Mastodon does not store passwords in plain text. This is trivial to confirm as Mastodon is an open-source project. We use the bcrypt algorithm for one-way hashing of passwords. I can't believe someone is spreading misinformation about something so trivial to debunk.
@Gargron I'm quite confused since the owner post on blue bird app said that this app storing password in plaintext ... I mean, it almost impossible since it's easy to get attack yet you give us the Security details in the documentation.
Logically.
@Gargron
As a suggestion, would it be helpful to put something about this in the notification section?
@Gargron well at least we know it's quite secure for us
@Gargron I am quite surprised at first, but eventhough this announcement can make us be relieved could you please ensure us to be able to enjoy this platform? Thanks for the explanation!
@Gargron I'm still trusting this platform though, Thanks Eugen.
@Gargron eugen. just please i don't know anything about code blabla i just want to roleplay happily because twitter sucks. 
@winterkim @Gargron I JUST WHOOP. it is embarrassing
@wooseok after @leejihoon now we got another ✨ selebtoot ✨
@winterkim @wooseok HSHSHSHS STOP 
@Gargron was the bug with special chars in password fixed?
@vigdis Which bug?
@Gargron https://github.com/tootsuite/mastodon/issues/13152
Damn there are so many open issues
@vigdis This is not an issue with special characters, nor is it an issue in a true sense of the word. The bcrypt algorithm works on 72 bytes, anything beyond that makes no difference. This is a comparatively arcane topic that is disingenous to bring up in the context of this thread. If you'd like, you should bring this topic up with the developers of the bcrypt gem or Devise.
@Gargron then maybe it should make sense to close the gh issue?
@Gargron jujur elu kren.
@Gargron Eugen, please don’t betray us, take care of this platform! If it grows this will become a big platform and will be used by many people, I hope you can protect your user data. Have a nice day!
@Gargron please make this simple because im dizzy looking someone with same username but different domain
This is normal - many people here register one or more "alt" accounts on another Mastodon instance in case their main one has to be temporarily closed for maintenance (or for posting in different languages or different things they do).
Usually they are the same person (check the profiles carefully though).
If you look at mine, you can see I am also on chaos.social where I am @vfrmedia
@Tenlee_1001 It works kinda like email, multiple servers exist and including the domain distinguishes them.
@Gargron I JUST WANNA THANK TO YOU BECAUSE YOU MADE THIS PLATFROM SERIOUSLY I HATE JACK BECAUSE HE EAT MY ACCOUNTS ON TWITTER WITH NO REASON. WE NEED HAPPY PLACE JUST TO ROLEPLAY.
AARRRRGGHHHH THERE ARE SO MANY THOUGHTS I WANT TO SAY.
sorry
@Gargron eugen. i wanna say that please just be like this. be fast respond and listen to mastodon user since you are the owner because we need master-nim (?) like that. it is just like you are the king of this platform (?)
what did i just say okay sorry.
@wooseok dilihat lihat bang wooseok struggle mulu dah dari tadi 😂
@hangyvl WOY GUE MALU.
@wooseok lagian semua tweet nya eugen dibalesin mulu 🤣
@hangyvl WKWKWK SUMPAH GEGARA CAPEK AMA JEKI.
@wooseok JEKI EMANG DAH BRENGSKI NYEBELIN BANGET MAKIN KESINI
@Gargron WHAT’S WITH THE REPLIES LOL
@karinay I don't know
@Gargron Whoever spreads the news that isn't necessarily true, is really bad.
@Gargron I was very surprised when I read the fake news. thankyou for confirming that this is not true. lets do the best development for the app . Cheer up !!
It's difficult to make sense of that #Twitter post, but I think the part where he says “minutes after I signed up…” may be relevant.
To me, that would indicate the possibility of an #MITM, 3rd party script or similar #compromise in the Mastodon.social instance.
Have you looked into that?
@0 I have looked into it and haven't found anything
@Gargron I dont think this about technical things, this is about envy capitalist because they cannot put ads on this platforms
Hello @Gargron thank you for your work 🙂
I trust Open Source Software and I trust you 👍
Thank you for the information (even if the initial fake news didn't come to me)
@Gargron Bcrypt is a pleasure to use, it's as easy as plan text. Why no use it?
@Gargron And now you see how misinformation works. People like to be offended more than they like to know the truth.
SCIENCE: Empirical Accxperiment By @Gargron Suggests That A Juicy Untruth May Travel As Quickly As Six Times The Speed Of Truth!
@Gargron you are in the right here. That complaint showed no evidence of compromise being traced back to mastodon.social, and did indicate account and password reuse... which means any of the sites tha email was used at could be at fault.
Although it was more likely a drive-by password spray and a weak password that caused his breach... statistically speaking.
@Gargron This is particularly sad for me as this huge difference could happen without the help of a recommender system. I always thought that ok, there is human behavior but we also need ML to magnify it so much. However, it was blown here quite well without it.
@gerazo No, I meant tweet when I said tweet. The misinformation and my response I'm talking about are on Twitter.
@Gargron Ohh, thanks. That sound much better!
In this case, it was just the normal way of a recommender blowing up stuff. I wonder how big the original human response could be. I have a feeling that is not even necessary larger: it just comes earlier because we are motivated to click on more dangerous, cognitially more challenging things first before the convenient reassurance.
You are presuming a few things there
a) folks know how to read the code
b) understand what bcrypt is
c) instances are free of modification
But yeah. FOSS makes it harder to hide secrets
Amber
Server run by the main developers of the project 
It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!
The tweet with the misinformation got shared 1395 times, my response 85 times...