this post was submitted on 09 Jul 2023
2206 points (97.9% liked)

Technology

34984 readers
232 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.ml/post/1874605

A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 1 year ago (3 children)

Are you saying that the individuals who run these servers and instances aren’t subject to the same laws? I read the article, and Facebook complied with a court order.

You don’t think anyone running Lemmy would do the same without access to lawyers and capital like Facebook has?

[–] [email protected] 46 points 1 year ago (4 children)

Do you have to run your lemmy instance in the US?

Maybe do it in a less backward place

[–] [email protected] 20 points 1 year ago

Not disagreeing with you there.

[–] [email protected] 18 points 1 year ago (2 children)

Every interaction on Lemmy is copied to all other federated instances. There are instances all over the world with a copy of yours and my comment. They can track and use those comments for any purpose. Its both a blessing and a curse of an open federated structure.

[–] [email protected] 15 points 1 year ago

they can also scrape them. that's not really the point.

people can dm on lemmy, and only the two instances that host the people on either end of the dm (which may even be the same instance) store that dm. that instance may actually receive a subpoena. but all of this is heavily discouraged by the lemmy interface itself, instead prompting people to set up a matrix account instead, and matrix chats are end-to-end encrypted.

[–] [email protected] 9 points 1 year ago

Its a social platfrom. Dont use it for personal communications.

[–] [email protected] 5 points 1 year ago (1 children)

And how can we be sure that all the instances federated with any instance we participate on aren't run by law enforcement themselves? I'd be surprised if there aren't running instances by every major investigative agency themselves.

[–] [email protected] 12 points 1 year ago* (last edited 1 year ago)

This is why everyone should take steps to protect their privacy. You don't have to go 0-100 overnight. Just audit yourself and do a few things now. Keep those habits up. Then audit and add a few more things, repeat.

I need to do this myself, I've been slipping

[–] [email protected] 12 points 1 year ago (1 children)

Lemmy promotes using Matrix, which is a separate service, so instance admins don't need to be in the business of hosting private conversations.

Matrix is end-to-end encrypted so even the admins of your Matrix server could not provide your chats to law enforcement.

[–] [email protected] 3 points 1 year ago (1 children)

I wish Lemmy was as well. Ah well.

[–] [email protected] 1 points 1 year ago (1 children)

It's not really possible as long as Lemmy is a website. E2EE works on Matrix because it's an app, and therefore it can manage your encryption keys in ways a browser cannot do for you. (You can save things in the client, but not in a reliable enough way for something like the master key for every communication you ever had that if you lose you get locked out of all your chat history.) In the case of Lemmy, the signing keys for your federated actions are handled by the server, which is perfectly fine for 99% of what you use Lemmy for (public posts and comments), but it also means that even if they implemented E2EE for chats, the keys to decrypt the convo would be right on the same server.

That's why Lemmy actively pushes you to set up a Matrix account, because Matrix makes better tradeoffs for the purposes of messaging, while Lemmy's tradeoffs are more relevant to a link aggregator style social media.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Matrix is also a website and you don't need an app to use it. The first time I used Matrix, I didn't use an app, I merely signed in on a browser window. I first signed up on my work laptop, then later signed in on my desktop and had to confirm the new account on my laptop before my desktop would work with the same account.

The more devices it's on the better, but it's totally usable with just one web client.

If Matrix can do that, lemmy can as well. It would probably degrade the user experience because you'd need a decryption step for every post and comment you load (just like loading a new Matrix room), but it is technically possible.

I'm not necessarily asking for every comment to be encrypted, I just think it would be a good idea for DMs to be encrypted using keys the admin doesn't have access to. It would be cool for communities to allow encryption as an option as well (i.e. all posts and comments would be E2E encrypted to all members, and not viewable unless you join), but it shouldn't be the default everywhere.

[–] [email protected] 3 points 1 year ago

Complying with the law is less of an issue than keeping that data accessible in the first place.