Question for more tech savvy people: should I be worried about wiping old data, and if so for which apps? Just messaging apps, or also email and social media? Or can I just use the encrypted apps moving forward?
every single thing you send online is going to be there forever. “the cloud” is someone’s server and constitutes online. even end to end encryption isn’t necessarily going to save you.
for example iCloud backup is encrypted. but Apple in the past has kept a copy of your encryption key on your iCloud. why? because consumers who choose to encrypt and lose their passwords are gonna freak out when all their data is effectively gone forever.
so when FBI comes a’knocking to Apple with a subpoena… once they get access to that encryption key it doesn’t matter if you have the strongest encryption in the world
my advice
never ever ever write something online that you do not want everybody in the world seeing.
to put on my tin foil hat, i believe government probably has access to methods that break modern encryptions. in theory with quantum computers it shouldn’t be difficult
I’d imagine operating a quantum computer for blanket surveillance is cost-prohibitive, but yea, if you’ve given them reason to look at you just assume they have the means to break your encryption.
That depends on the privacy protections where you live and the policies of each service:
most places in the US - they already have your data and aren’t obligated to delete it
outside the EU - probably the same as the US
the EU or select states (e.g. CA) - you have some protections and a legal obligation to honor delete requests
For the first two, I wouldn’t bother. I personally poisoned my data with Reddit before leaving, because I’ve heard of then reversing deletions. For the third, deleting may make sense.
But in general, I’d keep your other accounts open until you fully transition to the new one.
Below is information when considering a replacement service.
Anything where data is stored on a server you don’t directly control can be leaked or subpoenad from the org that owns that server. Any unencrypted communication can be intercepted, and any regular encryption (HTTPS) can be logged by that server (e.g. under court order without notifying the customer).
Check out your old reddit account. I poisoned my data, too, then deleted it, but they restored it completely like the bastards they are. I deleted my 2F too, so it’s there forever now.
Yup, I figured that would be the case. I “deleted” my account, so I can’t go verify, but I let it sit for a couple weeks and my poisoned posts were still there (even got a couple replies asking WTF is up w/ my comments).
So yeah, not sure if my data is still there or not, but at least I tried.
Thing is, if they have backups, even editing data doesn’t do anything. Or they could even just have it set up to only display the most recent version but still keep each edit on the db. Wouldn’t even be hard to implement. Hell, it wouldn’t even be that hard to implement a historical series of diffs so they don’t have to store the full comments for each edit if the edit is a small one.
Like if I wanted to run a service that made it easier to find interesting data, part of that would be to flag deletes and edits as “whatever was there before has a higher chance of being interesting”.
Once something is posted, IMO just assume that it can’t be unposted and trying to unpost it might work similarly to the Streisand effect.
Even here. Sure, the source is open and I’d bet looking at the delete and edit functions would make it look like everything is fine. But other federated servers don’t have to run the same code and can react to delete and edit directives from other servers however they want. The main difference between this platform and Reddit in regards to control over posted information is the fediverse can’t prevent entities from accessing the data for free (albeit with less user metadata like IP and email).
it wouldn’t even be that hard to implement a historical series of diffs
And external services provide this as well, like those services where you can find deleted comments (or the internet archive).
I just try to disassociate my identity as much as I can from sites like Reddit. I never used my email on Reddit, and I haven’t used mine here. I’m guessing an enterprising individual could triangulate who I am based on my posts (though I do post false information sometimes), but that’s a lot less likely than if I handed over that association (i.e. through Facebook or whatever).
Do what you can, but yeah, assume that everything you post on the internet exists forever.
Question for more tech savvy people: should I be worried about wiping old data, and if so for which apps? Just messaging apps, or also email and social media? Or can I just use the encrypted apps moving forward?
the safest perspective to have is this -
every single thing you send online is going to be there forever. “the cloud” is someone’s server and constitutes online. even end to end encryption isn’t necessarily going to save you.
for example iCloud backup is encrypted. but Apple in the past has kept a copy of your encryption key on your iCloud. why? because consumers who choose to encrypt and lose their passwords are gonna freak out when all their data is effectively gone forever.
so when FBI comes a’knocking to Apple with a subpoena… once they get access to that encryption key it doesn’t matter if you have the strongest encryption in the world
my advice
never ever ever write something online that you do not want everybody in the world seeing.
to put on my tin foil hat, i believe government probably has access to methods that break modern encryptions. in theory with quantum computers it shouldn’t be difficult
I’d imagine operating a quantum computer for blanket surveillance is cost-prohibitive, but yea, if you’ve given them reason to look at you just assume they have the means to break your encryption.
That depends on the privacy protections where you live and the policies of each service:
For the first two, I wouldn’t bother. I personally poisoned my data with Reddit before leaving, because I’ve heard of then reversing deletions. For the third, deleting may make sense.
But in general, I’d keep your other accounts open until you fully transition to the new one.
Below is information when considering a replacement service.
Anything where data is stored on a server you don’t directly control can be leaked or subpoenad from the org that owns that server. Any unencrypted communication can be intercepted, and any regular encryption (HTTPS) can be logged by that server (e.g. under court order without notifying the customer).
Even “secure” services can be ordered to keep logs. Here’s an example from Proton mai, and here’s one involving Tutanota.
So it depends on your threat model, or in other words, who you’re trying to keep away from your data. Just think about how screwed you might be if:
The answers to the above should help you decide which to type of service you’d feel comfortable with, and what tradeoffs you’re willing to make.
Check out your old reddit account. I poisoned my data, too, then deleted it, but they restored it completely like the bastards they are. I deleted my 2F too, so it’s there forever now.
Yup, I figured that would be the case. I “deleted” my account, so I can’t go verify, but I let it sit for a couple weeks and my poisoned posts were still there (even got a couple replies asking WTF is up w/ my comments).
So yeah, not sure if my data is still there or not, but at least I tried.
Thing is, if they have backups, even editing data doesn’t do anything. Or they could even just have it set up to only display the most recent version but still keep each edit on the db. Wouldn’t even be hard to implement. Hell, it wouldn’t even be that hard to implement a historical series of diffs so they don’t have to store the full comments for each edit if the edit is a small one.
Like if I wanted to run a service that made it easier to find interesting data, part of that would be to flag deletes and edits as “whatever was there before has a higher chance of being interesting”.
Once something is posted, IMO just assume that it can’t be unposted and trying to unpost it might work similarly to the Streisand effect.
Even here. Sure, the source is open and I’d bet looking at the delete and edit functions would make it look like everything is fine. But other federated servers don’t have to run the same code and can react to delete and edit directives from other servers however they want. The main difference between this platform and Reddit in regards to control over posted information is the fediverse can’t prevent entities from accessing the data for free (albeit with less user metadata like IP and email).
And external services provide this as well, like those services where you can find deleted comments (or the internet archive).
I just try to disassociate my identity as much as I can from sites like Reddit. I never used my email on Reddit, and I haven’t used mine here. I’m guessing an enterprising individual could triangulate who I am based on my posts (though I do post false information sometimes), but that’s a lot less likely than if I handed over that association (i.e. through Facebook or whatever).
Do what you can, but yeah, assume that everything you post on the internet exists forever.
just wanted to add that deleting an app will not result in deletion of your data stored in the cloud (e.g. your emails)
Wiping old stuff won’t hurt, but they might not actually delete it.