Changes to Lemmy/PieFed to adjust to living under fascism
-
[email protected]replied to [email protected] last edited by
I think encryption at rest for account data should be a thing, but there are better ways to communicate and organize if that's what you're trying to do
I think the biggest thing would just be making sure that it's not easy for the government to get user data. So making signups without personally identifiable info would potentially be worthwhile, so that info can't just be subpoenaed to identify users irl
-
[email protected]replied to [email protected] last edited by
Piefed is another fediverse link aggregator project, like lemmy and kbin
You'll periodically see piefed accounts if you pay attention to user instances here
-
[email protected]replied to [email protected] last edited by
Lemmy is simply not the place for that sort of communication.
My recommendation would be SimpleX.
-
[email protected]replied to [email protected] last edited by
piefed is Lemmy, but with 🥧
-
[email protected]replied to [email protected] last edited by
The fediverse is plainly just not appropriate for this. The ActivityPub makes too many assumptions that the data is fully public.
End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
That could work probably, it's a lot of work and will break interoperability but could be done. You'd still have to vet your users very well though, which might contradict the next point. It takes one user to leak everything.
Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
There's a fair amount of instances already that will let you sign up with a disposable email
Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
A fair chunk of instances already allow VPN/Tor traffic. The bigger ones don't because of spam and CSAM and all that crap, but even Reddit is fully functional over a VPN.
Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
That'd be very hard to enforce, and the instance owners have to do some collection for the sake of being able to handle lawsuits and pass the blame. But you can protect yourself using a VPN or Tor.
Ephemeral content: auto-deleting posts, messages, etc after a set period.
As an admin, I can literally just restore last month's backup and undelete everything that got deleted. If someone's seen it, you must assume it can at minimum have been screenshot.
Instance chooser that flags which instances are in unsafe countries.
Anyone can get a VPS in just about any country, so you'd have to personally verify the owner which is PII and probably one of the most vulnerable part of the group. You take down the owner you take down the whole thing.
Once again however users have plenty of choices already for that, if you trust your instance's admins.
Defederate from instances in unsafe countries?
Same as previous point. Plus, one can still use the API to fetch the content anyway.
Better opsec around instance owners, admins and moderators
Also pretty hard to enforce.
-
[email protected]replied to [email protected] last edited by
You probably want something like Aether instead of the fediverse: https://getaether.net/
It's peer to peer, encrypted, anonymous, ephemeral and all that.
-
[email protected]replied to [email protected] last edited by
It's not about fascists on the platform but living in a fascist country where posting on a left leaning platform is already suspicious.
-
[email protected]replied to [email protected] last edited by
I've never been on 4Chan, but I've heard stories of who 4Chan users are, and what their posts are.
If Margaret Mead at her age smoked grass
-
[email protected]replied to [email protected] last edited by
Imagine pasting this LLM bullshit unabashedly as if it's something people should sagely nod through recognizing how necessary it is to turn this poor man's reddit into NSA internal messaging forum. "Better opsec around instance owners", did you even read that before pasting? Who are you writing that for, instance owners' handlers?
-
[email protected]replied to [email protected] last edited by
thanks for the rec
-
[email protected]replied to [email protected] last edited by
Lemmy is a public forum, if you want to communicate privately exchange matrix handles and communicate there.
-
[email protected]replied to [email protected] last edited by
That is interesting! Thanks for the tip!
Also, it’s their icon a community reference?
-
[email protected]replied to [email protected] last edited by
No idea, never used it, I just happen to know it exists.
-
[email protected]replied to [email protected] last edited by
-
A lock or panick button that immediately wipes everything and makes the logs unusable
-
Easy support for canaries and transparency from the admins, like on Peertube where you're incentivised to write something about your newly installed instance, where it's located etc
-
Maybe take inspiration from European GDPR, assess which information can be used for what, make it transparent to the user what gets stored where and why...
-
-
[email protected]replied to [email protected] last edited by
I know you're a Piefed developer, so you probably know what's possible and what's not better than me. But honestly, the encryption part makes me think you probably want a new protocol designed with that in mind from the start. In my opinion, it's too destructive for compatibility with other ActivityPub software and instances running older versions of them especially.
Combating spam despite the simplified account creation will probably require the implementation of something like Reddit's karma system. Which isn't a very popular idea I think.
Regarding the ephemeral content.... please don't. It might sound cool on paper, but it just adds FOMO. We shouldn't promote doomscrolling and brainrot with the addition of features which require you to quickly scroll through shit to not miss out on posts that disappear after a timer has passed.
-
[email protected]replied to [email protected] last edited by
No. Federation is the wrong decentralization model for anyone worried about malicious state actors. Just like email encryption, it doesn't matter how secure you/your server is, you still need to rely on the weakest link on the chain and that is simply unacceptable.
If you want to have secure social media, we need to move away from Federation and we will have to build a fully distributed network where data only lives at the edge nodes and participants can only communicate after exchanging their own personal keys.
Anything else is just infosec cosplaying.
-
[email protected]replied to [email protected] last edited by
And pretty much dead, I was following this project but they stopped development in 2020.
-
[email protected]replied to [email protected] last edited by
So you're saying we should use Nostr
-
[email protected]replied to [email protected] last edited by
But do users get fed?
-
[email protected]replied to [email protected] last edited by
Reddit blocks VPNs unless you're already logged on
