i saw a toot about it elsewhere but i can’t find it so: basically don’t trust mastodon for things you want to stay Actually Private. instance admins can read DMs, and instance admins can read the private posts of anyone their users follow. this is sort of inherent to the current architecture. and for all twitter’s sins, i trust the admins to not leak random people’s DMs more than i trust every instance admin ever.

@hierarchon
Yeah, I was talking about this on Twitter, how you have to completely trust your instance admin to not read, mess with, or completely drop the ball with your posts.

@BestGirlGrace oh, that’s where i saw it! yeah, that’s always the downside of smaller communities like these.

@hierarchon
Why can't every site be run by an infallible sysadmin who pays for everything forever and shares my exact politics?

@BestGirlGrace @hierarchon I dunno, it's been working pretty well for me on WTDWTF and this Mastodon instance so far...

@ben @BestGirlGrace @hierarchon That's one of the main reasons I decided to host my own instance. It doesn't actually solve the DM issue though when messaging to other instances. A nice alternative might be GPG though.

@ben @hierarchon @aldude999 Yeah, though if you're going to do that, you might as well use something with real privacy guarantees.

@BestGirlGrace @ben @hierarchon Yeah, I don't really expect privacy from a social media site, but it's nice to be aware of the data going in and out of a server since I have physical control of it.

@aldude999 @BestGirlGrace @hierarchon I don't think any of the privacy issues with GPG apply when you're sending a message to a person who is addressed in cleartext.

@aldude999 @BestGirlGrace @hierarchon yeah, but what I'm saying is the metadata in the GPG message wouldn't be anything more than what's already visible in the ActivityPub wrapper.

@aldude999 @BestGirlGrace @hierarchon speaking of GPG, it'd be nice to have a way to sign another user's account in ActivityPub as either "this person is me" or "I trust this person is who they say they are"

@ben @BestGirlGrace @hierarchon Web of Trust in the fediverse would actually be really sweet. Someone could transfer their account to another instance and as long as they still had their GPG key, it would show up that you still trust that person. I would want it generated and stored off-site though and I'm not sure how that would work.

@aldude999 @BestGirlGrace @hierarchon Mastodon accounts already have RSA keys associated with them, so maybe it'd be some form of signing that key with an existing offline GPG key?

@hierarchon
Even if you run your own instance, hope you don't get hacked, you don't screw up an upgrade, or even just get bored with the whole thing and decide to stop paying for it

@mediumvillain not really, no. there aren’t any on twitter, but I trust Twitter enough to come down like a sack of hammers on any admin dumb enough to read messages (and there’s safety in numbers there).

@hierarchon Warning heeded, but I think it’s pretty likely twitter engineers look into people’s accounts for kicks too. Seems unlikely it’s encrypted.

@iamskye I can’t speak for Twitter, but at the company I used to work at this sort of data was encrypted and locked down, with monitoring for manual access.

@hierarchon That would make sense in terms of reputation considering all the celeb accounts on Twitter, I just don’t trust them to do anything ethical. Have there been any incidents regarding large/established instance admins leaking DMs?

@hierarchon That’s good, if this continues growing the importance of selecting an instance and the reputation of instances will probably be much better understood

@hierarchon
I remember a while back that some users figured out a way to encrypt DM's but I can't remember the process.

@hierarchon Not surprising. You are trusting the admins with your private messages. The same could be said for Twitter.

@rekle Yeah, but I trust Twitter more in this respect than any instance administrator.

@imkwazy Storing the keys server-side doesn't help anything, and storing them client-side means you need some way to do key exchange and distribution and stuff, which is a Hard problem.

@hierarchon yeah this is an unfortunate consequence of federated systems.

It's easier to be anonymous in a large crowd. I don't expect that any engineer at goog is interested in my emails specifically. And in large corps there are safeguards against illicit access.

But in an instance of a federated system, you are one of few users (relatively speaking) and there is just one admin and they have root access.

It's fine for public social networks, but for private stuff... 🙅‍♂️

Sign in to participate in the conversation
Cybrespace

Cybrespace is an instance of Mastodon, a social network based on open web protocols and free, open-source software. It is decentralized like e-mail.