Seeing a lot of people weirded out that "Masto admins can read your DMs!"

Unless it's end-to-end encrypted, any admin of any system you use — Twitter, Facebook, Slack, GMail, etc — can do that.

hope this helps

If you think admins running a free hobby internet website snooping on you is unacceptable, just wait until you hear about all those voice assistant devices in your home!

@ieure It's important AF that people know it! It's not weird but people need to know to not send passwords etc there.

@ieure I've had this thought too, but although my Gmail or Facebook messages aren't end-to-end encrypted, there are more incentives for a large corporation not to personally read my messages than some person running a Mastodon instance as a hobby.

"Facebook employees caught reading private messages" would be a major headline and potentially cost Facebook and their shareholders a lot of money; "Shelly Sysadmin read Harry's messages on Mastodon" probably wouldn't affect Shelly one bit.

@jay @ieure The other thing is that if you are using Mastodon for *all* your private messaging rather than using an encrypted chat application for stuff you don't want leaked, you're doing something wrong.

@jay It took me 30 seconds to find this, and if you think those are "isolated incidents" or there isn't 10x more than that which doesn't get reported, I have this lovely bridge I was thinking of selling.

@jay If your Mastodon admin does sketchy/dumb shit, you can pack your bags and move to another instance, or host your own. Facebook has been doing this stuff constantly, but you have no options, because they lock you in.

@ieure In the case of scanning, that's a program scanning your messages, not a human.

In the case of humans being hired to monitor content, that's humans being assigned random, anonymized content, not people seeking to read the messages of specific targets.

In the case of employees purposely reading specific people's messages, those employees were fired. This disincentivizes this behavior.

If my Mastodon admin reads my messages, I can leave, but the damage is done and the admin pays no cost.

@ieure My point is not that Facebook can't or doesn't do this, but that they have reasons not to, whereas Mastodon admins likely don't need to worry about getting caught.

@ieure Of course if you really care about your messages not being read, you should use Signal or something, but I would trust my messages to be more secure on Facebook's servers than on a small Mastodon instance's.

@jay @ieure Remember the Snowden leaks, the part about how NSA employees would share intercepted nudes among themselves for entertainment.

You don't know what is read by employees in Fb or Twitter nor if people who breached policy were actually fired in all cases, especially the ones we didn't learn about.

I'd say most likely a good amount, though not most of it is read by a human.

@jay @ieure Large companies are very well shielded from consequence even if something does leak, and they most certainly have NDAs covering all this stuff so that people are discouraged from disclosing any info about their policies and particular events regarding mishandling of private data.

@brocolie These are important observations, but the original point was that "Alexa listening to you is the same as a Mastodon admin reading your DMs," which is not at all true.

Even if the rules against spying on users are broken, and the security practices to prevent it are circumvented, the fact remains that these rules and practices are in place at all. Whereas Bill Sysadmin has nothing preventing him -- financially, legally, or security-ly -- from reading your private messages.

@jay idk about the legal part. If an instance is owned by a registered nonprofit in the EU, like how is, there are probably more privacy laws that apply to it than for a service owned by a company in the US.

As for the security measures in place, the issue is that we don't know what those are, or even technically if they exist at all.

The only evident difference is the safety in numbers.

@jay in fact, I wonder how much this could even be a problem... like if being an admin of an instance could become a legal liability in itself because of that '-'

I know that there are laws in some places prohibiting you to just store everything encrypted too, because governments may require you to have that information accessible should they ask for it for investigations and such

legal stuff is always a headache.. Funny you're mentioning voice assistants, this was published recently:

We find that Amazon processes voice data to infer user interests and uses it to serve targeted ads on-platform (Echo devices) as well as off-platform (web). Smart speaker interaction leads to as much as 30X higher ad bids from advertisers. Finally, we find that Amazon's and skills' operational practices are often inconsistent with their privacy policies

@volpeon Yep, that's in my reading queue. I expect I'll find the contents horrifying, but entirely unsurprising.

Don’t send personal and sensitive information across insecure channels.

@ieure I have zero interest in other peoples DM. I am way to busy to have the time or inclination to snoop on other people messages. :-)

@ieure I administer e-mail servers, have done so for 25+ years, before that I was a SysOp on a BBS. Being able to spy on people was never an interesting prospect.

And even if it's end-to-end encrypted, they still might be able to via a man-in-the-middle attack, if you're not validating the encryption some other way.

@ieure The astute may have noticed a general shift from "PMs/private messages" to "DMs/direct messages" in the industry over the past, say, 15 years. I believe this is meant to reflect the lack of an expectation of privacy.

@ieure Not that I have any secrets, but it only makes me wonder why it isn't end-to-end encrypted.


Looking for a server that provides end-to-end is not a bad plan for them either. That or using

or its protocol, for more discord like personal chats, but with such security added by default.

@ieure on mastodon at least i know who the admin is.

@ieure While this is true a Twitter, Facebook, etc admin is in charge of millions of accounts and can be fired for invasion of privacy against those users. Here it's a handful of people in charge of a couple hundred and there is no real action that can be taken. So it's a very different animal.

@ieure obligatory: use for encrypted decentralized real-time communication

@ieure Its kinda weird with all the #infosec folks on fedi that there isnt an #encrypted dm/toot app....

@ieure Honestly, I kinda figured that might be the case. Architecturally, I see direct messages as just another privacy level on posts.

@ieure I feel like we as a community should do better at making this point crystal clear.

@ieure Ummmm...when this happened to me on a different instance, it wasn't so much the fact that she COULD in theory read my was the fact that she DID, and kicked me off the instance based on a private conversation. That doesn't happen with the tech giants!

@ieure I think this is a little flippant for a genuine concern.

Other website admins are A. operating on a much larger scale and less likely to care about your messages than a mastodon admin who runs a specific community and B. operating in a situation where if they misuse that ability, have the possibility to be fired.

@ieure Reminds me of Jeff Goldblum and "just because we can, should we?" My point would be, feel free ... my DMs are so tedious you'd die of boredom within a day. My Alexa devices are trying to grow legs and move out.

Sign in to participate in the conversation

The original server operated by the Mastodon gGmbH non-profit