since this is coming up again, i feel it's important to stress the following facts about privacy on mastodon:
- DMs are stored in plaintext in the database
- yes, this means admins can access them
- it also means they will be accessible if your instance DB is leaked
- however: this is the same as the situation on any other mainstream social media site
- at the end of the day you should make sure you trust your admins
- ultimately: don't use mastodon for privacy-critical messages
@Felthry believe me, it's been suggested before :P i believe gargron is reluctant to implement encrypted DMs because it's sometimes valuable for admins to see DMs in reports vis a vis targetted harassment, etc
@chr well I meant it more as putting the whole PGP stuff in the message itself like how it's used for email
this is a terrible idea because even just a PGP signature is extremely long, more than 500 characters probably
@chr I think a problem with the "find admins you trust" thing to new users is:
It assumes they have the social network of some degree in the fediverse already. But if they're new.. They probably don't know any admins, or people who know them well.
If yr not swimming in the fediverse social pools already, it's a trust-fall w/ strangers you don't know, based on their non-private posts, the CoC & random users' feedback you can scratch together asking around.
@chr actually, it's a bit worse than centralized media, because the DM content is stored in at least two (or more, if your DMs have more recipients) databases: your instance database, and the recipient instance's database.
Here again, the parallel with email is pretty good: when you send an email, you have a copy, as well as your recipient.
@chr More importantly remember to use the proper tools for each purpose.
Mastodon and activitypub were designed as a federated publication platform, not a communication system (these use cases are very difficult to reconcile), and thus lack some of the essentials of a proper communication tool, including end to end encryption.
Other tools are better suited for distributed/federated communication, including email, XMPP/Jabber, Matrix, or even Ring and some others.
@chr I guess my main message is: #mastodon (or any activitypub/fediverse service) is not especially bad at privacy. As a publication tool it is even pretty good at #privacy because your connection, search, and consultation data will only be stored by your instance.
It is indeed bad at properly securing your private communication, but hey! It was not meant for having private communications in the first place.
@chr it's also possible for other instances to get access to private messages due to how the federation stuff works. mastodon is great but don't use it for anything that needs to stay private!