Follow

is archiving you. Even if you are not using it.
(If someone using tootdon boost/fav your toot, tootdon saves your toot into their private server)
But why??

@kjwon15 wtf?

I'm going to reverse tootdon now.

If I see the evidence of such behaviour, I'll stop recommending it...

@kjwon15 Hmm that is a great question. They could be trying to make a profit off selling the archivs

@kjwon15 how else is the search supposed to happen lol

@kjwon15 You couldn't expect less from a proprietary app. That's why I only advise open source / libre apps to people/

@kjwon15 i'm curious, how did you figure this out? is there an endpoint on tootdon's servers that we can query?
questions for @tootdon: does it only archive/search public toots? what does it do with the toots if they're deleted on the original instance? perhaps this is intended application behavior but we should know what we are consenting to

@wolfteeth @kjwon15 the app indexes only public toots for search function. If you deleted your toot on tootdon, it will be deleted on the search index too. Toots older than one month will be deleted from the search index.

Kinda pissed at @tootdon right now for not disclosing that they forward public toots to an indexing serving, because I would’ve wanted to know that (and to disable it).

But the immediate reaction of “use open source lol”: did you personally compile it? If not, you’re no better off. You’re trusting the app packager to compile only the code in the public repo.

And for that matter, do you trust that your instance admin isn’t doing the same?

@tek @tootdon unless you check the source yourself, and understand it, and compile yourself, and self host... so yeah, there has to be a balance.
And I’ve never met @kev but I trust him.

I’m also back to using Tootdon as everything else on iOS I find is rubbish for me.

@ignitionigel @tek @tootdon mwahaha that was first mistake.

Joking aside. In the midst of #deletefacebook a few privacy concerns have come to light on mastodon too. For example, admins can see ALL toots on an instance. "Private" or otherwise.

Important note: mastodon doesn't have "Private messaging", it has 1:1 messaging only. I know this has been raised to @Gargron and options are being explored of maybe having a warning msg.

@ignitionigel @tek @tootdon @Gargron ultimately though, there's always going to be some level of trust required for any service of this kind.

If it makes anyone feel more comfortable, I can categorically say that I have NEVER read any toots in the admin system, unless I'm checking an reported account.

Also, I am NOT doing anything with Toot data. It exists on this server and this server alone. @mike is also an admin.

@kev @tek @tootdon @Gargron @mike I can understand that. I have far better things to do with my time than trawl DMs.

@ignitionigel I can echo this. I never read toots in the admin system unless there's a complaint.

I've known @kev for years now, and I would never have signed up to help admin this system if I had any concerns about his integrity.

@tek @tootdon @Gargron

@wolfteeth
I watched DNS requests while using tootdon. Because tootdon offers search function before mastodon supports it.
try out this: api.tootdon.ooo/api/v1/statuses?q=query

@kjwon15 I wonder if this is how Tootdon powers its "Trending" section. Maybe it's not entirely nefarious.

It runs counter to how I think most of us expect such an app to work though.

@kjwon15 Mastodon is Not Secure. I always wondered why there were proprietary clients

@drequivalent @kjwon15 Is there an open source client for iOS? Please don't tell me the open source solution is to switch to an Android device.

@Xial Yeah, someone else gave me that list, too. I guess I didn't see the big shiny documentation. I've switched to Amaroq.

@kjwon15 IIRC all Mastodon servers do this. It’s part of the caching that happens with the federation between servers.

possibly wrong take 

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!