What do we need to change about how we operate, now that the political environment is darkening?
The overall goals would be to safeguard user identities, ensure communication privacy, and protect against censorship and state surveillance.
User Anonymity and Privacy
- End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
- Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
- Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
Data Storage
- Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
- Ephemeral content: auto-deleting posts, messages, etc after a set period.
- Instance chooser that flags which instances are in unsafe countries.
- Defederate from instances in unsafe countries?
Communities
- Private communities - currently all are public
- Communities where every post is encrypted
- Approval process to join some communities
- Better opsec around instance owners, admins and moderators
What else?
No. Federation is the wrong decentralization model for anyone worried about malicious state actors. Just like email encryption, it doesn’t matter how secure you/your server is, you still need to rely on the weakest link on the chain and that is simply unacceptable.
If you want to have secure social media, we need to move away from Federation and we will have to build a fully distributed network where data only lives at the edge nodes and participants can only communicate after exchanging their own personal keys.
Anything else is just infosec cosplaying.
Yup. Really don’t get the constant drumming of “I want to use someone else’s website or server while pretending it’s a secure platform”. Peer-to-peer coms have been around for literal generations now. If you actually care about privacy, e2ee p2p is what you do.
Security runs opposite to convenience.
This is also why I get so pissed about the Fediverse “don’t scrape me bro” crybabies and their whole talk about “consent-based following”.
Malicious actors do not ask for consent. Malicious actors know how to bypass authorized fetch. Malicious actors will have absolute no qualms creating accounts on the same server as you just to be able to follow you. You can even argue that malicious actors will even build an instance that you find super appealing in order to be able to collect your communication.
It doesn’t matter how you feel you are entitled to a “safe space”, if you are talking in public. People might ignore you, but they are never go around with their ears covered just because you are asking them to.
Yep. And besides, the only people actually taking significant risk here are the instance hosters storing the content.
Secure Scuttlebutt is the way
So you’re saying we should use Nostr
No. Nostr is even worse because it ties your identity to your encryption keys.
How is that worse? You can always prove that you are the same person by encrypting a message with the same key. There is no way for me to prove whether my Instagram account is really me
The problem is the inverse. There are times where you don’t want to be connected to any message.
Nostr is being developed by stupid bitcoiners, and it suffers from the same stupid mistakes as BTC. Pseudonymous transactions is not enough for a payment network. Just like pseudonymous messaging is not enough for secure communication.
Then use a key you never used before to encrypt it