Post AIt8rdQ39SXS9Fo7fs by stux@mstdn.social
(DIR) More posts by stux@mstdn.social
(DIR) Post #AIt8rcptJtcCL6tFJY by ryancrawcour@mstdn.social
2022-04-27T22:22:11Z
0 likes, 0 repeats
ok peeps, someone more familiar with #mastodon please weigh in here. if true, this is actually terrifying and people REALLY need to understand this before picking their instance and before posting anything in a "private" message.
(DIR) Post #AIt8rdQ39SXS9Fo7fs by stux@mstdn.social
2022-04-27T22:28:52Z
0 likes, 0 repeats
@ryancrawcour let me clairify here!♥️ Moderators not admins cannot read any private or DMs from the admin/mod interface. But like with every sever it would be possible to ‘login’ on the database and lookup that data manually but trust me, this would be a pain.. and I doubt any server admin would do this! If so please move instances👌🏻♥️Here on mstdn there are only 2 people who access to the database, that’s me and a backup person just in case something happens to me. But your DM’s are SAFE!♥️
(DIR) Post #AIt91MOTJ4ZIEyhsQq by stux@mstdn.social
2022-04-27T22:30:22Z
0 likes, 0 repeats
@ryancrawcour DMs on Mastodon are NOT encrypted! We are working on such a thing for in the future :)If you want to chat E2E encrypted I would suggest a private conversation in #Matrix for example!👌🏻♥️
(DIR) Post #AIt9Let8FoZjOMj7sO by Jain@blob.cat
2022-04-27T22:34:27.267582Z
0 likes, 0 repeats
@stux @ryancrawcour i have more trust in 3-4 random admins who try to do their best than a company which is totally non-transparent :blobcatrainbow:
(DIR) Post #AIt9PxHnnEMTbuJaG8 by stux@mstdn.social
2022-04-27T22:35:04Z
1 likes, 0 repeats
@Jain @ryancrawcour That's for sure! :cat_hug_triangle:
(DIR) Post #AIt9SCWU77hJRhFlwW by ryancrawcour@mstdn.social
2022-04-27T22:35:32Z
0 likes, 0 repeats
@stux thanks! i have nothing on any social media app that is really "private". so i am good. i am just stunned at how easy it is to access the contents of DMs etc. guess it's just a good reminder to be wary of what instance you're on and who the admins of that instance are.
(DIR) Post #AIt9ZQ9bpfapkTzpU8 by stux@mstdn.social
2022-04-27T22:36:48Z
0 likes, 0 repeats
@ryancrawcour Ah I see! Maybe Matrix would be a better fit? :blobcatgiggle: We have an instance running on :https://chat.mstdn.social/ more info and even Tor: https://mstdn.social/about/more#matrix
(DIR) Post #AIt9aqIs5xI38h0T8i by jonas@social.evilcyberhacker.net
2022-04-27T22:36:56Z
0 likes, 0 repeats
@stux @Jain @ryancrawcour honestly I’d distrust Twitter DMs just as much as Mastodon DMs and any other unencrypted medium (no offence to any admins) - if it’s actually meant to be private, use an E2EE channel for god’s sake, that’s easier than ever today :P
(DIR) Post #AIt9eBjGtIP4SVwyWm by stux@mstdn.social
2022-04-27T22:37:38Z
1 likes, 0 repeats
@jonas @Jain @ryancrawcour Exactly! Just don't do such things on social media but a dedicated platform for that :bloblaugh:
(DIR) Post #AIt9mwVCsCnHq8XuUa by Jain@blob.cat
2022-04-27T22:39:23.088579Z
0 likes, 0 repeats
@jonas @stux @ryancrawcour of course, if someone has the necessary knowledge, this is how it should be done :blobcat3c: but there are enough people who do not have the necessary knowledge and therefore depend on their admins not to fuck up
(DIR) Post #AIt9tL2YYSlbgFC8S8 by mguhlin@mstdn.social
2022-04-27T22:40:19Z
0 likes, 0 repeats
@stux @ryancrawcour Or resort to text message encryption tools - https://go.mgpd.org/fete #Encryption #EncryptionWorks Mypref: https://pteo.paranoiaworks.mobi/
(DIR) Post #AIt9yjO3SgQ8ddp1Ki by jonas@social.evilcyberhacker.net
2022-04-27T22:41:11Z
1 likes, 0 repeats
@Jain @ryancrawcour @stux obviously - and I’d consider it a serious breach of trust and reason to leave immediately if and admin did that (thank god fedi makes moving relatively easy) - but as a techie I put paranoia over everything else :P
(DIR) Post #AIt9ys7iylhnjbFbd2 by evelyn@misskey.bubbletea.dev
2022-04-27T22:41:32.690Z
0 likes, 0 repeats
@ryancrawcour@mstdn.social It's more or less true, someone who controls the database for an instance can read the contents, which includes all posts available to the instance, including DMs. This is the same with any service where direct messages aren't end-to-end encrypted. I don't personally view it as being a big deal or a major flaw, because I wouldn't use direct messages for anything particularly sensitive, whether they were on twitter or elsewhere.
(DIR) Post #AItANTOo2cUuIByHTc by ryancrawcour@mstdn.social
2022-04-27T22:44:19Z
0 likes, 0 repeats
@evelyn yup. agreed. just now we've gone from a centralized highly controlled and regulated environment, to a distributed environments comprising servers sitting under someone's desk somewhere. the risk vector is much higher imho. but maybe that's because i don't inherently mistrust big tech like others do.
(DIR) Post #AItANTuM9Jjbs2jTea by evelyn@misskey.bubbletea.dev
2022-04-27T22:45:58.641Z
0 likes, 0 repeats
@ryancrawcour@mstdn.social It's a different threat model in the end. Each admin has fewer users, so it's definitely more practical for any of them to rifle through DMs if they're so inclined, but then on large monoliths there's guaranteed to be constant surveillance, even if it's more automated. It's a different sort of game, and not necessarily better, the key is user education I think.