cross-posted from: https://lemmy.ml/post/1874605
A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.
Are you saying that the individuals who run these servers and instances aren’t subject to the same laws? I read the article, and Facebook complied with a court order.
You don’t think anyone running Lemmy would do the same without access to lawyers and capital like Facebook has?
Lemmy promotes using Matrix, which is a separate service, so instance admins don’t need to be in the business of hosting private conversations.
Matrix is end-to-end encrypted so even the admins of your Matrix server could not provide your chats to law enforcement.
I wish Lemmy was as well. Ah well.
It’s not really possible as long as Lemmy is a website. E2EE works on Matrix because it’s an app, and therefore it can manage your encryption keys in ways a browser cannot do for you. (You can save things in the client, but not in a reliable enough way for something like the master key for every communication you ever had that if you lose you get locked out of all your chat history.) In the case of Lemmy, the signing keys for your federated actions are handled by the server, which is perfectly fine for 99% of what you use Lemmy for (public posts and comments), but it also means that even if they implemented E2EE for chats, the keys to decrypt the convo would be right on the same server.
That’s why Lemmy actively pushes you to set up a Matrix account, because Matrix makes better tradeoffs for the purposes of messaging, while Lemmy’s tradeoffs are more relevant to a link aggregator style social media.
Matrix is also a website and you don’t need an app to use it. The first time I used Matrix, I didn’t use an app, I merely signed in on a browser window (in my case, Mozilla’s instance). I first signed up on my work laptop, then later signed in on my desktop and had to confirm the new account on my laptop before my desktop would work with the same account.
The more devices it’s on the better, but it’s totally usable with just one web client. I now also have the phone app, but I didn’t at first.
If Matrix can do that, lemmy can as well. It would probably degrade the user experience because you’d need a decryption step for every post and comment you load (just like loading a new Matrix room), but it is technically possible.
I’m not necessarily asking for every comment to be encrypted, I just think it would be a good idea for DMs to be encrypted using keys the admin doesn’t have access to. It would be cool for communities to allow encryption as an option as well (i.e. all posts and comments would be E2E encrypted to all members, and not viewable unless you join), but it shouldn’t be the default everywhere.
Do you have to run your lemmy instance in the US?
Maybe do it in a less backward place
Not disagreeing with you there.
Almost all countries have similar systems for obtaining evidence. These people were criminals, they broke the law and the legal system worked as designed to bring them to “justice”. Meta was just a pawn here with very little influence.
If this story was about a murder rather than an abortion people would think that Meta did the right thing to bring the murderer to justice. As I see it the problem is that people disagree with the law and are using Meta as a scapegoat. But you don’t fix stupid laws by having corporations go vigilante. I’d rather not have billionaires coming up with their own set of laws, that is a recipe for disaster. I think we need to fix the laws, which will fix the root cause of this issue.
Also use E2EE for all private information, cryptography can’t be compelled to reveal your private data by a court order.
Do you think people who collaborated with dictatorial regimes should be excused? Because they followed the law?
Why didnt Meta implant E2EE on their private chat service then?
This is what I can agree with. We could blame Meta for encouraging people to give them data. Messenger does actually have E2EE encryption (apparently) but it is quite hidden and limited in functionality. If they made it the default this wouldn’t have been a position they ended up in, and they could have responded to the warrant with “We have no information matching this request.”
If they truly encrypted all chats, they would lose their value to them since its unreadable to meta as well.
Because they use what you say to tagert ads and keep a record of who you are. That’s how they make money.
Which goes back to… You’re just a product. Stop using large platforms for personal shit. That’s their business model, how is it evil if most people know these companies rely on stealing as much information from you as they legally can AND they still use them.
Every interaction on Lemmy is copied to all other federated instances. There are instances all over the world with a copy of yours and my comment. They can track and use those comments for any purpose. Its both a blessing and a curse of an open federated structure.
Its a social platfrom. Dont use it for personal communications.
they can also scrape them. that’s not really the point.
people can dm on lemmy, and only the two instances that host the people on either end of the dm (which may even be the same instance) store that dm. that instance may actually receive a subpoena. but all of this is heavily discouraged by the lemmy interface itself, instead prompting people to set up a matrix account instead, and matrix chats are end-to-end encrypted.
And how can we be sure that all the instances federated with any instance we participate on aren’t run by law enforcement themselves? I’d be surprised if there aren’t running instances by every major investigative agency themselves.
This is why everyone should take steps to protect their privacy. You don’t have to go 0-100 overnight. Just audit yourself and do a few things now. Keep those habits up. Then audit and add a few more things, repeat.
I need to do this myself, I’ve been slipping
Complying with the law is less of an issue than keeping that data accessible in the first place.