yan ๐Ÿ‡ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Briar Rose @polymerwitch@toot.cat

technical note about this tech as I see some confusion/misconceptions:

Admins of your instance have complete control over your account. Really, we can read all the posts (including DMs) and we can even impersonate/hack your account with ease.

Make sure you trust your admins.

Here on toot.cat we have a CoC that applies to both admins and non admins. Admins are expected to abide by the CoC and not oppress users as well.

yan ๐Ÿ‡ @bcrypt

@polymerwitch if someone posts a direct message to another user on the same instance, can admins of other instances see that message?

ยท Web ยท 0 ยท 5
Bob Mottram @bob@social.freedombone.net
@bcrypt @polymerwitch yes. Assume that everything on gnusocial is purely public and can be viewed by anyone. There have been discussions about having "real" DMs and my favoured option would be to have a field in the database and UI button for "contact me directly". That could then fire up your preferred xmpp client with omemo and so on. By keeping private and public as separate majesteria you can optimise for both situations.
always coming home @nightpool@cybre.space

@bcrypt I don't believe so, although the person below me is pretty confident.

Obviously if your server is malicious it could leak whatever it wants, but I'm 99% sure a stock mastodon instance does not do this. There's a very clear privacy warning when you try to dm a user from another server.

Tqft @tqft@octodon.social

@polymerwitch @bcrypt another reason to support encryption

Briar Rose @polymerwitch@toot.cat

@bcrypt I don't believe that would federate with us. if users on our instance can see a message in their TL then it's stored plaintext in the db

mastodon.social powered by Mastodon