FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse Users
and Hosts to Protect their Users

"In May, Mastodon server Kolektiva.social was compromised when one of
the server’s admins had their home raided by the FBI for unrelated
charges. All of their electronics, including a backup of the instance
database, were seized."

https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their

On Fri, 28 Jul 2023 11:11:11 -0500, Syber Shock <admin@sybershock.com> wrote:
>FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse Users
>and Hosts to Protect their Users
>
>"In May, Mastodon server Kolektiva.social was compromised when one of
>the server�s admins had their home raided by the FBI for unrelated
>charges. All of their electronics, including a backup of the instance
>database, were seized."
>
>https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their

this aforecited "eff.org..." link opens normally in Tor Browser 12.5.1:
>July 25, 2023
snips
>A story where "all their electronics were seized" echoes . . .
> . . .
>Update: This post's title has been updated to clarify that the FBI seized
>Mastodon server data, not control over the server itself.

Q: How could _anyone_ outside the loop possibly know what big brother does
in their strictly controlled, universally weaponized, top-secret, "need
to know" world? The answer is obvious: Only gubmit agents know anything
about what big brother might be up to, and even then it could be untrue

In article <789519ebbc7422d40353ecc7aead2834$1@sybershock.com>
Syber Shock <admin@sybershock.com> wrote:
>
> FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse Users
> and Hosts to Protect their Users
>
> "In May, Mastodon server Kolektiva.social was compromised when one of
> the server�s admins had their home raided by the FBI for unrelated
> charges. All of their electronics, including a backup of the instance
> database, were seized."
>
> https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their

I trust no one "encrypting" my info except myself. I use PGP. I don't
trust any sites regarding their "end to end" or "military style"
encryption. I don't even trust them when they tell me they use PGP.
Their PGP is only as secure as THEIR key security.

As far as I'm concerned, you're on your own when it comes to security
and encryption.

On Sat, 29 Jul 2023 17:02:33 +0200 (CEST)
Nomen Nescio <nobody@dizum.com> wrote:

> In article <789519ebbc7422d40353ecc7aead2834$1@sybershock.com>
> Syber Shock <admin@sybershock.com> wrote:
> >
> > FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse
> > Users and Hosts to Protect their Users
> >
> > "In May, Mastodon server Kolektiva.social was compromised when one
> > of the server_s admins had their home raided by the FBI for
> > unrelated charges. All of their electronics, including a backup of
> > the instance database, were seized."
> >
> > https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their
> >
>
> I trust no one "encrypting" my info except myself. I use PGP. I
> don't trust any sites regarding their "end to end" or "military
> style" encryption. I don't even trust them when they tell me they
> use PGP. Their PGP is only as secure as THEIR key security.
>
> As far as I'm concerned, you're on your own when it comes to security
> and encryption.
>

I have some ideas that have never been tried or published and they will
make truly secure end-to-end messaging very easy for the
point-and-click crowd. I might post about it sometime. Right now I'm
busy with other things. Let's just say that true cryptographic security
is possible, but the UX and the topology need to adopt certain
principles that are counter-intuitive to most programmers.

Something like Omnimix is neat, but massively far too complex and
bewildering for use by the average Joe. I have ideas that smooth all of
that out and would allow grandma to use secure mix messaging as easily
as logging on to her desktop. If you can get a half-million grandmas
regularly using a secure mixnet, then you have the true anonymity
envisioned by the mixmaster makers.

As for the server raid, there isn't much to be gleaned from a Mastodon
database. Since a user's posts are public anyway, anyone can snarf that
data from the web portal.

About the only things the feds will glean is the associated email
address, password hashes, IP addresses in the logs, and private
messages, if the instance has that feature. It is hard for me to think
of a scenario where such access to Mastodon backend data will do much
for the investigators' agenda, since people use Mastodon to post
publicly anyway.

It's a mountain of strong-arm badge-heavy for a molehill of payoff.
Something else was going on and it seems the server seizure was just
par for the course. But it does demonstrate the fragility of having all
your eggs in someone else's basket.

--
SugarBug | https://sybershock.com

On Sat, 29 Jul 2023 11:16:42 -0500, Syber Shock <admin@sybershock.com> wrote:
>Something like Omnimix is neat, but massively far too complex and
>bewildering for use by the average Joe.

I'm an average Joe ('J' in DJM), and Omnimix certainly works great with
mix and yamn remailers w/tor on Windows 11 & 7 PCs ... download it here:

https://www.danner-net.de/om.htm
https://www.danner-net.de/omom/index.htm
https://www.danner-net.de/om/OmniMix_2.6.8_Uno_Setup.exe

In article <6ca719e599586955c909b1f2e366f7a9$1@sybershock.com>
Syber Shock <admin@sybershock.com> wrote:
>
> On Sat, 29 Jul 2023 17:02:33 +0200 (CEST)
> Nomen Nescio <nobody@dizum.com> wrote:
>
> > In article <789519ebbc7422d40353ecc7aead2834$1@sybershock.com>
> > Syber Shock <admin@sybershock.com> wrote:
> > >
> > > FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse
> > > Users and Hosts to Protect their Users
> > >
> > > "In May, Mastodon server Kolektiva.social was compromised when one
> > > of the server_s admins had their home raided by the FBI for
> > > unrelated charges. All of their electronics, including a backup of
> > > the instance database, were seized."
> > >
> > > https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their
> > >
> >
> > I trust no one "encrypting" my info except myself. I use PGP. I
> > don't trust any sites regarding their "end to end" or "military
> > style" encryption. I don't even trust them when they tell me they
> > use PGP. Their PGP is only as secure as THEIR key security.
> >
> > As far as I'm concerned, you're on your own when it comes to security
> > and encryption.
> >
>
> I have some ideas that have never been tried or published and they will
> make truly secure end-to-end messaging very easy for the
> point-and-click crowd. I might post about it sometime. Right now I'm
> busy with other things. Let's just say that true cryptographic security
> is possible, but the UX and the topology need to adopt certain
> principles that are counter-intuitive to most programmers.
>
> Something like Omnimix is neat, but massively far too complex and
> bewildering for use by the average Joe.

I don't believe it! Somebody agrees with dummies like me regarding
Omnimix's the lack of usefulness for the average user. That's why
dummies like me still stick with Christman's Anon For Dummies: QSL

> SugarBug | https://sybershock.com

On Sat, 29 Jul 2023 20:15:27 +0200 (CEST), anonymous@anonymous.com wrote:
>dummies like me still stick with Christman's Anon For Dummies: QSL

it's fun to discuss such obsolete programs, QSL, JBN, DOS, Edlin etc.,
so freeware clones of classic coin-operated video games fit right in:

Pong - Arcade (1972):
https://oldgamesdownload.com/pong/
https://archive.org/download/PongWinEN/Pong_Win_EN.zip

Space Race - Arcade (1973)
https://oldgamesdownload.com/space-race/
https://archive.org/download/SpaceRaceSimulatedWindows/Space%20Race_Simulated_Win32_EN.zip.zip
https://archive.org/download/SpaceRaceSimulatedWindows/Space%20Race_Simulated_Win64_EN.zip.zip

Asteroids - Arcade (1979):
https://oldgamesdownload.com/asteroids/
https://archive.org/download/Asteroids_20190510/Asteroids_Arcade_ROM_Emulated_EN.zip

(all three of these work under Windows 11 & older, and are fun to play)

Edlin was the best word processor ever! but edit, wordstar, word perfect,
etc., proved far too complicated and advanced for the average user . . .

In article <5a71062778adc815c630736ed50a4fcb@dizum.com>
anonymous@anonymous.com wrote:
>
> In article <6ca719e599586955c909b1f2e366f7a9$1@sybershock.com>
> Syber Shock <admin@sybershock.com> wrote:
> >
> > On Sat, 29 Jul 2023 17:02:33 +0200 (CEST)
> > Nomen Nescio <nobody@dizum.com> wrote:
> >
> > > In article <789519ebbc7422d40353ecc7aead2834$1@sybershock.com>
> > > Syber Shock <admin@sybershock.com> wrote:
> > > >
> > > > FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse
> > > > Users and Hosts to Protect their Users
> > > >
> > > > "In May, Mastodon server Kolektiva.social was compromised when one
> > > > of the server_s admins had their home raided by the FBI for
> > > > unrelated charges. All of their electronics, including a backup of
> > > > the instance database, were seized."
> > > >
> > > > https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their
> > > >
> > >
> > > I trust no one "encrypting" my info except myself. I use PGP. I
> > > don't trust any sites regarding their "end to end" or "military
> > > style" encryption. I don't even trust them when they tell me they
> > > use PGP. Their PGP is only as secure as THEIR key security.
> > >
> > > As far as I'm concerned, you're on your own when it comes to security
> > > and encryption.
> > >
> >
> > I have some ideas that have never been tried or published and they will
> > make truly secure end-to-end messaging very easy for the
> > point-and-click crowd. I might post about it sometime. Right now I'm
> > busy with other things. Let's just say that true cryptographic security
> > is possible, but the UX and the topology need to adopt certain
> > principles that are counter-intuitive to most programmers.
> >
> > Something like Omnimix is neat, but massively far too complex and
> > bewildering for use by the average Joe.
>
> I don't believe it! Somebody agrees with dummies like me regarding
> Omnimix's the lack of usefulness for the average user. That's why
> dummies like me still stick with Christman's Anon For Dummies: QSL
>

Indeed. I tried it once, and the GUI was way too confusing.
And, QSL still works like a charm w/Tor.

On Sat, 29 Jul 2023 22:48:50 +0200 (CEST), Nomen Nescio <nobody@dizum.com> wrote:
>QSL still
is obsolete

today, everyone is using Omnimix:
https://www.danner-net.de/om.htm
https://www.danner-net.de/omom/index.htm
https://www.danner-net.de/om/OmniMix_2.6.8_Uno_Setup.exe

In article <5a71062778adc815c630736ed50a4fcb@dizum.com>
anonymous@anonymous.com wrote:
>
> In article <6ca719e599586955c909b1f2e366f7a9$1@sybershock.com>
> Syber Shock <admin@sybershock.com> wrote:
> >
> > On Sat, 29 Jul 2023 17:02:33 +0200 (CEST)
> > Nomen Nescio <nobody@dizum.com> wrote:
> >
> > > In article <789519ebbc7422d40353ecc7aead2834$1@sybershock.com>
> > > Syber Shock <admin@sybershock.com> wrote:
> > > >
> > > > FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse
> > > > Users and Hosts to Protect their Users
> > > >
> > > > "In May, Mastodon server Kolektiva.social was compromised when one
> > > > of the server_s admins had their home raided by the FBI for
> > > > unrelated charges. All of their electronics, including a backup of
> > > > the instance database, were seized."
> > > >
> > > > https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their
> > > >
> > >
> > > I trust no one "encrypting" my info except myself. I use PGP. I
> > > don't trust any sites regarding their "end to end" or "military
> > > style" encryption. I don't even trust them when they tell me they
> > > use PGP. Their PGP is only as secure as THEIR key security.
> > >
> > > As far as I'm concerned, you're on your own when it comes to security
> > > and encryption.
> > >
> >
> > I have some ideas that have never been tried or published and they will
> > make truly secure end-to-end messaging very easy for the
> > point-and-click crowd. I might post about it sometime. Right now I'm
> > busy with other things. Let's just say that true cryptographic security
> > is possible, but the UX and the topology need to adopt certain
> > principles that are counter-intuitive to most programmers.
> >
> > Something like Omnimix is neat, but massively far too complex and
> > bewildering for use by the average Joe.
>
> I don't believe it! Somebody agrees with dummies like me regarding
> Omnimix's the lack of usefulness for the average user. That's why
> dummies like me still stick with Christman's Anon For Dummies: QSL

Depends how you use it.

If you're looking at OmniMix as one stop shopping for someone
who knows nothing about the things it leverages, point granted.

One the other hand, that's simply a matter of lacking
documentation or guidance that I wouldn't expect Danner to
provide. If you can't look at the excellent documentation
available and adjust the settings for your chosen programs, then
you probably don't have the skills to use it in the first place.

QSL doesn't work correctly with OmniMix without a particular
adjustment. Works well once that is done.

> > SugarBug | https://sybershock.com

In article <46612b96e0a09a1069cdd4597d85eab6@dizum.com>
Nomen Nescio <nobody@dizum.com> wrote:
>
> In article <789519ebbc7422d40353ecc7aead2834$1@sybershock.com>
> Syber Shock <admin@sybershock.com> wrote:
> >
> > FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse Users
> > and Hosts to Protect their Users
> >
> > "In May, Mastodon server Kolektiva.social was compromised when one of
> > the server�s admins had their home raided by the FBI for unrelated
> > charges. All of their electronics, including a backup of the instance
> > database, were seized."
> >
> > https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their
>
> I trust no one "encrypting" my info except myself. I use PGP. I don't
> trust any sites regarding their "end to end" or "military style"
> encryption. I don't even trust them when they tell me they use PGP.
> Their PGP is only as secure as THEIR key security.

Unless their data and / or data volumes are encrypted it doesn't
matter.

All the encrypted data transmissions in the world will not help
if the data / volumes are not treated the same.

This is how most of the darkweb drug dealers, killers and pedos
get busted, backend implementation security failures.

> As far as I'm concerned, you're on your own when it comes to security
> and encryption.

Pretty much. If it's left your possession, consider it
compromised.

On Sat, 12 Aug 2023 10:02:35 +0200 (CEST), Nomen Nescio
<nobody@dizum.com> wrote:

>In article <5a71062778adc815c630736ed50a4fcb@dizum.com>
>anonymous@anonymous.com wrote:
>>
>> In article <6ca719e599586955c909b1f2e366f7a9$1@sybershock.com>
>> Syber Shock <admin@sybershock.com> wrote:
>> >
>> > On Sat, 29 Jul 2023 17:02:33 +0200 (CEST)
>> > Nomen Nescio <nobody@dizum.com> wrote:
>> >
>> > > In article <789519ebbc7422d40353ecc7aead2834$1@sybershock.com>
>> > > Syber Shock <admin@sybershock.com> wrote:
>> > > >
>> > > > FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse
>> > > > Users and Hosts to Protect their Users
>> > > >
>> > > > "In May, Mastodon server Kolektiva.social was compromised when one
>> > > > of the server_s admins had their home raided by the FBI for
>> > > > unrelated charges. All of their electronics, including a backup of
>> > > > the instance database, were seized."
>> > > >
>> > > > https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their
>> > > >
>> > >
>> > > I trust no one "encrypting" my info except myself. I use PGP. I
>> > > don't trust any sites regarding their "end to end" or "military
>> > > style" encryption. I don't even trust them when they tell me they
>> > > use PGP. Their PGP is only as secure as THEIR key security.
>> > >
>> > > As far as I'm concerned, you're on your own when it comes to security
>> > > and encryption.
>> > >
>> >
>> > I have some ideas that have never been tried or published and they will
>> > make truly secure end-to-end messaging very easy for the
>> > point-and-click crowd. I might post about it sometime. Right now I'm
>> > busy with other things. Let's just say that true cryptographic security
>> > is possible, but the UX and the topology need to adopt certain
>> > principles that are counter-intuitive to most programmers.
>> >
>> > Something like Omnimix is neat, but massively far too complex and
>> > bewildering for use by the average Joe.
>>
>> I don't believe it! Somebody agrees with dummies like me regarding
>> Omnimix's the lack of usefulness for the average user. That's why
>> dummies like me still stick with Christman's Anon For Dummies: QSL
>
>Depends how you use it.
>
>If you're looking at OmniMix as one stop shopping for someone
>who knows nothing about the things it leverages, point granted.
>
>One the other hand, that's simply a matter of lacking
>documentation or guidance that I wouldn't expect Danner to
>provide. If you can't look at the excellent documentation
>available and adjust the settings for your chosen programs, then
>you probably don't have the skills to use it in the first place.
>
>QSL doesn't work correctly with OmniMix without a particular
>adjustment. Works well once that is done.
>
>> > SugarBug | https://sybershock.com

Simple dummies like me can stick with QSL w/Tor for Usenet. How much
more do we average non-tech dimbulbs need?

If one searches on the internet for financial, health or other
subjects which could be considered personal, Tor should take care of
that. I find that the number of sites that I can't enter with Tor are
few. If a site blocks Tor, I almost always find the needed info on
another site which does allow Tor.

On Sat, 12 Aug 2023 10:47:28 -0500, tracy@invalid.com wrote:
>If one searches on the internet for financial, health or other
>subjects which could be considered personal, Tor should take care of
>that. I find that the number of sites that I can't enter with Tor are
>few. If a site blocks Tor, I almost always find the needed info on
>another site which does allow Tor.

Tor Browser is more likely safer than so-called "hardened" browsers,
but even onion routing w/bridges is nowhere near as secure as simply
avoiding "red flag" websites altogether (e.g. social media, politics,
religion, military, activism, etc.); even the Tor Browser site urges
users to avoid browser extensions like you'd avoid the bubonic plague:
https://support.torproject.org/tbb/tbb-14/
>Should I install a new add-on or extension in Tor Browser, like AdBlock
>Plus or uBlock Origin?
>It's strongly discouraged to install new add-ons in Tor Browser, because
>they can compromise your privacy and security.
>Installing new add-ons may affect Tor Browser in unforeseen ways and
>potentially make your Tor Browser fingerprint unique. If your copy of
>Tor Browser has a unique fingerprint, your browsing activities can be
>deanonymized and tracked even though you are using Tor Browser.
>Basically, each browser's settings and features create what is called a
>"browser fingerprint". Most browsers inadvertently create a unique
>fingerprint for each user which can be tracked across the internet. Tor
>Browser is specifically engineered to have a nearly identical (we're not
>perfect!) fingerprint across its users. This means each Tor Browser user
>looks like every other Tor Browser user, making it difficult to track
>any individual user.
>There's also a good chance a new add-on will increase the attack surface
>of Tor Browser. This may allow sensitive data to be leaked or allow an
>attacker to infect Tor Browser. The add-on itself could even be
>maliciously designed to spy on you.
>Tor Browser already comes installed with one add-on -- NoScript
>https://noscript.net/ -- and adding anything else could deanonymize you.
>Want to learn more about browser fingerprinting? Here's an article
>https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
>on The Tor Blog all about it.
[end quote]

for casual users downloading some useful freeware program from, e.g.:
sourceforge.net, palemoon.org, audacityteam.org, sumatrapdfreader.org
or similar "content distribution network" hosted sites, such activity
may seem harmless, but it's a jungle out there and they really do own
the earth... "cloudflare", "google trust", "fediverse", "wall street"
(the name "fediverse" and pentagon-like logo looks inviting and safe)