Just as a heads-up, don’t use PMs/DMs on Mastodon, and if you have to never share any private information.
Admins of sending and receiving instances can read those, as there is no end-to-end encryption. Even if you trust the admins, instance ownership could change or hackers or government could get in.
Use different tools designed specifically for this.
@thomasfuchs valid, though keep in mind this is just as true for facebook, twitter, and the like. Admins can (And do) read your DM's there too.
Telegram’s encryption is off by default and must be explicitly enabled.
Also, if your threat model includes state actors then know that the people who created Telegram’s protocol aren’t cryptographers. Cryptographers who have evaluated the protocol generally view it as subpar.
Keybase also has end-to-end encrypted messaging though I haven’t seen their protocol assessed.
The original server operated by the Mastodon gGmbH non-profit