i saw a toot about it elsewhere but i can’t find it so: basically don’t trust mastodon for things you want to stay Actually Private. instance admins can read DMs, and instance admins can read the private posts of anyone their users follow. this is sort of inherent to the current architecture. and for all twitter’s sins, i trust the admins to not leak random people’s DMs more than i trust every instance admin ever.
@BestGirlGrace oh, that’s where i saw it! yeah, that’s always the downside of smaller communities like these.
@hierarchon
Why can't every site be run by an infallible sysadmin who pays for everything forever and shares my exact politics?
@BestGirlGrace @hierarchon I dunno, it's been working pretty well for me on WTDWTF and this Mastodon instance so far...
@ben @BestGirlGrace @hierarchon That's one of the main reasons I decided to host my own instance. It doesn't actually solve the DM issue though when messaging to other instances. A nice alternative might be GPG though.
@ben @hierarchon @aldude999 Yeah, though if you're going to do that, you might as well use something with real privacy guarantees.
@BestGirlGrace @ben @hierarchon Yeah, I don't really expect privacy from a social media site, but it's nice to be aware of the data going in and out of a server since I have physical control of it.
@aldude999 @BestGirlGrace @hierarchon I don't think any of the privacy issues with GPG apply when you're sending a message to a person who is addressed in cleartext.
@ben @BestGirlGrace @hierarchon Content is safe, metadata definitely not.
Ah, as relevant now as it was then. I'm a prophet. #GraceTour
@hierarchon
Even if you run your own instance, hope you don't get hacked, you don't screw up an upgrade, or even just get bored with the whole thing and decide to stop paying for it
@hierarchon so theres no actual private messages here
@mediumvillain not really, no. there aren’t any on twitter, but I trust Twitter enough to come down like a sack of hammers on any admin dumb enough to read messages (and there’s safety in numbers there).
@hierarchon @jimpjorps you should add this to your medium thing
@hierarchon Warning heeded, but I think it’s pretty likely twitter engineers look into people’s accounts for kicks too. Seems unlikely it’s encrypted.
@iamskye I can’t speak for Twitter, but at the company I used to work at this sort of data was encrypted and locked down, with monitoring for manual access.
@hierarchon That would make sense in terms of reputation considering all the celeb accounts on Twitter, I just don’t trust them to do anything ethical. Have there been any incidents regarding large/established instance admins leaking DMs?
@iamskye Not AFAIK.
@hierarchon That’s good, if this continues growing the importance of selecting an instance and the reputation of instances will probably be much better understood
@hierarchon
I remember a while back that some users figured out a way to encrypt DM's but I can't remember the process.
@hierarchon Why not encrypt that shit?
@imkwazy Storing the keys server-side doesn't help anything, and storing them client-side means you need some way to do key exchange and distribution and stuff, which is a Hard problem.
@hierarchon yeah this is an unfortunate consequence of federated systems.
It's easier to be anonymous in a large crowd. I don't expect that any engineer at goog is interested in my emails specifically. And in large corps there are safeguards against illicit access.
But in an instance of a federated system, you are one of few users (relatively speaking) and there is just one admin and they have root access.
It's fine for public social networks, but for private stuff... 🙅♂️
@hierarchon
Yeah, I was talking about this on Twitter, how you have to completely trust your instance admin to not read, mess with, or completely drop the ball with your posts.