It’s really up to you how you set up your server and the datastore. This has nothing to do with Hollo. Again, there’s no difference between this and running a Mastodon server that will also need infrastructure like a db to back it.
I don’t know what to tell you, but this is how modern internet works. Also, nobody is forcing you to get a server in a jurisdiction where US has access to. Meanwhile, any traffic is encrypted via HTTPS, so the provider can’t actually log it. It sounds like you have a very superficial understanding of the subject you’re debating here.
This has nothing to do with the original topic of discussion or Hollo in particular. You’re now arguing about pros and cons of using a VPS service. I also have no idea why you keep making statements like “not having everything encrypted on a server you don’t own is a massive flaw”. You absolutely can have everything encrypted running a VPS. You don’t understand the subject you’re discussing.
How would encryption even make sense here? Up to the server, everything is protected via TLS. And if you don’t trust the server provider, you can encrypt all you want, but they can just read out the RAM of the VPS or they could have backdoored the bare metal hardware to do the same. As long as the server has to somehow work with the data in question, the decryption keys have to be somewhere in there.
And what do you mean by code integration? We’re talking FOSS here, how could someone prevent me from removing any “is everything encrypted?” checks in Mastodon?
Also, what does the encryption on other federated instances even matter? Without having any in depth knowledge about Mastodon, your user agent will hardly be sent to other instances, and when and what you posted is meant to be visible.
They’re not almost the same thing at all, and your whole position is weird given that the context is social media which is fundamentally content people want to publish publicly.
Nope, everyone blindly trusts AWS/Crimeflare/etc. to MITM all their traffic, storage and servers and never happen to do anything bad or leak any data. One day it’s going to bite everyone in the ass.
Even when you use AWS’s encryption feature for the VM itself, they hold the keys for you.
deleted by creator
It’s really up to you how you set up your server and the datastore. This has nothing to do with Hollo. Again, there’s no difference between this and running a Mastodon server that will also need infrastructure like a db to back it.
deleted by creator
I don’t know what to tell you, but this is how modern internet works. Also, nobody is forcing you to get a server in a jurisdiction where US has access to. Meanwhile, any traffic is encrypted via HTTPS, so the provider can’t actually log it. It sounds like you have a very superficial understanding of the subject you’re debating here.
deleted by creator
This has nothing to do with the original topic of discussion or Hollo in particular. You’re now arguing about pros and cons of using a VPS service. I also have no idea why you keep making statements like “not having everything encrypted on a server you don’t own is a massive flaw”. You absolutely can have everything encrypted running a VPS. You don’t understand the subject you’re discussing.
deleted by creator
How would encryption even make sense here? Up to the server, everything is protected via TLS. And if you don’t trust the server provider, you can encrypt all you want, but they can just read out the RAM of the VPS or they could have backdoored the bare metal hardware to do the same. As long as the server has to somehow work with the data in question, the decryption keys have to be somewhere in there. And what do you mean by code integration? We’re talking FOSS here, how could someone prevent me from removing any “is everything encrypted?” checks in Mastodon? Also, what does the encryption on other federated instances even matter? Without having any in depth knowledge about Mastodon, your user agent will hardly be sent to other instances, and when and what you posted is meant to be visible.
deleted by creator
They’re not almost the same thing at all, and your whole position is weird given that the context is social media which is fundamentally content people want to publish publicly.
deleted by creator
Fediverse itself is a privacy/GDPR minefield of epic proportions.
Nope, everyone blindly trusts AWS/Crimeflare/etc. to MITM all their traffic, storage and servers and never happen to do anything bad or leak any data. One day it’s going to bite everyone in the ass.
Even when you use AWS’s encryption feature for the VM itself, they hold the keys for you.