What do we need to change about how we operate, now that the political environment is darkening?
The overall goals would be to safeguard user identities, ensure communication privacy, and protect against censorship and state surveillance.
User Anonymity and Privacy
- End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
- Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
- Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
Data Storage
- Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
- Ephemeral content: auto-deleting posts, messages, etc after a set period.
- Instance chooser that flags which instances are in unsafe countries.
- Defederate from instances in unsafe countries?
Communities
- Private communities - currently all are public
- Communities where every post is encrypted
- Approval process to join some communities
- Better opsec around instance owners, admins and moderators
What else?
Wait I thought we use disposable emails. Is there some rule against it oops. And which instance wants a phone number?
The way I see it there are 5 ingredients: VPN, disposable email, doxx aware usage, no phone numbers, random browser fingerprint.
Then from the Lemmy side that’s pretty private. all depends on your vpn and email providers. Choose no logs services from the countries that don’t have relations with the country you are in.
I imagine some Lemmy instances also could have logging off in the countries where it isn’t necessary by law to store such things.
I guess there are those kinda timing attacks that check ISP logs against some user web activity but are they really realiable? In which case though you could have a mode that would make a comment/post after a random delay.
Yes this is a good minimum. We need our instance-chooser guides/websites to surface this information so people can make choices about which instances they join.
Currently if you go to https://joinmastodon.org/servers or https://join-lemmy.org/instances there is no way to filter for VPN compatibility, allowing disposable email, logging policy or legal jurisdiction (in the case of join-lemmy). Or political alignment, defederation policy…
Instances.social surfaces some of the server rules into a nice UI for mastodon instances but yeah, those things you mention would also be nice.