This is an alert for Kolektiva.social users. Please read this post in its entirety!
In mid-May 2023, the home of one of Kolektiva.social's admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest.
Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an *unencrypted* state when the raid occurred and it was seized, along with everything else.
The database is the heart of a Mastodon server. A database copy such as the one seized may include any of the following user data, in this case up to date as of early May 2023:
- User account information like the e-mail address associated with your account, your followers and follows, etc.
- All your posts: public, unlisted, followers-only, *and direct ("DMs")*.
- Possibly IP addresses associated with your account - IP addresses on Kolektiva.social are logged for 3 days and then deleted, so IP addresses from any logins in the 3 days prior to the database backup date would be included.
- A hashed ("encrypted") version of your password.
We sincerely apologize to all our users and regret this breach. In hindsight, it was obviously a mistake to leave a copy of the database in an unencrypted state. Unfortunately, what would otherwise have been a small mistake happened to coincide with a raid, due to bad luck and spectacularly bad timing.
We understand that our users and other people on the Fediverse will have a lot of questions. We will try to answer them as best we can, but please be patient and bear in mind that we may be overwhelmed with messages, and may be delayed in responding or unable to provide answers to certain questions for legal or technical reasons. As a security culture reminder, it can be extremely harmful to the individuals charged and to our community to openly speculate on the Internet about alleged criminal activity or about what law enforcement may be able to do with seized data. Our present awareness is that the seized Kolektiva data is unrelated to the federal investigation and prosecution and we are exploring legal avenues to have the seized data returned and copies destroyed.
Thank you for your understanding and solidarity
Two additional points:
If you are a kolektiva.social user and have already enabled Two-factor Authentication on your account you should also reset that, just like your password. (Also consider that it's a good idea in general to set up Two-factor authentication, if you are able, to secure access to your account!)
Some users have asked or pointed out, and yes it is the case that the database copy would also include cached copies of posts from users on other instances in the Fediverse, and this includes direct posts or "DMs" which were sent to or included a Kolektiva.social user.
We welcome suggestions on how to most effectively notify (a lot) of Fediverse users in general of this, but we also ask for other instance admins to help by communicating this to their own users if it seems appropriate
Update: the RSA signing keys for every account on kolektiva.social have now been rotated.
@admin thank you all for the detailed explanation and advice, changing password now. Please let us all know if we can contribute to legal defense for the admin who was raided
@admin You did the very best for us all. Thank you very much for taking quick actions and the whole amount of information posts! <3
@admin thank you
@admin A negative of 2FA by the common phone method is this: it makes it easier to prove ownership of your phone. This matters when you do not use contract phones, use only prepaid phones, use only cash, and start over with a new SIM if you run into trouble requiring dealing with human customer service.
Any site offering 2FA should also offer tokens storeable to a flash drive, which replace the SMS messages. That way the "what you own" part of 2FA is a flash drive with a unique random number on it, not a phone. This is considered one of the highest security methods
@admin cool but why did y'all wait nearly two fucking months to tell us something that should've been revealed same-day
@admin this wasn't a rhetorical question & it's something none of y'all have explained which shows not one of y'all is actually qualified to be handling something as sensitive as radical server instance
Your silence, incompetence, lack of accountability is driving people away from the instance while y'all act like this is normal & people praise you for being unpaid admins endangering us all with wildly irresponsible data practices & absolute lack of a duty-to-inform
People send out alertas within 24 hrs if they even get an FBI door knock
one of y'all got raided & we weren't told for 2 months and y'all just go "sorry, things have been hectic lol uwu"