πŸ’€ KemoNine πŸ’€ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
πŸ’€ KemoNine πŸ’€ @kemonine

Trust your admins, picture edition.

This is an illustrated toot showing the admin interface that lets us admins see ALL OF YOUR TOOTS

Media filters, DM's, delete ability

All from the comfort of a browser.


Β· Web Β· 154 Β· 70

@ghosty183 Indeed...

I work hard to build trust (aka : I never used that feature until today when I wanted screen grabs) but... it's an important point to make for the new users.

I like to arrange a side channel for comms outside of DM's personally.

@kemonine that sounds to be the most reasonable option. I think handing off dm to another service would be best.

@ghosty183 @kemonine yep, as long as I've been on here the standard line is that if you need private, secure communications, take it off Mastodon.

wow, I am even an admin on a serer and I didn't realize we could do that. Admittedly it's been a while since I had to look at the admin interface for anything.

@frankiesaxx Yeah, even mods have the capability now...

I hadn't had a need or desire to look at it until today when putting that toot together.

An important reminder why side channels like Matrix, Signal, Telegram, etc are important in addition to Mastodon DMs

@kemonine (Mastodon DMs suck from a usability perspective too.)

@frankiesaxx Well yeah but I prefer not to call attention to that just yet πŸ˜‰

@kemonine haha I don't think you have to. It's glaringly obvious to anyone who's ever used DM's/messaging on another platform.

@frankiesaxx I dunno, I prefer masto's to the modal window crap that Twitter has...

But then again I've been a fan of side channel messaging for years now.

If I want private comms best to find a direct messaging setup that's harder to snoop...

@kemonine i also don't treat any of my online communications as truly private, regardless of channel. Like, you and me, alone in an isolated outdoor area with no devices, I would trust as about as private as I can get.

@frankiesaxx @kemonine Is now a good time to mention that someone made a pull request a few months ago to show direct messages in a separate column?

No users were harmed in the creation of the parent toot.

The pictured accounts are all MINE.

I have multiple alts and this was setup using MY PERSONAL ACCOUNTS

Until today I never used the feature.

None of my users gave me a need and I hope that they never will.

@kemonine if there is no end-to-end encryption, never assume that what you write is private.

@kemonine And, additionally, act in a way that your admin can trust you :).

What I mean is... posting on their instance signifies an act of trusting the admin of that instance, just as the admin allowing you to post on their instance is an act of trust that you're not going to do something nefarious or put them in a bad situation (given the uncertain effect of recent pending changes in net neutrality laws).

This whole federation concept really hinges on maintaining that two-way trust.

@kemonine that should come as no surprise though. Even if there was no proper interface, it would probably be just a db query away.
Solution: don't send sensitive messages over a federated network with no proper means of end-to-end verification or encryption.

@howl That's assuming the moderation team has DB access....

More than a few instances are hosted by a 3rd party who is the only one w/ db access.

I've also found a *lot* of people have never considered such a thing.

Nevermind how simple it is to dig πŸ˜‰

@kemonine Fair enough, didn't think of that because I picture mostly small instances with just one admin, but I guess that applies to big ones.

And yes, it might need to be more explicit on the interface that admins can see DMs. But hey, "Mastodon" is this "privacy-respecting social network" where your data won't be sold to third parties or used against you, amirite?

@howl That's the default behavior for now.

However, if a brand or big company wanted to run their instance I would hope they make it clear that it's a corporation behind the scenes.

@kemonine last paragraph was ironic. I mostly meant that to say 'hey, there are no technical limitations to make this a botnet and to make an instance sell your brain to the russians', in spite of the many claims especially as of lately of the Fediverse being so good at privacy.

abuse Show more

abuse Show more

abuse Show more

@frankiesaxx @kemonine @moz This is actually a very good suggestion and I would like to add that

@Gargron @frankiesaxx @kemonine @moz could suggest fake privacy feeling. DM would still be in clear in the database.

@kemonine Also technically the admin can pretty much shut down mastodon, open up the underlying databases, and dig through things.

admins = root. root 0wnzor j00, to speak in a now long-gone internet dialect.

@pnathan Not scritly....

There are a bunch of instances hosted via 3rd party services w/o direct db access (or root).

On top of that the moderation interface (ie, less privs than admin) also includes that feature.

You'd be surprised how many don't consider some of this when picking an instance.

@kemonine I havn't popped open the hood on Mastodon for a while - it's still mostly sidekiq and postgres, yes?

@pnathan Yes, the vast majority is still sidekiq and postgres.

I'm told the updated search features are backed by elasticsearch and someone has done some FTS tweaks to the postgres side on a larger instance to avoid the additional JRE dependency.

Admins have many options for digging these days.

@kemonine This page corresponds to the moderation page following a report...
It remains useful to act easily.
But Yes, the admin has access to everything from the database.

@kemonine Don't trust your admins I'd say... and create democratic ways for the users of our instances to decide on this... sysadmins can't be the dictators of the flow of information... this responsibility has to be shared

@ajeremias Very fair point.

however, how do you democratize something most people aren't aware of and/or versed enough to handle in a secure fashion?

@kemonine we are going to make calls for monthly general assemblies.. and the users which of our instance/node (we also give other services) are welcome to participate, help, contribute, and find better ways to sustain our data/servers.

@ajeremias @kemonine Theres no way to enforce a democratic system as one person pays the server bill.

@ajeremias @kemonine Whoever owns the domain and server essentially cant be overthrown, you just have to leave the instance

@ajeremias @kemonine No you dont understand, theres no programatic way to enforce it, you can agree to do it that way, but theres always the risk of the account holder tossing everyone else out, ive seen it happen

@Laurelai @kemonine yeah but without trust life is not worth... and even if that happens, its easy to create another instance... we feel inspired by the movement of squats, which dedicates their time to squat empty buildings and find ways to govern them with direct democracy and consensus!! long live anarchy \o/

@ajeremias @kemonine Im an anarchist and im speaking from experience in anarchist created online communities taken over by hostile admins, but ok

@Laurelai @kemonine aah nooo, thats why i talked about affinity groups... people u meet in real life... instances should be local, no?

@ajeremias @kemonine It literally was an affinity group. We all had known each other for years.

@ajeremias @kemonine Im an anarchist ok, but a lot of anarchists are pretty much ignorant to the signs of an authoritarian personality, how power structures work and how perverse incentives are created.

@ajeremias @kemonine The internet has one old rule that still applies: people in power are those who run things. If I decide to run an instance and to manage it alone and act like a dictator, it is my right.

If a couple people decide to run another and rule together while one of then admins, it is their right. Just as much as a hive of users co-managing an instance.

Just don't expect voice or power after simply registering on someone else's service.

@kaiyou @kemonine im just explaining how we are dealing with the dictatorship of sysadmins on our instance! :)

@ajeremias @kemonine And I do like your model, just like tedomum is pretty open to ideas or critics from its users, even if we do not have formal way of including them I'm decisions (like a vote).

My point was not all instances will apply the same rule, and no there is no legitimacy in complaining about those who don't. Just use another instance. Hell, open yours if you can't agree with anyone.

@kaiyou @kemonine yes for sure.. tottaly agree, i like diversity and the possibility that each instance can do whatever they want.. and about voting, we do not vote.. we use consensus :)

@kemonine damn it, I thought they were sitting in postgres shell, finding DMs with SQL queries, and you're telling me they have a GUI? Lazy bastards...

@kemonine @angristan A server admin can always see anything you send through that server if it isn't end-to-end encrypted. In a big company like Facebook or Google they may have strict restrictions on who is allowed to read random people's private messages, but on a small server run by a single person, there's literally nobody other than that admin who can decide that.

@kemonine Uhhh why did you use the star of David to highlight the delete button?

@Gargron Because it was the best 'star' option in mspaint...

Not intended negatively, just the one tool I hit first when finding something to draw attention.

@kemonine umm wtf so it’s no a distributed network?

@Nixfreak It's a distributed network but once a toot hits a remote node/server/instance... all bets are off.

@Nixfreak You could use OTR or similar but that's not baked into anything at present (at least nothing I've heard about, others may have options).

I normally recommend users negotiate a side channel (matrix/riot/signal/etc) via DM to take anything that could benefit from e2e crypto or more privacy off masto...

@Nixfreak @kemonine Direct Messages are currently a second class citizen on Mastodon.

This place is designed for expression (publicly displaying your life, ideas and opinions), not for communication (talking privately to your intimate friends).

If you are looking for properly distributed communication tools, have a look at Matrix/Riot.