The FBI's seizure of a Mastodon server copy is a wakeup call to users of the decentralized social network, according to the Electronic Frontier Foundation.
Usually, the feds will subpoena a tech company to obtain data on social media users. But in the case of Mastodon—a decentralized social network—the FBI can apparently straight up seize an entire server copy containing thousands of users' data
The Electronic Frontier Foundation (EFF) is warning(Opens in a new window) about the potential threat after the FBI seized a Mastodon server backup belonging to an "anarchist/anti-colonial" group called Kolektiva.
The seizure(Opens in a new window) occurred in May, but went largely unreported. The FBI raided a home belonging to a Kolektiva admin as part of an investigation into a local protest, the group said about six weeks after the incident.
During the raid, the FBI seized a server copy for Kolektiva’s Mastodon instance, which currently has over 8,000 active users. The database contained user account information, including email addresses, possible IP addresses associated with user accounts, and hashed user passwords. In addition, the FBI acquired a copy of the Kolektiva.social(Opens in a new window) database in an unencrypted state since the raid happened while the admin was troubleshooting an issue.
(Credit: Getty Images)
The EFF says this shows the FBI can sweep up data on numerous people while investigating a single case when it comes to Mastodon. The decentralized social network isn’t controlled by a large corporation out to monetize your data. Instead, anyone can launch a Mastodon server in their home and connect it to others to create a federated social network.
But the same decentralized nature makes it easier for the feds to swoop in. The EFF adds: "Many fediverse instances, such as Kolektiva, are focused on serving marginalized communities who are disproportionately targeted by law enforcement… Yet this raid put the thousands of users this instance served into a terrible situation.”
The EFF is now urging both users and Mastodon server operators to take precautions to counter potential FBI seizures. “This story should also be a wake-up call for the thousands of hosts in the growing decentralized web: you have to have your users’ backs too,” the group says.
The FBI didn’t immediately respond to a request for comment. So it’s unclear if the agency is taking any measures to avoid sifting through user data that's separate from its investigation. In the meantime, the EFF recommends that Mastodon server operators collect as little data as possible.
Mastodon users should also carefully scrutinize the servers they join, and urge the operators to uphold strong privacy safeguards.
“Making these commitments binding in the terms of service is not only a good idea, it can help the host fight back against overbroad law enforcement requests and can support later motions by defendants to exclude the evidence,” the EFF adds.
Meanwhile, Eugen Rochko, the founder of Mastodon, pointed out: "The FBI performed a raid on one of the admins of kolektiva.social for unrelated charges, and that admin had a backup of the kolektiva.social database on one of their digital devices at home (not a recommended practice, for what it's worth). That Mastodon server is still up. Of course the FBI can take down a Mastodon server in their jurisdiction though, just like they can do with any other website. There's nothing special about Mastodon in that regard, just that taking down one server doesn't affect the rest of the network."
- Karlston
-
1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.