❦ Billy Blaze ❦ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
❦ Billy Blaze ❦ @ckeen

What you should not forget is that: public posts are public, private posts may still be public if sent to dishonest servers, DMs are not protected by encryption and rely on both involved instance's honesty.
If you allow everyone to follow you your data may get mined just as on the commercial platforms.
If you have a commercial bot (in disguise) in your followers, it will see and mine those toots.
Just being a federation is no silver bullet to the privacy issue. But ou aren't the product anymore.

· Web · 69 · 54

@phryk There's not a good solution to this. As a commercial entity might build up fake identities and get them connected or buy accounts.

It's COINTELPRO all over again but this time with a capitalistic twist.

@ckeen You can also disable search engine indexing in the settings. Or some instances do it for all users by default (e.g. mine 😊).

@ckeen

Among the many good reasons to use mastodon for public discourse and something secure for those privacy things

@RussSharek @kmj @ckeen

It was suggested ages ago that Mastodon just be bundled with an xmpp server to handle DM and private multiuser chats in a combined interface. This is a solved problem; Mastodon is trying to reinvent the wheel.

@frankiesaxx @ckeen @RussSharek

after month of testing and running an und own matrix instance for me riot/matrix is the way to go for secure e2e encrypted 1:1 and group chat.

@kmj
That would also be a good solution. I think the main thing is people expect it to be in a single location/interface and that if you're interacting with someone on that platform one way, you can transition to another privacy level on the same platform. I want to be able to DM my fediverse homies in my fediverse application. But I don't really care what makes that happen on the back end.
@RussSharek @ckeen

@kmj
And of course anyone is free to fork it and rework the privacy/DM handling. Let the best software win. (I suspect anything that handled DMs like private chat rooms would be a contender, that's the feature I miss most from Twitter.)
@RussSharek @ckeen

@frankiesaxx @ckeen @RussSharek actually i only have mastodon and riot as apps on my phone. riot on my desktop and notebook too. no other messenger or social app installed. i can live quit well having these two separated. as in commercial world, twitter/fb is ok for users

@kmj
I think having or not having the functionality users are trained to expect will affect adoption. I do use Mastodon less b/c for me Twitter is a nexus where ppl I know from a bunch of different places congregate and a lot of my use is in DM chats. I don't know what the solution is to that. Mastodon doesn't support it & it's hard enough to budge ppl off a platform w/o telling them now they need to join two to do what the one does.
@RussSharek @ckeen

@kmj @ckeen @frankiesaxx

How much of a headache was setting up matrix server?

@RussSharek @frankiesaxx @ckeen pretty straight forward. secure freebsd setup, matrix, letsencrypt... point your dns, optionally setup a turn server and you are done

@kmj @RussSharek @frankiesaxx Matrix is on my todo list but I currenty get by just fine with a xmpp server for my peers.

@ckeen @RussSharek @frankiesaxx was running xmpp in the past too, but always missed this multi device in sync part. never would move back

@kmj @RussSharek @frankiesaxx On the plus side the mac clients aren't outdated :)

@kmj @RussSharek @frankiesaxx Last time I have had a look (1.5 yrs ago) the server implementations looked like still being under heavy development. How's that now?

@ckeen @RussSharek @frankiesaxx server runs stable, client linux, ios, android too. i am windows free, but ppl told me stable too. mac works fine too

@ckeen @RussSharek @frankiesaxx standard matrix/synapse server, client riot.im

@ckeen use mastodon for public stuff and riot/matrix for private stuff and collaboration and everything is good.

@ckeen
other/older implementations that don't support Gargron's Mastodon specific privacy controls != dishonest

@ckeen private posts are not part of the ostatus protocol. Servers that follow the protocol but are not running Mastodon are not 'dishonest'. They are following the protocol and Mastodon is not. This sets up false expectations on the part of Mastodon users, which is why the coming move to activitypub is good. (Sorry for this I just kind of object to my server bring called dishonest)

@celesteh That's a good point I haven't thought of. I have had dishonest mastodon servers in mind when I posted that. There have been servers in the wild that have lied about their user stats and one has to assume that not everyone is following even the mastodon extras. And yes activitypub will close at least this gap. Thank you for this addition!

@ckeen I think privacy isn't real anymore especially on the internet just thanks to web scraping. not saying the effort is futile but I think what decentralized apps like mastodon is just giving the power back to the people. i definitely agree that we aren't the product anymore. I have #DeleteFacebook and #DeleteGoogle . Just doing that is a huge step in the right direction. For email I use #Protonmail which encrypts your emails, and doesn't do ads. I should def learn to host my own email though

@ckeen If someone really cares for his privacy, wouldn't it make more sense to use a darknet?

@nadir I am not sure what you mean by that. The context of this post was to make clear the current state of the post settings on mastodon instances.

Even if you use Tor to reach mastodon this applies.

I don't know of any Darknet and don't even know what that means. There are hidden services yes and maybe even GNU social nodes set up as hidden services but how does that apply to the users potentially misled by the mastodon wording?

(and yes there's i2p etc... too)

@ckeen I didn't mean that much, to be honest. Just a littel hype for darknets. Obviously everything in the clear net is not very private (depends who you consider to be the attacker).

@nadir Yes, what's your attacker model? :)

@ckeen I guess something like "the government". I didn't think about the privacy problem for quite a while. To be honest.

@nadir In general I think if that's the adversary one needs to completely rethink device usage and communication means. Check your local resistance group.

Also plan to get a new government.

@ckeen I recall retroshare to be very easy to use, compared to onion or i2p or freenet. Also it feels more like a social network than those. But i didn't really look much into how "private" it is.

@nadir retroshare relies on the same as freenet in 'dark net mode' IIRC. Which is you connect only to people you trust and there are no moles or snitches inside the network. Both do not conceal that they are running retroshare/freenode per se. so that in itself might be a problem.

@nadir Sure, thanks for bringing this up. Now I can point people to this conversation :)

@ckeen Also, did you hear of the freedombox project? I was interested in it when i was interested in darknets too. I think what you said applies for it too (not sure, like said, i gave up on the problem): wiki.debian.org/FreedomBox/Lea

@nadir They are packaging selfhosting applications for group communication etc. and are offering several 'tunneling' options. But none of these have anonymity in mind by design.

If you need a system aimed at anonymity better check out Tails

@ckeen From the top of my head: It is much easier to control, observe, censor centralized services than distributed and self-hosted ones. - In general i agree with what you said (hence i started commenting with "darknets" ... ).

@nadir Decentralising is a good thing on its own: It means you are less reliant on central infrastructure, the internet can function as it has been designed. It however does not mean that it cannot be controlled.

That said I think we agree on that.

@ckeen I recall a nice forum software in i2p. I forgot the name, perhaps syndie. (It wasn't really a forum, like a forum, a bit like a mailing list). So it was in the dark, as in i2p, but also decentralized.

@ckeen This does make me worry that "you aren't the product anymore" means: you get all the bad stuff, but no one has an incentive to make things work. The product is... good feelings?

@ianbicking Well it mostly means that 1. you have to trust your instance admin, 2. unless there is no e2e for DMs they are not private,

@ianbicking One could also ask why people are running services for others in general. There are always several motives at work and the same goes for OStatus/ActivityPub servers.

Admins should be clear about their motifs so you can make a educated choice.