Discussions related to Infosec.pub

1121 readers

1 users here now

founded 1 year ago

MODERATORS

jerry@infosec.pub

Threadiversal Travel - A guide for Lemmy, Kbin and general Reddit off-ramping (shellsharks.com)

submitted 1 year ago by shellsharks@infosec.pub to c/infosecpub@infosec.pub

3 comments fedilink hide all child comments

Hey pub-folk, I've recently published my take on the "threadiverse" in the form of a quasi-guide but with some other commentary. Appreciate any feedback, good or bad!

you are viewing a single comment's thread
view the rest of the comments

[–] udunadan@infosec.pub 5 points 1 year ago (1 children)

Such guides should probably warn that instances run by volunteers do not have dedicated security teams and that OPSEC has to be adjusted accordingly. Not that centralized services are essentially safer (they are juicier targets), but nevertheless it is still important to remember.

[–] shellsharks@infosec.pub 2 points 1 year ago

Yeah, I'll have to think about how to approach this issue but I do agree. It goes beyond this too imo. Since these are volunteer-run, effectively non-profit instances, not only is there not security capabilities outside whatever is offered natively within the software, but there's nothing stopping your instance admin from acting maliciously or abandoning the server or w/e. This introduces some fragility for sure. One "answer" would be to self-host but this is A. not feasible for most and B. not sure how scalable it would be for EVERYONE to have isolated instances of everything. At the end of the day you need volunteers or non-profit orgs to host these sorts of things and do so in a way that is reliable, privacy-focused, human-centric, etc... I feel like I could have a whole separate other post about this sort of thing (and I know a lot of discussion on Mastodon has already been had on the subject).