Jump to content
  • Watch Out, Fediverse Users: The FBI Can Seize a Mastodon Server

    aum

    • 474 views
    • 4 minutes
     Share


    • 474 views
    • 4 minutes

    The FBI's seizure of a Mastodon server copy is a wakeup call to users of the decentralized social network, according to the Electronic Frontier Foundation.

     

    Usually, the feds will subpoena a tech company to obtain data on social media users. But in the case of Mastodon—a decentralized social network—the FBI can apparently straight up seize an entire server copy containing thousands of users' data 

     

    The Electronic Frontier Foundation (EFF) is warning(Opens in a new window) about the potential threat after the FBI seized a Mastodon server backup belonging to an "anarchist/anti-colonial" group called Kolektiva. 

     

    The seizure(Opens in a new window) occurred in May, but went largely unreported. The FBI raided a home belonging to a Kolektiva admin as part of an investigation into a local protest, the group said about six weeks after the incident. 

     

    During the raid, the FBI seized a server copy for Kolektiva’s Mastodon instance, which currently has over 8,000 active users. The database contained user account information, including email addresses, possible IP addresses associated with user accounts, and hashed user passwords. In addition, the FBI acquired a copy of the Kolektiva.social(Opens in a new window) database in an unencrypted state since the raid happened while the admin was troubleshooting an issue. 

     

    07HPLxIUAUB1QBV4TxhEHaE-2.fit_lim.size_8

    (Credit: Getty Images)

     

    The EFF says this shows the FBI can sweep up data on numerous people while investigating a single case when it comes to Mastodon. The decentralized social network isn’t controlled by a large corporation out to monetize your data. Instead, anyone can launch a Mastodon server in their home and connect it to others to create a federated social network. 

     

    But the same decentralized nature makes it easier for the feds to swoop in. The EFF adds: "Many fediverse instances, such as Kolektiva, are focused on serving marginalized communities who are disproportionately targeted by law enforcement… Yet this raid put the thousands of users this instance served into a terrible situation.”  

     

    The EFF is now urging both users and Mastodon server operators to take precautions to counter potential FBI seizures. “This story should also be a wake-up call for the thousands of hosts in the growing decentralized web: you have to have your users’ backs too,” the group says. 

     

    The FBI didn’t immediately respond to a request for comment. So it’s unclear if the agency is taking any measures to avoid sifting through user data that's separate from its investigation. In the meantime, the EFF recommends that Mastodon server operators collect as little data as possible.

     

    Mastodon users should also carefully scrutinize the servers they join, and urge the operators to uphold strong privacy safeguards. 

     

    “Making these commitments binding in the terms of service is not only a good idea, it can help the host fight back against overbroad law enforcement requests and can support later motions by defendants to exclude the evidence,” the EFF adds.

     

    Meanwhile, Eugen Rochko, the founder of Mastodon, pointed out: "The FBI performed a raid on one of the admins of kolektiva.social for unrelated charges, and that admin had a backup of the kolektiva.social database on one of their digital devices at home (not a recommended practice, for what it's worth). That Mastodon server is still up. Of course the FBI can take down a Mastodon server in their jurisdiction though, just like they can do with any other website. There's nothing special about Mastodon in that regard, just that taking down one server doesn't affect the rest of the network."

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...