When Elon Musk took over Twitter and started getting on people’s nerves, some users left to join Mastodon. Unlike Twitter, Mastodon is a federated network where individual servers run by different people interact using the Mastodon software. Now, one server admin has been raided and plenty of unencrypted user data is now in the hands of the FBI.
Unlike Twitter and Facebook which have their own legal teams, follow laws such as GDPR, and can overall be considered professional, just about anyone with technical know-how can set up a Mastodon instance.
This is exactly what the admins over at Kolektiva.social have done and now one of them has been raided and charged by the FBI for activities unrelated to Mastodon. To top things off, the admin in question just happened to be troubleshooting an issue and working with a backup copy of the server’s database which was in an unencrypted state when the raid took place and it was seized.
According to the admin who reported the incident, the raid took place in mid-May and the backup was dated from the first week of May. User data that the FBI will now have access to includes:
- User account information like the e-mail address associated with your account, your followers and follows, etc.
- All your posts: public, unlisted, followers-only, *and direct ("DMs")*.
- Possibly IP addresses associated with your account - IP addresses on Kolektiva.social are logged for 3 days and then deleted, so IP addresses from any logins in the 3 days prior to the database backup date would be included.
- A hashed ("encrypted") version of your password.
The admin that announced the capture of his comrade (Kolektiva is an anti-colonial anarchist collective) said that as a precaution users should change their password to something “new, unique, and strong” and change their two-factor authentication if they had that switched on.
The most damaging impact on users is probably the seizure of private DMs and their IP addresses. In the case of the DMs, users on other Mastodon instances could be affected with regard to any messages they sent to Kolektiva users.
While federated platforms like Mastodon are nothing new, many mainstream users are only just coming into contact with them. One of the new issues people need to think about is whose server they join. Do you trust anarchists with your data and ones that have come under the suspicion of the FBI?