An anarchist-oriented Mastodon server has seen one of its admins raided by the FBI. The admin in question was working with an unencrypted backup of the Mastodon server, which was also seized.
There was never any lag in service. I’m on that instance. I believe the person was raided due to their activism and had a backup of some data but not the actual server. They made an announcement and told people to change their passwords. Many lost a degree of trust but are being as transparent as possible with members. https://kolektiva.social/@admin/110637031574056150
Yeah, what the fuck are you supposed to do? Ask the FBI to please come back later?
It’s a good reminder for folks with concerns to not say anything on a platform that isn’t end-to-end encrypted that you don’t want folks finding out about, to not use an email you don’t want associated with yourself, and to use some sort.of VPN or Tor if you need to hide your IP address.
And if course use unique passwords but I would really hope people do that already.
Yeah the ‘happened to have a bunch of unencrypted data laying around’ bit seems odd. Would make sense if they got picked up for something else and that was the bargain. Fucked if I know though
Not really? If you’re trying to debug something, or if you’re gearing up for an upgrade (like the Mastodon upgrade this week that’s giving a lot of admins grief) it’s plausible to have one of your backups locally to mess around with. As an example of this principle, I run Part-DB-server to manage my workshop inventory. For various reasons I migrated from a hosted MySQL database to a local SQLite database, and I’m in the process of moving back to the MySQL database. To facilitate this I have a copy of the SQLite database that, as needed, I run SELECTs on to backfill details on entries. I have a local copy of that database on my laptop, in other words.
It’s also plausible that the kolektiva.social admin was mocking up a clone of the service on their laptop to test something.
Without more data (gentlebeings, start your FOIA requests) I’m not sure that it’s a good idea to speculate. We might learn something that we can use later.
FBI claiming it’s for non-Mastodon related reasons, but that could be a cover. https://kolektiva.social is still up
Regardless, I don’t think they even have to ask to get this sort of data from any of the big platforms.
There was never any lag in service. I’m on that instance. I believe the person was raided due to their activism and had a backup of some data but not the actual server. They made an announcement and told people to change their passwords. Many lost a degree of trust but are being as transparent as possible with members. https://kolektiva.social/@admin/110637031574056150
Yeah, what the fuck are you supposed to do? Ask the FBI to please come back later?
It’s a good reminder for folks with concerns to not say anything on a platform that isn’t end-to-end encrypted that you don’t want folks finding out about, to not use an email you don’t want associated with yourself, and to use some sort.of VPN or Tor if you need to hide your IP address.
And if course use unique passwords but I would really hope people do that already.
Yeah the ‘happened to have a bunch of unencrypted data laying around’ bit seems odd. Would make sense if they got picked up for something else and that was the bargain. Fucked if I know though
Not really? If you’re trying to debug something, or if you’re gearing up for an upgrade (like the Mastodon upgrade this week that’s giving a lot of admins grief) it’s plausible to have one of your backups locally to mess around with. As an example of this principle, I run Part-DB-server to manage my workshop inventory. For various reasons I migrated from a hosted MySQL database to a local SQLite database, and I’m in the process of moving back to the MySQL database. To facilitate this I have a copy of the SQLite database that, as needed, I run SELECTs on to backfill details on entries. I have a local copy of that database on my laptop, in other words.
It’s also plausible that the kolektiva.social admin was mocking up a clone of the service on their laptop to test something.
Without more data (gentlebeings, start your FOIA requests) I’m not sure that it’s a good idea to speculate. We might learn something that we can use later.
You’re almost right: they do have to ask. They get a warrant, and they ask, and they are never told no.
I don’t think it was a cover. They could have just sent a subpoena for the data if it was hosted in the US.