I appreciate the intent of this message, but how sure are you that federated social media like Lemmy is really any safer than Reddit? Not much on here is encrypted, to my knowledge, and instance admins need to respond to subpoenas just like anybody else… In the event of hostile government action, you’re much better off communicating on E2EE platforms, and unfortunately, posting on public social media platforms is a risk.
You can mitigate much of that risk with a burner email and VPN, but you can do that on other platforms too.
The decentralized nature of federated social media is the only advantage it has. But it’s kind of a wash. The big social media platforms have resources and weight they can throw at resisting state level surveillance. The operator of the Mastodon instance you sign up for probably doesn’t have a lawyer on retainer let alone the army of legal experts Facebook or X could throw at the problem. That said you can always change instances or use multiple ones to begin with.
Sure, there are things you can do to be safe on Lemmy/the fediverse, but most of those things aren’t inherent to the platform, they’re just good safety practices, and most importantly none of them are mentioned in this “PSA” about “safety”.
I don’t disagree with you. Realistically if you’re serious about security and a state level actor is in your threat model, you probably shouldn’t be using social media at all, but especially not platforms that focus on followers and public posts rather than one-on-one or small group connections. At least not for day to day usage.
I don’t know a lot about this. If the United States wants to subpoena records from an instance admin based outside of the United States, do they have to comply?
I think it’s pretty murky, ignoring a subpoena is a crime, so US may be able to charge them with obstruction and request extradition, it’s then on their home countries to decide whether to accept the US’s requests. Either way I’m sure it would make them ever traveling to the US very tense.
See: Julian Assange
Remember though, these instance admins are generally doing this out of the kindness of their heart on shoestring budgets, it’s so much safer and easier for them to just comply with legal requests. They’re nice people, but not political martyrs.
For extradition, you’d first have to know who the instance admin is.
I don’t think foreign ISPs will (or are even allowed to) react to a US request for information.
So the US would have to request that info from the foreign country’s government via diplomatic channels.
Mainstream social media track and identify in non-obvious ways such as browser fingerprinting. If you’re on a federated open source social media site then there’s none of that. If you use a VPN (and if you can’t afford one, Proton offer a free tier) or Tor browser to mask your IP and you’re using a non personally identifiable email address that goes a long way towards protecting yourself.
Beyond that, never posting identifying info about yourself such as the place you live, including the State, will protect you even further.
But I do agree that using an E2EE service is the best way to communicate.
Centralized platforms are much more dangerous, the various FOSS federated platforms are auditable and don’t contain inherent spyware. You can also use certain sites as a proxy, or start your own VPS+lemmy instance to use as a secure proxy for yourself. The restrictive nature of sites like reddit means they can ban you for taking basic security precautions, which they do regularly.
I generally agree, but that is not conveyed in your image, it just (basically) says “come to Lemmy, you’ll be safe”. There are critical extra steps you should take if you’re worried about safety - this just feels more like an advertisement.
I appreciate the intent of this message, but how sure are you that federated social media like Lemmy is really any safer than Reddit? Not much on here is encrypted, to my knowledge, and instance admins need to respond to subpoenas just like anybody else… In the event of hostile government action, you’re much better off communicating on E2EE platforms, and unfortunately, posting on public social media platforms is a risk.
You can mitigate much of that risk with a burner email and VPN, but you can do that on other platforms too.
The decentralized nature of federated social media is the only advantage it has. But it’s kind of a wash. The big social media platforms have resources and weight they can throw at resisting state level surveillance. The operator of the Mastodon instance you sign up for probably doesn’t have a lawyer on retainer let alone the army of legal experts Facebook or X could throw at the problem. That said you can always change instances or use multiple ones to begin with.
Sure, there are things you can do to be safe on Lemmy/the fediverse, but most of those things aren’t inherent to the platform, they’re just good safety practices, and most importantly none of them are mentioned in this “PSA” about “safety”.
I don’t disagree with you. Realistically if you’re serious about security and a state level actor is in your threat model, you probably shouldn’t be using social media at all, but especially not platforms that focus on followers and public posts rather than one-on-one or small group connections. At least not for day to day usage.
I don’t know a lot about this. If the United States wants to subpoena records from an instance admin based outside of the United States, do they have to comply?
I think it’s pretty murky, ignoring a subpoena is a crime, so US may be able to charge them with obstruction and request extradition, it’s then on their home countries to decide whether to accept the US’s requests. Either way I’m sure it would make them ever traveling to the US very tense.
See: Julian Assange
Remember though, these instance admins are generally doing this out of the kindness of their heart on shoestring budgets, it’s so much safer and easier for them to just comply with legal requests. They’re nice people, but not political martyrs.
For extradition, you’d first have to know who the instance admin is.
I don’t think foreign ISPs will (or are even allowed to) react to a US request for information.
So the US would have to request that info from the foreign country’s government via diplomatic channels.
Thanks, that makes sense. I wasn’t sure what to even consider for that kind of thing, but I do recognize these admins are just ordinary folks.
Mainstream social media track and identify in non-obvious ways such as browser fingerprinting. If you’re on a federated open source social media site then there’s none of that. If you use a VPN (and if you can’t afford one, Proton offer a free tier) or Tor browser to mask your IP and you’re using a non personally identifiable email address that goes a long way towards protecting yourself.
Beyond that, never posting identifying info about yourself such as the place you live, including the State, will protect you even further.
But I do agree that using an E2EE service is the best way to communicate.
Centralized platforms are much more dangerous, the various FOSS federated platforms are auditable and don’t contain inherent spyware. You can also use certain sites as a proxy, or start your own VPS+lemmy instance to use as a secure proxy for yourself. The restrictive nature of sites like reddit means they can ban you for taking basic security precautions, which they do regularly.
I generally agree, but that is not conveyed in your image, it just (basically) says “come to Lemmy, you’ll be safe”. There are critical extra steps you should take if you’re worried about safety - this just feels more like an advertisement.