is there an up-to-date article about privacy on (possibly too)?
i want to know how updates (esp. DMs and followers-only) are distributed, how servers to which to deliver updates are chosen and how ostatus, which lacks so many features, is handled?

Maybe not what's you are looking for but the blog of a pleroma dev ( @kaniini ) where he speaks about activitypub security.

Basically, you are asking for the ActivityPub standard.
As to the behaviour once a toot is sent to another instance (mastodon or any other software, really): there is no such thing as remote attestation of the software run by another instance. Thus, it is fair to assume that your DM is public as soon as it leaves your instance.

@x_cli afaik the standard doesn't specify some details (esp. about ostatus), which are specific to the mastodon implementation, and i initially didn't wanna dive that deep. but now i guess it's too interesting to not to.

i know that as soon as they leave the server, they will be visible to the other instance, but as long as i trust the admin, it's ok. not like i'm gonna share private details in a messenger embedded into a microblog.

@x_cli what i was interested in is in what circumstances they get federated, but someone nice already described it to me :p

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.