

Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.

That'd be very hard to enforce, and the instance owners have to do some collection for the sake of being able to handle lawsuits and pass the blame. But you can protect yourself using a VPN or Tor.

Ephemeral content: auto-deleting posts, messages, etc after a set period.

As an admin, I can literally just restore last month's backup and undelete everything that got deleted. If someone's seen it, you must assume it can at minimum have been screenshot.

Instance chooser that flags which instances are in unsafe countries.

Anyone can get a VPS in just about any country, so you'd have to personally verify the owner which is PII and probably one of the most vulnerable part of the group. You take down the owner you take down the whole thing.

Once again however users have plenty of choices already for that, if you trust your instance's admins.

Defederate from instances in unsafe countries?

Same as previous point. Plus, one can still use the API to fetch the content anyway.

Better opsec around instance owners, admins and moderators

Also pretty hard to enforce.

[–] iopq@lemmy.world 2 points 7 hours ago

Reddit blocks VPNs unless you're already logged on