Another friendly reminder:
Mastodon is awesome, but mastodon isn't an appropriate tool if you want private communications. DMs aren't actually private, they can be seen by instance admins and maybe by other people, it isn't at all secure.
Mastodon and GNU social aren't made for private conversations, if you want to have a private conversation there are many tools that are appropriate for that.
I suggest Tox, but Cryptocat and XMPP with OTR are also good. There are others but I have used those
@inmysocks There's a lot of blank spoace in the left column under the toot entry box.
Maybe there should be a warning that "Not to be used for private communication. DM's aren't private."
@unorigmoniker I like this idea.
@gamehawk @inmysocks Ooh! That's good. Concise. To the point. I like that.
Tsatnosk
@inmysocks @unorigmoniker @gamehawk or (a tiny bit) more poeticly: "DMs are only as private as a paper envelope".
@zatnosk @inmysocks @gamehawk I think you mean postcard, no?
@unorigmoniker @gamehawk @zatnosk for a dm it isn't immediately obvious what it says, there has to be some action to read it. @-mentions would be more like a post-card.
@inmysocks @zatnosk @gamehawk Yes, but, since a DM can be read by any node admin, they're more akin to Email and a postcard (since your letter carrier can read your postcards).
@inmysocks @gamehawk @unorigmoniker As a node admin I still have to open the database (paper envelope) and find the message or use a special tool (letter opener) to easily open it. That's why I said envelope.
It's only private as long as anyone who handles it doesn't choose to open up and look.
Also, if I sent a DM to my friend, only the admin(s) of his instance (or mine = me) actually have the message in database. Google doesn't get to read.
@zatnosk @inmysocks @gamehawk Users are rliant upon the honesty of the node admins. I think it provides a false sense of security to claim DMs are any more secure than a postcard to be honest.
@inmysocks @gamehawk @unorigmoniker how is "a letter made of paper in the admins hands" a too safe metaphor? Any privacy based on that is purely based on trusting everyone who handles the letter.
Also, unless you actually build a tool for it, it's not trivial to find and read any given message - yes, it's not encrypted, but it still takes some effort, unlike holding a postcard?
Sorry if I'm being an ass about it, but I like the letter metaphor.
@zatnosk @inmysocks @gamehawk You and I might just have to agree to disagree on this one salient point.
Letters are sealed in envelopes that can't legally be opened except by the recipient or under court order.
A postcard has its contents visible to everyone that handles the piece whether or not someone chooses to read the contents or not.
I've been a sysadmin since 1994 and before that a BBS sysop and now an InfoSec pro since 1999 to know what a letter and a postcard is.
@inmysocks @gamehawk @unorigmoniker sure, let's just disagree. But the just because letters are illegal to open, doesn't make them more secure - you just *trust* the other party to not break a promise / the law.
@zatnosk @inmysocks @gamehawk Postal Service Inspectors are nobody to mess with. They will fuck you up. If there's one thing that's taken very seriously it's the sanctity and security of our mail.
@inmysocks @unorigmoniker Or "DM's are private but not secret."