The Corporation behind and the Admins of Twitter can see your “Private Messages”

The Corporation behind and the Admins of Facebook can see your “Private Messages.”

The Admins of Mastodon can see your Direct Messages. They aren’t private.

With Mastodon, you can spin up your own instance and be your own Admin.

Ultimately, don’t use any of these tools for actual private messages. Use Signal, Matrix/Riot or another end to end encrypted messaging tool.

@tinker It would be neat to see Mastodon implement signal protocol e2e encrypted chat as their DM system instead

@facts_the_alt - It would still only be End-to-End. And the admin controls one End. They’d still be able to read DMs. (E2E only protects data in transit).

There are ways to protect data at rest against certain types of privileged user, but not for what we’re talking about here.

Mastodon’s answer is to let you be your own admin. And for many, thats exactly what they do.


Couldn't Mastodon emplement a browser en/decryption like So not even the Admins could read the messages. 0-knowledge storage.

Or do I miss something?

@cwcopa @tinker That was more or less my idea: run the Signal protocol in the web clients or on a mobile device. The only hangup would be syncing messages across client devices.

Why would that be a hangup? Store the messages on the server, encrypted obviously, and decrypt it via password on the device. An other example would be It is working fine.
It could be a feature and not the standard.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.