What do we need to change about how we operate, now that the political environment is darkening?
The overall goals would be to safeguard user identities, ensure communication privacy, and protect against censorship and state surveillance.
User Anonymity and Privacy
- End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
- Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
- Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
Data Storage
- Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
- Ephemeral content: auto-deleting posts, messages, etc after a set period.
- Instance chooser that flags which instances are in unsafe countries.
- Defederate from instances in unsafe countries?
Communities
- Private communities - currently all are public
- Communities where every post is encrypted
- Approval process to join some communities
- Better opsec around instance owners, admins and moderators
What else?
I think encryption at rest for account data should be a thing, but there are better ways to communicate and organize if that’s what you’re trying to do
I think the biggest thing would just be making sure that it’s not easy for the government to get user data. So making signups without personally identifiable info would potentially be worthwhile, so that info can’t just be subpoenaed to identify users irl
Glossing over the fact that DOJ can’t subpoena instances like world as they are outside the US (but, like world, may be subject to EU GDPR) having an account without PII if your IP address is all over the servers isn’t going to save you.
You’re right, that’s very true.
Like I said, I don’t think it’s really what a platform like lemmy is for