How users of distributed SNS such as Mastodon, Misskey, Bluesky can protect themselves from government information collection

Distributed SNS such as Mastodon, Misskey, and Bluesky are characterized by the fact that each user can freely set up a server (instance). However, in the United States, another house investigation by the FBI has seized the management device of the Mastodon instance. In response to this situation, the Electronic Frontier Foundation is calling on instance administrators and users to protect themselves.

FBI Seizure of Mastodon Server Data is a Wakeup Call to Fediverse Users and Hosts to Protect their Users | Electronic Frontier Foundation
https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their

All major SNS services such as Twitter and Facebook are built on servers managed by operating companies. On the other hand, distributed SNS such as Mastodon, Misskey, and Bluesky allow users to freely establish instances, and different restrictions and management policies can be set for each instance. Instances of decentralized SNS may be hosted using cloud computing services such as AWS, but may also be hosted on machines installed by users at home.

In May 2022, one of the administrators of the Mastodon instance 'Kolektiva.social' was raided by the FBI on charges unrelated to running the instance. At this time, the FBI seized `` all electronic equipment '' including the machine where the operational information of `` Kolektiva.social '' was saved. The machine seized by the FBI contained personal information such as the 'email address', 'hashed password', and 'IP address' of the users who participated in the instance. Furthermore, when the house was searched, the administrator was performing maintenance work on the instance, and the information that should normally be encrypted was in the decrypted state.

According to the Electronic Frontier Foundation, Mastodon instances such as 'Kolektiva.social' may function as 'a receptacle for people monitored by law enforcement agencies.' In addition, the Electronic Frontier Foundation said, ``If the government legally collects information, it can use the collected information for criminal investigations unrelated to its original purpose.'' The information is frequently used, and the law also supports that the use of the information is lawful,' he said, emphasizing the importance of the information collected. In addition, the Electronic Frontier Foundation states the need for self-defense against information gathering from the government, and suggests ways for instance administrators and users to protect themselves.

◆ Instance administrator's self-defense
・Apply a firewall
・Limit the users who can access the server and database
・The server collects as little data as possible
・If it is necessary to save the access log, discard it after an appropriate period of time.
・Collect information about vulnerabilities in the distributed SNS code and update the server when a new version is released
Regularly publish clear transparency reports on how we respond to law enforcement requests for user information
・Contact users as soon as possible when information is requested by law enforcement agencies

◆ User self-defense
・Check instance information when joining an instance
・If the instance information or terms of service do not describe how to respond to law enforcement, request that the terms of service be updated.
・If you don't like the response of the instance administrator, migrate to another instance
・Use VPN or Tor if necessary
・Use a temporary email address