The FBI raided one of the admins of Kolektiva and a full copy of the website's database, dated early-may, was among the data seized. Full details in the linked URL.
Kolektiva.social is a Mastodon instance focused on radical politics and activism, with about 6.6K active users. One of the largest open-signup instances of its kind.
Scary stuff
Take this as a reminder:
Do not dox yourself in DMs on social media. Treat them as if they were public, at least in terms of opsec.If you want your communications to be properly private, use Matrix or something. This includes hexbear
Emails and other signup info too. If you have any reason to think you could be targeted by feds, other steps like using a VPN or Tor might be next. But the above advice is true for most social media users, celeb DMs leak all the time, for example. There's always a way.
I am now imagining Gilbert Gottfried reading a BMF post in a federal courtroom.
we missed out on the best timeline by a wide margin, this is only further proof
"No, your honor, I wasn't going to nuke all of humanity, the aliens were supposed to do it to save the dolphins... huh? No, I've never read any posadist literature."
Another KKKracka down! Unlimited genocide on the first world! Woooohoooooo!!! But in Minecraft obviously
Thanks for taking the heat Kyle. They won't go after us minecrafters when they have you to chase down.
Strangely out of character for a Kyle though. I've only know kyles to be horrible humans never altruistic.
Here's to you 🍷 the best Kyle of them all.
I've only know kyles to be horrible humans
it's actually funny how true this is, all jokes aside
Yes, DMs are pretty much never deleted, the kollektiva instance leaked the IP adresses of users within a 3 day range in the past, as an unencrypted db image was currently worked at.
This means that you have to use VPNs/TOR and dynamic IPs to stay secure (or go the public varying internet cafe route).
outdated reference. cloudflare is no longer used (at least not their CDN functionality)
not really, just that cf was dropped in the migration. nobody ever really liked cloudflare as far as I know but it did make certain things a bit faster and safer from certain kinds of attack. At the expense of all traffic going through the servers of a US company, who could if they wanted to probably spy on contents of traffic
Yeah it made sense as a practical choice. Dealing with potential DDoSes is a much bigger priority for a silly online forum than attempting and failing to be opaque to the US government xD
also the US government can always get the data from any service that wants to do business in the US. A service being hosted elsewhere does not mean it will not comply with US laws, especially if you're paying for it with a credit card or something and it has a sizeable US userbase.
Our server going AWOL just hours after this announcement had me kinda paranoid at first ngl
That brings up the question, does this site got a canary? A document which has to be actively updated every X hours to show it hasn't been compromised?
nice to know that apparently the FBI now has my nudes saved in one of their computers because several kolektiva users followed me and boosted them so they were saved on kolektiva's servers apparently
Holy shit, lol
I mean, the NSA can know the amount of hairs in your butt anyways, but still this is almost parody
To quote a thread from somebody who did a good job explaining:
For people who are not really up on how federation works regarding kolektiva.social's database news above, instances serve you content that has been federated to the server you're on. Which means for you to see it, your local server has downloaded a copy. So if you are on a third party server and have been boosted onto tls of people on kolektiva, share DMs or private posts with people on kolektiva, that content is stored on their servers too, not just yours.
Private media, for example, is not just in the hands of your admin. It is in the hands of the admins of followers or people you dm on other servers etc
And I know a lot of people who are familiar with mastodon software or have been here forever see this as a 'well duh', which I've seen come up a lot already from the usual suspects, but a lot of people don't know how this stuff works and with some things, like this, it can be really important.
It's really lame how a lot of these open source projects don't have a "privacy policy" that educates people on what types of communication are secure.
Pffft. I kind of expect the fbi to kick my door down and accuse me of sedition any day now these days. I hope the Kolektiva kids are okay.
The thing that really makes me scratch my head is that this raid happened near the start of May, and they are announcing it now, on the first of July. What the fuck is up with that? Were they gagged? Did they just not want to say anything in hopes the feds wouldn't realize what they got their hands on? It's a fucking shit show. Absolute disaster.
If someone is going to host a server like that, they need to encrypt the live data and every backup.
Also maybe not hosting it in the USA or aligned countries (i.e. Canada, U.K., Germany)