cross-posted from: https://lemmy.ml/post/1874605
A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.
And y’all thought China having your data was something to be afraid of.
To the people shitting on the idea of a default defederation with Meta, how about we deferedate not because it will affect us as posters but because they are evil pieces of shit?
yeah, the difference is pretty stark:
- lemmy: we’ll give you a way to dm anyone on site, but please don’t use that, if you set up an app on this other open source service we’re not affiliated with (which is basically an encrypted discord) we’ll do our best to make it as seamless for you as possible. we’ll keep warning you for your own privacy.
- meta/facebook: aggressively keeps you on-platform for spying purposes; literally killed xmpp a decade ago and they’ll fuckin do it again (if we let them)
They trust me. Dumb fucks.
- Mark Zuckerberg
(yes it sounds like satire but that’s a real quote)
The Lemmy DM is imo actually quite important. If I want to get in touch with someone about a post, nothing more. It is an easy option, and serves a purpose. It isn’t imo meant to be used for anything else.
yep, it’s important that we have this capability, but it’s also nice that unlike other platforms that do their best to lock you in, lemmy actively pushes you toward a safer alternative
What’s the name of that safer alternative?
Matrix, which is pretty much an encrypted and open-source Discord clone (at least in the same fashion as Lemmy would be a Reddit clone). I personally use Element to interact with it and have a matrix.org account, but Matrix is just like the fediverse, you can choose any instance or client you want, or even host an instance yourself. In your Lemmy settings you can set up your Matrix user, right below your email address as of 0.18.1, and if you do, a new buttons saying “send secure message” will show up on your profile, next to “send message”, which will redirect people trying to message you to Matrix.
Was it Facebook that killed xmpp or Google? Legitimately asking because I’ve always seen that blamed on Google.
It was Google, they Embraced, Extended, and Extinguished it with Google Chat. Then they killed that themselves.
correction: it was both! fedbook chat also supported xmpp at first, they never federated but you could at least use it with a jabber client. then when they had enough market share they killed it.
fun semi related fact is that whatsapp, at least a couple of years ago, was using modified ejabberd (ie an xmpp server) as the backend - so arguably they helped with EEE too.
google does seem to be the main culprit, but facebook still played a role as far as i’m aware. these two companies also colluded a lot so i wouldn’t trust either of them with anything federated
Yeah they can both get fucked. Cheers
XMPP was never alive lol
I mean I agree with Zuck on that one.
literally killed xmpp a decade ago
This was Google/Alphabet.
How on earth did Meta kill XMPP, where is that even from lol. They didn’t even have a standalone messaging app until 2011, which is after Google Talk dropped support for XMPP.
Some game-of-telephone misinformation originating from this article - though it has gone from Google killed it (which this article states), to it was a protocol that allowed Facebook and Google to communicate and then got killed, to Facebook killed it.
my understanding was that while google is the main culprit, facebook and google both played a big part in killing it. but since we’re discussing meta/facebook here, and they’re not blameless, i focused on that.
but yeah, fuck google too.
they’re not blameless
I think we should try to do better here and provide actual reasoning to our statements instead of unbridled rage, regardless of the topic, because this isn’t valuable content. I work in an adjacent industry and I believe that a lot of what people have said lately about this topic is overly sensationalized and I don’t mind discussing it, but “fuck Meta/Google because they’re evil” is subjective as hell and gets us nowhere except back to Reddit culture.
This discussion pyramid was a good post from the other day:
https://lemmy.world/pictrs/image/b48a0a91-c7a3-4cc5-a117-6deceedde205.png
Your comments are “ad hominem” at best.
Saying distrust is an ad hominem is one of the takes ever, lol. And that’s what all of this boils down to, trust. Do we trust Meta with not exploiting all of our data, and turning it against us at the earliest opportunity? Do we trust Meta that they want to contribute to the fediverse, and not just hurt it because it’s a competitor?
By the same logic, blocking or banning a person instead of vetting every post and comment of theirs would also be an ad hominem. But at the end of the day, it’s just practical. Meta has a long and not so proud history of being extremely anti-consumer, and shoving that track record under the rug, trying to absolve them of responsibility and consequences for their actions, under the thought-terminating cliche of an ad hominem is neither productive nor practical.
Yes, people are mad at Meta, and yes, the distrust means their actions are scrutinized more than they otherwise would be, but that doesn’t mean that their actions aren’t actually massively anti-consumer, and that they aren’t a massive liability. In this particular case, you can make the argument that they had a legal obligation to hand over the data, had they not tried to build a walled garden with no privacy they wouldn’t have had the data to hand over to begin with.
(also, unrelated: you can embed images using the
syntax, and you can even add alt text in the brackets to help users with screen readers)I think the simpler answer is more likely to be correct. The Fediverse isn’t big enough to really bother Meta, but ActivityPub is a convenient way to seem cool, so they’ll partially support it as long as it doesn’t cost them all that much. Once the marketing gimmick has run it’s course, they’ll drop it.
I think the same was true for XMPP. I don’t think they planned to kill XMPP and I don’t think they plan to kill ActivityPub. But they did kill XMPP, and they’ll probably kill ActivityPub by accident as well when they support it just well enough to pull people over.
So I’m not worried about some Meta conspiracy to kill ActivityPub, I’m worried about getting steamrolled on accident for a similar reason that people don’t want to share locations of where they took pictures: they don’t want the big mass of people coming to destroy something unique.
So my recommendation is to push for making everything E2E encrypted by default, and have every message cryptographically signed by the contributor. If there’s something ad companies hate it’s privacy, and that’s what we should be pursuing. I’m not sure how that works for Lemmy, but surely there’s a way for instances to manage who can decrypt messages.
Saying distrust is an ad hominem is one of the takes ever, lol.
It is literally ad hominem, that is the definition. We aren’t discussing whether we can trust Meta or not, we’re discussing a specific topic.
By the same logic, blocking or banning a person instead of vetting every post and comment of theirs would also be an ad hominem.
It definitely is, but again, we aren’t discussing a person or an entity, we’re discussing a topic related to that person or entity. This isn’t a discussion on whether Meta should be defederated or not, frankly that’s simple, just join an instance that defederates with Meta or don’t, or build your own! There’s a ton of freedom here.
And I’m not saying ad hominem arguments can’t be used, but when an argument is entirely made up of ad hominem points while discussing a specific topic it isn’t a good argument.
Also, side note, as for trust I definitely don’t think we can trust corporate entities, but I also don’t think we can entirely trust the Fediverse as it exists already. We know there’s been an influx of bot accounts, moderation tools aren’t great yet, and every platform attracts bad actors.
(also, unrelated: you can embed images using the
syntax, and you can even add alt text in the brackets to help users with screen readers)Thanks for the tip! Haven’t been able to get that working well here, I think I was missing the exclamation mark.
in a thread where we’re discussing how meta helped religiofascists violate someone’s human rights “meta is evil” is a summary, not an ad hominem
That’s literally nowhere in this chain of comments.
Removed by mod
Fine, their comments are nonsense that aren’t based in reality and the Fediverse and it’s communities will suffer the fate of every other echo chamber shithole social media if it’s moderators don’t take action and make a conscious decision to tackle misinformation, regardless of whether or not it fits their personal bias. Better?
I don’t even agree that Google killed it, because it’s simply a messaging protocol, it doesn’t “die”. Maybe you could try to argue that Google killed Jabber, but I used Jabber back in the early 00s, pretty much nobody else did lol, almost all IM communication was done over MSN Messenger. Google Talk brought XMPP “users” and they left when Google sunsetted Talk in favour of Hangouts. Facebook Messenger used XMPP for a time, so if anything they “revived” it (they didn’t, it was never dead), but, like all the other messaging apps, they moved to their own proprietary version to add their own features.
This is what XMPP was actually designed for, the X literally means “eXtensible”, whether it’s extended open source or into proprietary versions.
I feel like there’s a lot of anti-tech misinformation on Lemmy and it’s great to be skeptical, but honestly I think we waste a ton of time being easily ragebait’d into the wrong shit.
Discord killed Compuserve!
Yeah Google is more to blame for that. When they defedarated it was pretty much the end of XMPP. From what I remember, Facebook used the protocol but never opened their service for federation.
That was a quote from 13 years ago when he didn’t know how massive his enterprise would become. People change.
As for him, he became more evil.
People change, but the Zuck clearly isn’t people. My money is on time-traveling robot.
I bet lizard man personally, he just feels slimy a reptilian.
But also fuck these laws and the people passing them and the people voting for the people passing them. They’re the real evil.
We have to always assume rich corporations are going to do whatever serves their best interest. It’s nature. Like a mantis is gonna bite off her mate’s head when they’re done mating. It’s up to governing factors to keep them in check. On that note, +1 to defederate. They will cannibalize or however abuse Lemmy if it will make them a penny.
This. I don’t need to win, I just want Meta to lose.
And even if what I do is relatively tame, I want others to be protected from the wolf at the door.
I think we’re realizing more and more any corporate-operated platform is luring us in to sell to us and sell us.
I vote to write this reasoning at the very top, on the sticked topics when it happens. Like, literally just write “Because Facebook is evil” and don’t elaborate.
Plus, if someone shows up being a concern troll on the point, they will laser focus on it, taking the bait, we can all just block the person, a world improved.
Are you saying that the individuals who run these servers and instances aren’t subject to the same laws? I read the article, and Facebook complied with a court order.
You don’t think anyone running Lemmy would do the same without access to lawyers and capital like Facebook has?
Do you have to run your lemmy instance in the US?
Maybe do it in a less backward place
Every interaction on Lemmy is copied to all other federated instances. There are instances all over the world with a copy of yours and my comment. They can track and use those comments for any purpose. Its both a blessing and a curse of an open federated structure.
they can also scrape them. that’s not really the point.
people can dm on lemmy, and only the two instances that host the people on either end of the dm (which may even be the same instance) store that dm. that instance may actually receive a subpoena. but all of this is heavily discouraged by the lemmy interface itself, instead prompting people to set up a matrix account instead, and matrix chats are end-to-end encrypted.
Its a social platfrom. Dont use it for personal communications.
Not disagreeing with you there.
Almost all countries have similar systems for obtaining evidence. These people were criminals, they broke the law and the legal system worked as designed to bring them to “justice”. Meta was just a pawn here with very little influence.
If this story was about a murder rather than an abortion people would think that Meta did the right thing to bring the murderer to justice. As I see it the problem is that people disagree with the law and are using Meta as a scapegoat. But you don’t fix stupid laws by having corporations go vigilante. I’d rather not have billionaires coming up with their own set of laws, that is a recipe for disaster. I think we need to fix the laws, which will fix the root cause of this issue.
Also use E2EE for all private information, cryptography can’t be compelled to reveal your private data by a court order.
Do you think people who collaborated with dictatorial regimes should be excused? Because they followed the law?
Why didnt Meta implant E2EE on their private chat service then?
This is what I can agree with. We could blame Meta for encouraging people to give them data. Messenger does actually have E2EE encryption (apparently) but it is quite hidden and limited in functionality. If they made it the default this wouldn’t have been a position they ended up in, and they could have responded to the warrant with “We have no information matching this request.”
If they truly encrypted all chats, they would lose their value to them since its unreadable to meta as well.
Because they use what you say to tagert ads and keep a record of who you are. That’s how they make money.
Which goes back to… You’re just a product. Stop using large platforms for personal shit. That’s their business model, how is it evil if most people know these companies rely on stealing as much information from you as they legally can AND they still use them.
And how can we be sure that all the instances federated with any instance we participate on aren’t run by law enforcement themselves? I’d be surprised if there aren’t running instances by every major investigative agency themselves.
This is why everyone should take steps to protect their privacy. You don’t have to go 0-100 overnight. Just audit yourself and do a few things now. Keep those habits up. Then audit and add a few more things, repeat.
I need to do this myself, I’ve been slipping
Lemmy promotes using Matrix, which is a separate service, so instance admins don’t need to be in the business of hosting private conversations.
Matrix is end-to-end encrypted so even the admins of your Matrix server could not provide your chats to law enforcement.
I wish Lemmy was as well. Ah well.
It’s not really possible as long as Lemmy is a website. E2EE works on Matrix because it’s an app, and therefore it can manage your encryption keys in ways a browser cannot do for you. (You can save things in the client, but not in a reliable enough way for something like the master key for every communication you ever had that if you lose you get locked out of all your chat history.) In the case of Lemmy, the signing keys for your federated actions are handled by the server, which is perfectly fine for 99% of what you use Lemmy for (public posts and comments), but it also means that even if they implemented E2EE for chats, the keys to decrypt the convo would be right on the same server.
That’s why Lemmy actively pushes you to set up a Matrix account, because Matrix makes better tradeoffs for the purposes of messaging, while Lemmy’s tradeoffs are more relevant to a link aggregator style social media.
Matrix is also a website and you don’t need an app to use it. The first time I used Matrix, I didn’t use an app, I merely signed in on a browser window. I first signed up on my work laptop, then later signed in on my desktop and had to confirm the new account on my laptop before my desktop would work with the same account.
The more devices it’s on the better, but it’s totally usable with just one web client.
If Matrix can do that, lemmy can as well. It would probably degrade the user experience because you’d need a decryption step for every post and comment you load (just like loading a new Matrix room), but it is technically possible.
I’m not necessarily asking for every comment to be encrypted, I just think it would be a good idea for DMs to be encrypted using keys the admin doesn’t have access to. It would be cool for communities to allow encryption as an option as well (i.e. all posts and comments would be E2E encrypted to all members, and not viewable unless you join), but it shouldn’t be the default everywhere.
Complying with the law is less of an issue than keeping that data accessible in the first place.
Any Lemmy instance would have given over the same information in this case. Meta was complying with a valid, legal search warrant.
If some fuckstick from Nebraska asked me to snitch on my users for something which isn’t a crime in my state, I would simply tell them to fuck themselves, go ahead, and try to have me extradited. If my instance were bordering on a trillion dollars market cap, I’d hire a fucking lawyer.
You sound tough.
No you wouldn’t.
Ya. That’s fucked. Just ruin someone’s life like that. Holy fuck.
I totally agree with your sentiment… However they don’t have a choice. They are legally obligated to turn that information over if they are served a warrant. Doing anything less is obstruction at the very least and they could be shut down and put into receivership.
The fault here is with the two individuals trusting a corporation to keep data private and to put the individuals interests ahead of the corporation. Neither is a realistic expectation.
they could have made their shitty DM system end-to-end encrypt messages by default, instead of burying that feature[0] in chat settings
or, they could have used their MASSIVE wealth and lobbying power to directly fight the warrant in court (if there even was one, they have a long history of just requiring a form ostensibly signed by any cop to turn over private data)
or they could have just lied and said they couldn’t find the data
I don’t disagree that people shouldn’t trust Facebook but saying “they don’t have a choice” is absurd
[0] https://www.facebook.com/help/messenger-app/786613221989782
Because it will bring more people to the fedi while bringing a ton more content, support and development. How are people this blind still?
Give the choice to the users and don’t decide what you think is best for them.
What good is that bloated userbase if it’s just dead or abandoned accounts? If anything, they are more likely to just ctrl + C > ctrl + V their users as well as their privacy policy on their client, which doesn’t really help anyone. Besides, can facebook really be trusted to play by the rules?
That’s just straight up not true. Also I hope you are aware how Hot/Active/Top sort works. Let that decision be left up to the users instead of forcing your misinformation on to them.
yo by any chance do you got some stuff I could look into when it comes to how the fediverse works and how threads works as well? If I am wrong, I want to at least see why and also because Yeah to an extent I am kinda assuming stuff based on the comments I’m reading as well as what I personally think.
Well active and hot stuff shows new content and stuff that is being upvoted and commented on. They also tend to drop in time to be replaced by new content and so old content isn’t perpetually on the front page. So if it’s only active stuff showing up, dead accounts on threads would never show up or really affect anything, right? They’d just be buried in Meta’s huge database.
When you oppose the left-wing, you’re defending this.
I’m almost certain that if something like this happened to any fediverse instance - that a local police enforcement would contact the admin and asked for user’s data, which they are required by law to provide or they would go to jail/get a hefty fine and possibly a criminal record, they would do that too. That’s also why E2E is required, to prevent such problems for instance admins - but then again, there’s really nothing you can do against local law, and if it requires that you have to be able to cooperate, well… Then there’s not much the admin can do, without putting himself in a real risk of prosecution, because he is breaking the law by have E2E.
That’s also a good reason to be careful when selecting your home instance, and making sure that you choose one in a country that has all right laws in that regard.
Of course, that’s assuming the police makes contact. I don’t suppose that the admins would be searching through the DMs of people to snitch on them. And if Meta is doing that preemtively and is actively snitching on people - that’s downright evil.
the fediverse is not meant to be private…
EDIT: I though you are replying to the comment about just hosting single-user instances, and assumed that you meant that if everyone had their own single use private instances, it would be against the fediverse idea. Sorry about that.
I wouldn’t say that’s making the fediverse private - it’s only making my personal account and data about what I visit private. That’s what the ActivityPub protocol is for, and the more I think about it, the more I hope that some kind of app would show up - one that would be designed to just act as a personal front-end for the Fediverse, which would allow you to interact as a user from your instance with others, but also one that would keep all of your data, which are currently at mercy of your instance admins, at your personal instance.
Of course, you still need people to host instances that are actually made for communities and content, and that’s what Lemmy or Mastodon is designed for - but I’d like to see a Fediverse app that isn’t made for hosting content, but only for letting you interact with other instances. There’s no drawback - quite the contrary, instance admins don’t have to deal with and take care of my private data, because my instance is handling all of that, while I still will be providing content for their instance. I think that definitely fits into the idea of what Fediverse should be.
The only thing I’m not sure about yet is if it’s possible - if I create a Post on an instance that’s not my home, who is hosting the data? Do I only send ActivityPub Create Post with the data and the instance then saves it, or do I create the post on my own instance, send an ID, and if someone requests the Post data on the instance I posted to, it will be requested from mine? Because if it’s the first one, then such a client that only implements DMs, your own user account, and a frontend for showing posts on other instances would be doable. And definitely something important, because it solves the biggest privacy issues of Lemmy right now. I see no drawback in that - the only data I would not be in control of are the ones I post to other instances, but that’s ok. And even if you would be the one hosting it, all it means is that it would be a little bit harder do host it yourself.
Also, if I understand the ActivityPub right, if you’re ok with not getting notifications or DMs, your personal instance wouldn’t even need to be online at all times, since you only request data about communities and posts when you are browsing. But this would depend on whether the content and comments are hosted at your instance, or at the instance you are commenting or posting to.
I really like this idea. And from what I’ve seen of the ActivityPub protocol, it should even be that hard, aside from the UI.
Generally, choose any instance hosted in European Union and you should be good to go.
I honestly think the trick for E2EE is to just collect so little, that even by complying, you can’t give them very much. That trick has worked really well for Signal in the past.
PSA: I’m neither American nor a lawyer, but AFAIK, US law forbids the indiscriminate investigation of foreign individuals to prosecute US citizens, so having your account in a foreign instance is one more layer of protection.
Have you heard of the CLOUD act?
Single user instance locally hosted, is the only way forward
I hear what you’re saying. We have to take to the sea. We should all pitch in and make a mega instance that floats on international waters.
E2E is technically illegal for any interstate communications in the USA, since refusal to comply with a wiretap order will put you in jail for contempt, regardless of whether the medium allows for interception or not.
How do communication apps get away with E2E in the US then? Is there a backdoor that allow for companies to comply or does law enforcement seek alternative means of obtaining the information?
There aren’t any US based e2e messaging or voice services as far as I know.
deleted by creator
I thought messenger was end-to-end encrypted, at least according to Facebook. How were they able to hand over the chat logs? The messages should be encrypted with a key that is itself encrypted with user’s password, which Facebook doesn’t store.
What am I missing?
this is pretty disgusting even for Facebook
Just yesterday here on Lemmy, I mentioned the dangers of violating privacy, and some commenters went on about “what dangers?” Implying there were none…
Is it not enough to gesture broadly?
Gonna Re-Share this resource… PLEASE forward to individuals who may need it! https://www.eff.org/deeplinks/2022/05/digital-security-and-privacy-tips-those-involved-abortion-access
Gonna Re-Share this resource… PLEASE forward to individuals who may need it! https://www.eff.org/deeplinks/2022/05/digital-security-and-privacy-tips-those-involved-abortion-access
thank you!
America fuck yeahhh 🇺🇸🇺🇸🇺🇸🦅🦅🦅🦅
There is no way for these companies to say no to law enforcement. That is why you should stay away from corporate social media.
Meta needs to be destroyed. No organisation, person, or people should hold that much power.
As much as I dislike corporations, the conservative parties and judges deserve as much, if not more, blame for this.
which prompted the state to issue Meta with a search warrant for their chat history and data including log-in timestamps and photos. Meta complied with the request
They followed the law. Which they have to do.
This is an issue primarily with the law. It’s not like Meta proactively shared that data.
There’s huge issues with Meta. But they’re mostly beside the point here, and certainly not the problematic power at play here.
Deflecting from law makers, courts, and prosecution to just Meta is misplaced and counter-productive.
If there were actually end to end encryption on the messages, they wouldnt have the ability to decrypt the messages for the government when asked. So either A. Meta lied about their encryption, or they are lying about storing users passwords which is arguably worse as many use passwords for multiple uses even when we know we shouldn’t. If Meta is required to not use encryption then once more I agree users should not use them for any personal messaging. Which is what it sounds people are preaching against here.
Was the form of private messages disclosed? Does meta claim end to end encryption on Facebook/Facebook messenger? That would be new to me.
Having to provide back doors is another issue with the law/government and courts, not Meta or their power.
IMO lying is not an issue of power as the commenter I replied to mentioned. They implied Meta was the perpetrator, the active part in all this. When in fact they either followed law or followed the law while being a shitty company. But they’re not the active part, the cause in this ordeal.
Well, don’t use Facebook to talk about doing things that are illegal. Why do people not use common sense?
People are getting all upset at Facebook/Meta here but they were served a valid warrant. I don’t think there is much to get mad about them here. The takeaway I get is this:
Avoid giving data to others. No matter how trustworthy they are (not that Meta is) they can be legally compelled to release it. Trust only in cryptography.
There is of course the other question of if abortion being illegal is a policy that most people agree with…but that is a whole different kettle of fish that I won’t get into here.
“I gUeSs IlL use ThReAdS. WhAts ThE hArM” /s
America is a terrifying church with guns. I pity the citizens.
Every country has the anti-abortion cancer movement and it wouldn’t surprise me if the shit gets more serious here in Europe too with the rise of far right parties. As a matter of fact you have only to look at Poland.
We’ll keep saying that can’t happen here right up until it happens
Y’all better be careful
Ms Smith goes to Washington?
Women’s reproductive rights are strongly supported in Canada, but that doesn’t stop one of the main national parties playing coy with a commitment to not reopen the debate.
To be fair, it seems most Americans support women’s reproductive rights as well, with a referendum in Kansas passing with 59%.
It’s gerrymandering and the Supreme Court that are changing things down there.
This isn’t purely anti-abortion pearl clutching in this instance. Where this occurred it is perfectly legal to have an abortion into the 20th week of pregnancy.
Fetuses are viable outside the womb at 24 weeks.
They killed the fetus with meds at 28 weeks, the pregnant 17 year old still went through labor (with no medical supervision due to how they chose to do this), they burned he remains, and then buried them on a farm.
deleted by creator
That’s a massive oversimplification of things. Intentionally removing nuance doesn’t help people.
More response in my other reply to your similar message
I cannot feel any less hopeless for my country
“Less hopeful”, maybe?
