To do that you'd need a private key that is local to your client (i.e. not stored on your local instance) and you would have to authorize new devices you want to post from in a fashion that they get this key without the server handling it. It also prevents you from recovering your account if you lose the key.
Services such as Signal and Keybase do this, and as such are better suited for truely private communication.
@gargron @jsalvador and why 'no'? Perhaps its not currently possible because it's not been implemented, but why would it be technically impossible to encrypt DMs? Users would have private and public keys and they could be used to encrypt and decrypt DMs. Perhaps an ambitious undertaking, put certainly possible?
@Gargron yes (voted) but also advocating an additional splainer indicating most social media platforms do this
and some E2E suggestions
Thanks for having the integrity to seek community feedback on this @Gargron, doing this isn't the easy way.
I suspect the reason so much of the net feels like a corporation's backyard is because decisions to do what everyone else always did just game made unquestioned.
And that leads to everyone making the same assumptions and the whole thing being fragile to the same kind of failure.
I don't see why not. Plus is it educates ppl who maybe never thought about it and it's such a small thing to do tjat encourages people to think about who has access to the things they post. I guess minus it might be interface clutter? Maybe "Yes, with a 'don't show this again' option"
@ninja85a @Gargron How would Mastodon determine this "privacy" settings? The admin can tell the user whatever they want, and this is not the role of Mastodon to understand the security of where it runs. This feature seems to me hazardous at best.
OTOH implementing PEP would help users utilize strong cryptography from the client for DMs, making it easier to block admin envy.
@Gargron I don't know if that's necessary on the compose screen. I definitely think it should be transparent though, maybe in an FAQ or readily-availible post on privacy?
@Gargron Hi Eugen, although it is common use by all the same sort of platforms. A one time 'cookie notice' that informs new users, or an addition in the TOS will put the users above the party (in this case Mastodon) and give open information about the flaws that other platforms have and not tell their users. As Mastodon is different this will make a big statement and I believe positive effect to people that want to know all. (no hidden benefits for mastondon). Greetings from Holland, Barbara
@Gargron *sends flowers to the orange part of the circle*
@Gargron By the way, thanks for asking your users.
@Gargron ⚠ warning sounds a bit strong
but a little info box saying something to the effect of "direct messages are not encrypted and will be readable by admins and mods of both this instance the recipient instance(s)" (with maybe a link to a more thorough explanation for those interested) would be a good idea
from an end user perspective, I very much like being told what a feature really does instead of having to assume.