Mastodon: Your DMs can be read by the admin(s) on your specific instance.
Twitter: Your DMs can be read by the entire Twitter Corporation.
@tinker and s/Twitter/Corporate Cloud-based Doodad/g
@tinker That last part almost certainly isn't true and I think we all know it.
A better argument is: "But you can be your own admin, meaning only your third party might lose your DMs, you're in exactly the same boat as twitter."
An example: lots of instance admins acted in unison to identify and ban instances and users who spread child pornography last year. They did this for their own reasons, but as a sum total of action it was largely indistinguishable from a centrally managed action.
I've implied elsewhere that nothing stops dishonest actors from starting Masto instances. The cost of failing is insignificant. There is no penalty for being revealed a fraud.
That's progress and we shouldn't cede the point to folks who want to try and claim Mastodon is uniquely bad in this fashion.
@Elucidating @tinker I would say it essentially is true. Everything you write on Twitter is readable by everyone the corporation allows or directs to read. That is already a lot of people, and you have no choice in the matter.
Mastodon is NOT a private platform either of course. Tooters should have minimal expectation of privacy. However their is a much greater measure of control in who sees your messages, plus it isn't driven by surveillance based marketing.
@Elucidating @tinker this has already happened to a certain degree...remember the attempt by Hiveway to somehow tart up Mastodon with blockchain and raise capital for their "new thing". Also counter.social, though not overtly fascist, caters in some ways to such a crowd with their antisocial federation policy and tone.
The nature of federation brings back the kind of self regulation/containment that existed in pre-internet publishing, where crackpot ideas were recognizable and limited in reach.
@Elucidating @tinker that sort of self - containment works to limit damage in those cases too. An instance's rep can quickly turn bad when it is caught doing evil. It isn't perfect of course but you won't as easily get Cambridge Analyitica type scenarios where things like honeypot "quizzes" can reach tens of millions of people.
There are many more mitigation options in a distributed scenario. I have my own server for a reason. And alts like #pleroma making self hosting more accessible helps.
@tinker I think that's a good point, two minor thoughts:
The reason that Twitter is an issue is that you effectively have no relationship with them. You're probably just a low value content creator, they have a plethora of those. If you were a customer you might have some weight, you're not.
Also DMs can be read by the admins on your instance and the person you're sending it to's instance. You have to trust all the admins in that set.
@ted - Agreed.
@tinker And alphabet agencies.
@tinker ...damn best delete all the "primetime pics" i sent to the other brand accounts, shit shit SHIT
@tinker that is not true - and they might be safer with such a big corporation (with clearly defined policies for access and very knowledgeable devops) than with a random Mastodon admin (who may or may not be running all security updates every night). Sais this random admin :-)
@arjenpdevries - Fair. Flip side as well, folks can spin up their own instance and control at least half of the conversation.
@arjenpdevries Mastodon isn't a private messaging tool (there's no (auditable) end to end encryption) but you can't pretend it's "safer" to blindly trust a company run by surveillance marketing. It's not "safer" at all, it's defective by design.
Any big corps get hacked on regular basis… "knowledge devops" is not a valid argument. Especially when those companies practice mass surveillance for money.
@devnull @tinker well, I agree that surveillance capitalism is a flawed model. However - the large corporations in this mass surveillance economy will spend huge resources to keep their data to themselves. The model requires trust - which is fragile.
An analogy: Do you trust just anyone on the street with your money? No, you put it in the hands of a large corporation called a bank.
PS: I definitely think decentralized social media are the future!
@arjenpdevries The bank is supposed to give me my money back if they get hacked and someone steal my money because of it.
Marketing companies sell your data to anyone they want, and will give you nothing, even if they're breached.
It's not comparable at all.
Trust isn't an issue, most people blindly trust those companies and don't give a shit about their own privacy/the privacy of others. All they see is "$stuff is so convenient!". Look at facebook…
Not by the Twitter corp, but by "our commercial partners for advertising purposes(tm)".
@tinker *Mastodon: and the admin of the possibly-remote instance you're sending the DM too, which would more likely be the issue.
A Mastodon instance for info/cyber security-minded people.