@kemonine That's a bit creepy ...
I work hard to build trust (aka : I never used that feature until today when I wanted screen grabs) but... it's an important point to make for the new users.
I like to arrange a side channel for comms outside of DM's personally.
@kemonine that sounds to be the most reasonable option. I think handing off dm to another service would be best.
wow, I am even an admin on a serer and I didn't realize we could do that. Admittedly it's been a while since I had to look at the admin interface for anything.
@frankiesaxx Yeah, even mods have the capability now...
I hadn't had a need or desire to look at it until today when putting that toot together.
An important reminder why side channels like Matrix, Signal, Telegram, etc are important in addition to Mastodon DMs
@kemonine (Mastodon DMs suck from a usability perspective too.)
@frankiesaxx Well yeah but I prefer not to call attention to that just yet 😉
@kemonine haha I don't think you have to. It's glaringly obvious to anyone who's ever used DM's/messaging on another platform.
@frankiesaxx I dunno, I prefer masto's to the modal window crap that Twitter has...
But then again I've been a fan of side channel messaging for years now.
If I want private comms best to find a direct messaging setup that's harder to snoop...
@kemonine i also don't treat any of my online communications as truly private, regardless of channel. Like, you and me, alone in an isolated outdoor area with no devices, I would trust as about as private as I can get.
@kemonine if there is no end-to-end encryption, never assume that what you write is private.
@kemonine And, additionally, act in a way that your admin can trust you :).
What I mean is... posting on their instance signifies an act of trusting the admin of that instance, just as the admin allowing you to post on their instance is an act of trust that you're not going to do something nefarious or put them in a bad situation (given the uncertain effect of recent pending changes in net neutrality laws).
This whole federation concept really hinges on maintaining that two-way trust.
Well stated 👍
@howl That's assuming the moderation team has DB access....
More than a few instances are hosted by a 3rd party who is the only one w/ db access.
I've also found a *lot* of people have never considered such a thing.
Nevermind how simple it is to dig 😉
@howl That's the default behavior for now.
However, if a brand or big company wanted to run their instance I would hope they make it clear that it's a corporation behind the scenes.
abuse Show more
It would be interesting if the software could be adjusted hide any non public posts (that haven't been reported) in admin view, like behind a CW kind of. It wouldn't be foolproof if the admin wanted to see them, but as an admin, it would be easier to not see "private" stuff without a reason.
@kemonine Also technically the admin can pretty much shut down mastodon, open up the underlying databases, and dig through things.
admins = root. root 0wnzor j00, to speak in a now long-gone internet dialect.
@pnathan Not scritly....
There are a bunch of instances hosted via 3rd party services w/o direct db access (or root).
On top of that the moderation interface (ie, less privs than admin) also includes that feature.
You'd be surprised how many don't consider some of this when picking an instance.
@kemonine I havn't popped open the hood on Mastodon for a while - it's still mostly sidekiq and postgres, yes?
@pnathan Yes, the vast majority is still sidekiq and postgres.
I'm told the updated search features are backed by elasticsearch and someone has done some FTS tweaks to the postgres side on a larger instance to avoid the additional JRE dependency.
Admins have many options for digging these days.
@kemonine heh, so, still, in the end, they who have root on the cluster 0wn j00.
@kemonine This page corresponds to the moderation page following a report...
It remains useful to act easily.
But Yes, the admin has access to everything from the database.
@kemonine Don't trust your admins I'd say... and create democratic ways for the users of our instances to decide on this... sysadmins can't be the dictators of the flow of information... this responsibility has to be shared
@ajeremias Very fair point.
however, how do you democratize something most people aren't aware of and/or versed enough to handle in a secure fashion?
@kemonine we are going to make calls for monthly general assemblies.. and the users which of our instance/node (we also give other services) are welcome to participate, help, contribute, and find better ways to sustain our data/servers.
@Laurelai @kemonine yeah but without trust life is not worth... and even if that happens, its easy to create another instance... we feel inspired by the movement of squats, which dedicates their time to squat empty buildings and find ways to govern them with direct democracy and consensus!! long live anarchy \o/
@ajeremias @kemonine The internet has one old rule that still applies: people in power are those who run things. If I decide to run an instance and to manage it alone and act like a dictator, it is my right.
If a couple people decide to run another and rule together while one of then admins, it is their right. Just as much as a hive of users co-managing an instance.
Just don't expect voice or power after simply registering on someone else's service.
My point was not all instances will apply the same rule, and no there is no legitimacy in complaining about those who don't. Just use another instance. Hell, open yours if you can't agree with anyone.
@kemonine damn it, I thought they were sitting in postgres shell, finding DMs with SQL queries, and you're telling me they have a GUI? Lazy bastards...
@kemonine @angristan A server admin can always see anything you send through that server if it isn't end-to-end encrypted. In a big company like Facebook or Google they may have strict restrictions on who is allowed to read random people's private messages, but on a small server run by a single person, there's literally nobody other than that admin who can decide that.
@kemonine Uhhh why did you use the star of David to highlight the delete button?
@Gargron Because it was the best 'star' option in mspaint...
Not intended negatively, just the one tool I hit first when finding something to draw attention.
@kemonine umm wtf so it’s no a distributed network?
@Nixfreak It's a distributed network but once a toot hits a remote node/server/instance... all bets are off.
@kemonine What about encrypted toots?
@Nixfreak You could use OTR or similar but that's not baked into anything at present (at least nothing I've heard about, others may have options).
I normally recommend users negotiate a side channel (matrix/riot/signal/etc) via DM to take anything that could benefit from e2e crypto or more privacy off masto...
This place is designed for expression (publicly displaying your life, ideas and opinions), not for communication (talking privately to your intimate friends).
If you are looking for properly distributed communication tools, have a look at Matrix/Riot.
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!