The Corporation behind and the Admins of Twitter can see your “Private Messages”

The Corporation behind and the Admins of Facebook can see your “Private Messages.”

The Admins of Mastodon can see your Direct Messages. They aren’t private.

With Mastodon, you can spin up your own instance and be your own Admin.

Ultimately, don’t use any of these tools for actual private messages. Use Signal, Matrix/Riot or another end to end encrypted messaging tool.

@tinker It would be neat to see Mastodon implement signal protocol e2e encrypted chat as their DM system instead

@facts_the_alt - It would still only be End-to-End. And the admin controls one End. They’d still be able to read DMs. (E2E only protects data in transit).

There are ways to protect data at rest against certain types of privileged user, but not for what we’re talking about here.

Mastodon’s answer is to let you be your own admin. And for many, thats exactly what they do.

@facts_the_alt - I should say, this only applies if you want to read the messages clear from the web app. If you sent an encrypted message and downloaded it to your host, then your host (not the Mastodon instance itself) becomes the endpoint.

You can address this without needing Mastodon to do it. You just need a thick client that can send the encrypted message through the Mastodon network.

@tinker
Wouldn't it be sufficient if profiles offered to enter xmpp and/or matrix ids? Instances could possibly offer a simple #xmpp server like #prosody. I don't see any other valid #e2e solution for any #federation compatible protocol except using gpg client sided like with email.

Maybe one should discuss to remove any "direct" or "private" message features from protocol in regard to the very common misunderstandings linked 2 those terms?
@facts_the_alt

Follow

@homer77


the beta e2e of Riot

Why could not mastodon clients employ this for non-public toots?

@tinker

@orangecoastcollegeprivacy
First I don't know if that would work for the web end of mastodon? Would it?
Then maybe this would blow client development up a bit. But as I don't know anything about #megolm ... Maybe this can be a proper solution ...
@tinker

Sign in to participate in the conversation
social.wiuwiu.de - Mastodon

This Mastodon instance is hosted in Germany and powered by 100% clean energy. Mastodon is a free and decentralized alternative to well-established social microblogging platforms like Twitter. Please consider a dontation if you like this instance!