Post AIqUXJYetsbEH9fbU0 by CherryTechTips@mastodon.social
(DIR) More posts by CherryTechTips@mastodon.social
(DIR) Post #AIq3miyHzyX4fvmY8O by aeonofdiscord@icosahedron.website
2022-04-26T10:14:07Z
1 likes, 0 repeats
hey a lot of people are refusing to touch masto because they're freaking out about DMs, is there a concise way to explain the DM situation
(DIR) Post #AIq3mjlZ2lwp8kptwG by Ronflaix@cybre.space
2022-04-26T10:15:01Z
0 likes, 0 repeats
@aeonofdiscord moderators from both the sender and receiver servers can see your DMs because they have to moderate, that's it?
(DIR) Post #AIq3mkDvLKdIYi6Y8u by aeonofdiscord@icosahedron.website
2022-04-26T10:16:45Z
0 likes, 0 repeats
@Ronflaix I think this actually makes it sound worse than it is? Is there an admin interface for this?
(DIR) Post #AIq3mkp96wPIQ9WHA0 by codl@chitter.xyz
2022-04-26T10:31:45Z
0 likes, 1 repeats
@aeonofdiscord @Ronflaix no, moderators can't leisurely browse DMs. the moderation interface will only show a DM if it's been attached to a report, and only in the context of that reportdirect database access is still possible but [people who can do arbitrary queries on the database] and [people who have access to the moderation and/or admin interface] are not necessarily the same group of people
(DIR) Post #AIq3ml42DaJhAKUAMq by aeonofdiscord@icosahedron.website
2022-04-26T10:15:16Z
0 likes, 0 repeats
I don't run an instance so I don't know how determined an admin would have to be to actually go through a user's DMs if they wanted to
(DIR) Post #AIq3xe6WR2NalVqBSS by evelyn@misskey.bubbletea.dev
2022-04-26T10:49:57.776Z
1 likes, 1 repeats
@aeonofdiscord@icosahedron.website So, moderators on most instance software cannot view DMs as they wish, they may only be able to view DMs which were reported. The admin of an instance has access to the database and can read any post available to the instance, with any access level, including DMs. Why this is surprising or a problem in particular I don't really get, this is an obvious property of any platform which supports DMs without end-to-end encryption, including Twitter.
(DIR) Post #AIq440ilG94ieClHlI by evelyn@misskey.bubbletea.dev
2022-04-26T10:51:06.714Z
0 likes, 0 repeats
@aeonofdiscord@icosahedron.website I think that it may well be a lost cause trying to educate people who're so willing to accept anti-fedi disinfo honestly, though I can understand trying.
(DIR) Post #AIq4PyirN0QkovHb0a by vriska@lizards.live
2022-04-26T10:55:03Z
1 likes, 0 repeats
@aeonofdiscord unless one is specifically using peer to peer encryption every dm on every website is readable to whoever has access to the database
(DIR) Post #AIq5Db0xn2cJlpPUHY by aeonofdiscord@icosahedron.website
2022-04-26T11:04:00Z
0 likes, 0 repeats
@vriska this is technically correct but a recurring concern is that users have a different threat model for smaller websites where there's a higher chance of one or more operators deciding to mess with them personally
(DIR) Post #AIq5SGrWztmJc5znv6 by vriska@lizards.live
2022-04-26T11:06:40Z
0 likes, 0 repeats
@aeonofdiscord I've been on the fediverse for 6 years and 3 months and I've never once heard of nor seen any admin digging through people's dms on here.
(DIR) Post #AIq5kGXEx8efoL5MES by aeonofdiscord@icosahedron.website
2022-04-26T11:09:54Z
0 likes, 0 repeats
@vriska yeah same but "I've never personally heard of this bad thing happening" often looks oblivious/uncaring from the outside. there are popular posts on twitter atm that are specifically trying to scare people about this issue and i'm trying to figure out how to address the concerns of confused non-masto-users without sounding like "doesn't happen/get over it" yk
(DIR) Post #AIq5vtdttPO8HmkMDI by vriska@lizards.live
2022-04-26T11:12:02Z
0 likes, 0 repeats
@aeonofdiscord I mean with all the other absolutely unhinged behavior on this network, the fact that's never happened when so much other shit has I think is a decent angle? Also, "if you're worried about this, here's that fedi host website where you can admin your own instance and still talk to anyone you want on the network*"
(DIR) Post #AIq6A2b3OlD26v9y2C by hakui@tuusin.misono-ya.info
2022-04-26T11:14:36.630670Z
0 likes, 0 repeats
@vriska >icosa>cybrei can see why @aeonofdiscord is concerned lol
(DIR) Post #AIq6YVWDWDiOlDZ1bk by lnxw37a2@pleroma.soykaf.com
2022-04-26T11:19:01.502372Z
0 likes, 0 repeats
@Ronflaix @aeonofdiscord halcy answered that here: https://icosahedron.website/@halcy/108197869328261392 My understanding is that your instance moderators and admins cannot see any posts that a regular user can't see, unless the report attaches the posts in question.
(DIR) Post #AIq6expBBuYYHrVohM by halcy@icosahedron.website
2022-04-26T10:21:05Z
0 likes, 0 repeats
@aeonofdiscord I cannot, by default, view anything in the admin web interface that any other user on the instance couldn't see (no followers-only or direct posts), unless attached to a report by someone. compare: regular web interface vs admin ui
(DIR) Post #AIq6eyR6ustiBVG6oy by aeonofdiscord@icosahedron.website
2022-04-26T10:25:12Z
0 likes, 0 repeats
@halcy yeah I assume what people are concerned over is some kind of "admin digs through the database for intel on their enemies" situation
(DIR) Post #AIq6ez9mEocuQ29mRU by halcy@icosahedron.website
2022-04-26T10:29:28Z
0 likes, 1 repeats
@aeonofdiscord though also, still, distinction here: An Admin (Masto user account with Admin privileges) cannot by default see posts in the admin interface that they could not see as a regular user. Only an Admin (the person who can literally ssh into the server) can.
(DIR) Post #AIq6eztVUnCqhrYIim by halcy@icosahedron.website
2022-04-26T10:23:53Z
0 likes, 0 repeats
@aeonofdiscord now obviously, this is a server I run and set up, so I can in theory look into the database and the post text is in there. only people who have actual access to the server can do that, though (people who just have admin or moderator access on web can not do that in regular masto. idk pleroma and others)
(DIR) Post #AIqPbBxuZXDQ7BVllA by cpsdqs@icosahedron.website
2022-04-26T14:50:34Z
0 likes, 0 repeats
@enkiv2 @aeonofdiscord then this way of explaining it will be both educational AND unnerving. perfect
(DIR) Post #AIqPbCd26e6oAikbr6 by piggo@piggo.space
2022-04-26T14:52:23.258714Z
0 likes, 0 repeats
@cpsdqs @enkiv2 @aeonofdiscord any random intern at twitter can probably read DMs too so, like, they are just choosing the adversary
(DIR) Post #AIqQyZxxbUrBAOFYpM by oreolek@icosahedron.website
2022-04-26T10:35:33Z
1 likes, 0 repeats
@aeonofdiscord Encrypted DMs are still in progress. https://github.com/mastodon/mastodon-ios/issues/241https://gist.github.com/Gargron/ef09c05cd81580b8b9f4597c458bee1bNo one has access to DMs unless there's a report.The instance admins (the tech workers, not always the public face of the instance) are the only people with access to the database, bypassing all barriers, on both ends of the conversation, of course. If you're using DMs for sensitive data, you trust both your and your buddy's admin.
(DIR) Post #AIqUXJYetsbEH9fbU0 by CherryTechTips@mastodon.social
2022-04-26T15:46:22Z
1 likes, 0 repeats
@aeonofdiscord imagine relying on unencrypted communication and complaining it can be read by someone
(DIR) Post #AIrGEWU9PNZYfOfOts by YeetLibs@poa.st
2022-04-27T00:42:01.717242Z
0 likes, 0 repeats
@aeonofdiscord @wildgoose @aeonofdiscord I feel sorry for them