• GolfNovemberUniform
    link
    fedilink
    arrow-up
    1
    arrow-down
    6
    ·
    6 months ago

    Huh I thought the servers were real and ran on bare metal of volunteers like it’s supposed to be

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          6 months ago

          Nope, everyone blindly trusts AWS/Crimeflare/etc. to MITM all their traffic, storage and servers and never happen to do anything bad or leak any data. One day it’s going to bite everyone in the ass.

          Even when you use AWS’s encryption feature for the VM itself, they hold the keys for you.

        • ☆ Yσɠƚԋσʂ ☆OP
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          6 months ago

          It’s really up to you how you set up your server and the datastore. This has nothing to do with Hollo. Again, there’s no difference between this and running a Mastodon server that will also need infrastructure like a db to back it.

          • GolfNovemberUniform
            link
            fedilink
            arrow-up
            2
            arrow-down
            3
            ·
            6 months ago

            Hmm sounds very unsafe to me. The cloud server provider can do anything, including logging all the traffic and sending it to the NSA for criminal finding and analysis purposes. Well I heard it’s almost impossible to get data deleted from Mastodon so whatever.

            • ☆ Yσɠƚԋσʂ ☆OP
              link
              fedilink
              arrow-up
              4
              arrow-down
              2
              ·
              6 months ago

              I don’t know what to tell you, but this is how modern internet works. Also, nobody is forcing you to get a server in a jurisdiction where US has access to. Meanwhile, any traffic is encrypted via HTTPS, so the provider can’t actually log it. It sounds like you have a very superficial understanding of the subject you’re debating here.

              • GolfNovemberUniform
                link
                fedilink
                arrow-up
                2
                arrow-down
                3
                ·
                6 months ago

                This is an unpopular take because laziness, lack of quality and lack of care are the standards now but “this is how modern internet works” isn’t an excuse at all. That’s what FOSS is trying to change actually. But I guess the Fediverse is far behind in terms of security now. Not having everything encrypted on a server you don’t own is a massive flaw. Privacy as in data mining seems to be a bit better than what Big Tech offers as long as you trust the instance and its server provider though.

                • ☆ Yσɠƚԋσʂ ☆OP
                  link
                  fedilink
                  arrow-up
                  5
                  ·
                  6 months ago

                  This has nothing to do with the original topic of discussion or Hollo in particular. You’re now arguing about pros and cons of using a VPS service. I also have no idea why you keep making statements like “not having everything encrypted on a server you don’t own is a massive flaw”. You absolutely can have everything encrypted running a VPS. You don’t understand the subject you’re discussing.

                  • GolfNovemberUniform
                    link
                    fedilink
                    arrow-up
                    2
                    arrow-down
                    2
                    ·
                    6 months ago

                    The original discussion was about Hollo but now it’s about Mastodon. They’re almost the same things anyways. And if you can have everything encrypted on a VPS it does not mean every instance owner (and even every major instance owner) will do it. Here I think we need an official requirement by Mastodon and probably a code integration so it’s impossible to have everything decrypted without breaking the federation support. The performance will be cut in half at best but at least IP and metadata mining attacks will be harder to perform.