Just as a heads-up, don’t use PMs/DMs on Mastodon, and if you have to never share any private information.

Admins of sending and receiving instances can read those, as there is no end-to-end encryption. Even if you trust the admins, instance ownership could change or hackers or government could get in.

Use different tools designed specifically for this.

@thomasfuchs valid, though keep in mind this is just as true for facebook, twitter, and the like. Admins can (And do) read your DM's there too.

@freemo yup, use something like iMessage, Telegram etc, that has end-to-end encryption

@thomasfuchs @freemo for those reading this thread, here's a non-comprehensive list of alternatives to sending e2ee information online.

1. GPG
3. Signal Messenger
4. Wire
5. Telegram
6. ProtonMail
7. Firefox Send


@thinkMoult @thomasfuchs @freemo

Telegram’s encryption is off by default and must be explicitly enabled.

Also, if your threat model includes state actors then know that the people who created Telegram’s protocol aren’t cryptographers. Cryptographers who have evaluated the protocol generally view it as subpar.

Keybase also has end-to-end encrypted messaging though I haven’t seen their protocol assessed.

Sign in to participate in the conversation

The original server operated by the Mastodon gGmbH non-profit