No users were harmed in the creation of the parent toot.
The pictured accounts are all MINE.
I have multiple alts and this was setup using MY PERSONAL ACCOUNTS
Until today I never used the feature.
None of my users gave me a need and I hope that they never will.
@kemonine And, additionally, act in a way that your admin can trust you :).
What I mean is... posting on their instance signifies an act of trusting the admin of that instance, just as the admin allowing you to post on their instance is an act of trust that you're not going to do something nefarious or put them in a bad situation (given the uncertain effect of recent pending changes in net neutrality laws).
This whole federation concept really hinges on maintaining that two-way trust.
abuse Show more
It would be interesting if the software could be adjusted hide any non public posts (that haven't been reported) in admin view, like behind a CW kind of. It wouldn't be foolproof if the admin wanted to see them, but as an admin, it would be easier to not see "private" stuff without a reason.
@pnathan Not scritly....
There are a bunch of instances hosted via 3rd party services w/o direct db access (or root).
On top of that the moderation interface (ie, less privs than admin) also includes that feature.
You'd be surprised how many don't consider some of this when picking an instance.
@pnathan Yes, the vast majority is still sidekiq and postgres.
I'm told the updated search features are backed by elasticsearch and someone has done some FTS tweaks to the postgres side on a larger instance to avoid the additional JRE dependency.
Admins have many options for digging these days.
@Laurelai @kemonine yeah but without trust life is not worth... and even if that happens, its easy to create another instance... we feel inspired by the movement of squats, which dedicates their time to squat empty buildings and find ways to govern them with direct democracy and consensus!! long live anarchy \o/
@ajeremias @kemonine The internet has one old rule that still applies: people in power are those who run things. If I decide to run an instance and to manage it alone and act like a dictator, it is my right.
If a couple people decide to run another and rule together while one of then admins, it is their right. Just as much as a hive of users co-managing an instance.
Just don't expect voice or power after simply registering on someone else's service.
My point was not all instances will apply the same rule, and no there is no legitimacy in complaining about those who don't. Just use another instance. Hell, open yours if you can't agree with anyone.
@kemonine @angristan A server admin can always see anything you send through that server if it isn't end-to-end encrypted. In a big company like Facebook or Google they may have strict restrictions on who is allowed to read random people's private messages, but on a small server run by a single person, there's literally nobody other than that admin who can decide that.
@Nixfreak You could use OTR or similar but that's not baked into anything at present (at least nothing I've heard about, others may have options).
I normally recommend users negotiate a side channel (matrix/riot/signal/etc) via DM to take anything that could benefit from e2e crypto or more privacy off masto...
This place is designed for expression (publicly displaying your life, ideas and opinions), not for communication (talking privately to your intimate friends).
If you are looking for properly distributed communication tools, have a look at Matrix/Riot.
@kemonine I have a long time ago put this in the ToS under Privacy:
"Please note that everything you publish on Mastodon, including direct/private toots, is stored in plain text in our database. So it's technically possible for our system administrators to read everything. That's why you shouldn't use Mastodon for confidential communication. There are better options."
Also remember that it is very likely that Twitter also reads DM's, but Twitter would never admit that of course.
So, in terms of privacy, it is not different from facebook or twitter? I mean, nothing stop a "malevolent being" from create an instance and collect data from its users and the users of other instances that interact with them. Did I understand this right?
So, the real difference between this network and, say, facebook, is that this one is more censor-resistant and you can see the messages in chronological order
@hellion I think 'no different than fb/tw' has a lot to do with your local instance and the instances which you interact. If you're on $bigBrand's instance they are likely data mining. If you're on $privacyFocused instance, they aren't going to be screwing around with your data.
However, if you interact with $bigBrand from $privacy those toots that hit $bigBrandInstance will be mined.
Kind of like e-mail : we can use google or our own. But we need mindful when sending mail to others.
@kemonine I think it's important for people to understand that this is not something that is unique to Mastodon. Any site where you can post information has this capability available to its administrators.
The most important lesson to learn is that if you don't want information to be available publicly, then you shouldn't make it available on a third party site.
That said, a good admin never snoops, but even a good admin will see private information when debugging for example.
I'm glad to hear that.
One of the instances I admin is structured around a voting model for new users and policy making.
I'm hoping the other can grow large enough to have a moderation team 'in due course' where we have community members with active voices.
Building a community is tricky but we can all have a voice if well managed.
@nev With the new invite system (and even before) we structured it as a consensus model for approving new accounts to help keep the number of users low.
It's also structured around a majority consensus for policy making/etc.
The idea is to make it 'difficult' to onboard but once accepted easy to affect change overall.
@nev @kemonine Fair enough. That's a much nicer model. But even then anyone with access to the server will be able to access the information. There is simply no practical solution that will avoid that.
There is also the issue when sending private messages that those messages are not only available to your admin, but also the admin of the receiving instance.
In my opinion, the best advice is still to simply not post sensitive things that would be problematic if they were exposed.
The only way to do this is to store direct messages in encrypted form, and then perform client-side decryption of those messages.
In order to do all of this, you not only need to implement client-side crypto, but you also need to implement a PKI so that you use the proper key when encrypting the messages.
That's a lot of infrastructure for a feature that it's used that much.
@loke @kemonine SysOps have had this capability going back to BBS days of lore as well, but we took our position VERY seriously. Most of us rarely (if ever) snooped on our users. There were of course exceptions and the younger the SysOp the chances are they were immature and did that sort of thing for sure.
However, one bad actor will spoil it for the rest of us.
People are panicking about Facebook data collection and missing the bigger picture IMHO.
The good news is Masto instances aren't here to harvest + sell user data.
A big part of why I left Twitter & haven't used a Facebook account in years is I simply couldn't trust others.
Their centralised nature necessitated a hierarchy.
Reading this just makes it clear that if individuals don't have their own instances & act as their own admins on them, then all that has happened is the localisation of the same hierarchical trust problems; specific to the instance.
That's not a solution.
Reading 'TRUST YOUR ADMIN!' resembles 'Trust Big Brother.'
I agree that's progress, but it is the sort of improvement that protects individual messages of a non-habitual nature.
The known 'we need to discuss this securely' stuff.
It's not protecting the other known problems - the 'I can control my privacy, but my Facebook friends' thoughtlessness screws *me* regardless' problems.
Or the problem of an ordinary piece of information only being revealed as needing to be kept private *in hindsight*.
Now: #LeaveFacebook; soon: ...
I think for a truly secure communication network, there'd need to be an element of sacrifice.
'You blow this, it costs you.'
Think a substantial amount of cash held as a deposit to be allowed to use the service. And no way to ever rejoin the network. No second chance.
I don't know if this'd ever be implementable because anyone with the money could sponsor other people with no interest in the network to set up accounts and just eat the loss when one vanishes.
@Barcode I posted this because it's non-obvious that admins/mods for all instances that your toot 'touches' can be read by someone... and it may not even be the 'root' user on the IT team hosting the service.
I may have chosen my words improperly but needing to trust your (and the person your talking to's) admins is an important point.
The real 'solution' is to negotiate a side channel with e2e crypto. That's the only way you can trust the comms 😢
@pettter @kemonine Trust can be cheap though, because realistically, 98% of "private" online communication between users is boring "what you want for dinner tonight honey?" talk, exchanging pictures of naughty bits, or trash talking other users.
It's not like we're talking nuclear secrets. Pretty much nobody is *nearly* as interested in other people's DMs as those people imagine.
My observation is most people are a lot less concerned about their data being scraped and aggregated and sold and targeted silently by machines than they are about a random human reading their "private" chat.
There was a good Social Science Bites episode on social stratification via data mining
@kemonine @taziden OK, will be implemented.