Conversation

Notices

1. Embed this notice
   Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Monday, 03-Jul-2023 15:12:33 JST Håkan Geijer

   Most all the anarchists who are commenting on the Kolektiva "incident" are saying things along the lines of "well you shouldn't talk about crimes on here anyway, so it shouldn't matter if the DB got seized." Which is true, yes. And it's good to remind people about it.

   But!

   People fucking *do* talk about crimes here, and if you're the steward of the space in which they do these things, you do have some responsibility to go out of your way to cover their asses too.

   Literally no one (self included) is doing uber max security all the time, and saying that some sort of security breach shouldn't matter is just naive. They always will matter because people will always make mistakes. And even when they aren't making mistake, they entire principle of OpSec is to systematically analyze what knowledge an enemy can by your actions. The point is that small innocuous things combined can fuck you over. Cops having DMs, email addresses, and password hashes *absolutely is an OpSec fuckup* even if everyone on here was truly anon and squeaky clean.

   I know we all sympathize with the admins and that we're getting a ton of hate from fuckwit techies outside out "community," and I know that the initial reaction from our side was that it's extremely fucking bad (it's only somewhat bad), but we're also not being nearly critical enough of what happen. What are the actual consequences of this? We could be a bit more nuanced.

   • Embed this notice
     catch (catch56@kolektiva.social)'s status on Monday, 03-Jul-2023 15:45:05 JST catch

     in reply to

     @hakan_geijer seems to be a couple of things. Hard drive encryption is easy to set up on new machines now, but it's something you have to do yourself. Working on a sanitized version of a db generally means having a system set up server-side to replace passwords and emails before downloading so everyone gets that by default. That seems like a general mastodon hosting issue that could be fixed in general. A bit harder to do that for dms given they're just posts.

   • Embed this notice
     anoreon@kolektiva.social's status on Monday, 03-Jul-2023 15:55:36 JST anoreon

     in reply to

     @hakan_geijer Yeah, I would say defense in depth always needs to be emphasized. We should be operating on the assumption that all our data is public (and a lot of it just is), and the admins should assume the users are posting things they shouldn't be.

     Always need to be thinking along the lines of If (or when) I (or someone else) fucks up some security practice, what are the consequences and how best to mitigate them. There's no silver bullet to keeping yourself or others safe.

   • Embed this notice
     undead enby of the apocalypse (enby_of_the_apocalypse@kolektiva.social)'s status on Monday, 03-Jul-2023 18:29:20 JST undead enby of the apocalypse

     in reply to

     @hakan_geijer also, there are things no one wants the cops/feds to know, for example when you share contact info through dms to chat in a way that is more secure. I don’t want cops to have that info.

   • Embed this notice
     undead enby of the apocalypse (enby_of_the_apocalypse@kolektiva.social)'s status on Monday, 03-Jul-2023 23:10:56 JST undead enby of the apocalypse

     @hakan_geijer that’s pretty smart

   • Embed this notice
     Masonic Cowgirl (julieofthespirits@kolektiva.social)'s status on Tuesday, 04-Jul-2023 03:01:11 JST Masonic Cowgirl

     in reply to

     @hakan_geijer also it ignores that state surveillance is based on a lot more than someone saying hello I have committed a crime like it was the fucking seventies

     Like thinking about it that way ignores everything we've learned about how mass surveillance works over the past ten years