Just as a heads-up, don’t use PMs/DMs on Mastodon, and if you have to never share any private information.

Admins of sending and receiving instances can read those, as there is no end-to-end encryption. Even if you trust the admins, instance ownership could change or hackers or government could get in.

Use different tools designed specifically for this.

@thomasfuchs Note that this isn’t different from other social networks, though in that case it’s employees of the company the social network is operated by that can read your private messages. Some end-to-end secure solutions include Telegram, Signal and iMessage (to a degree).

@thomasfuchs it would be nice somehow to have a fix for this but nothing short of public/private key stored on client side comes to my mind.

@thomasfuchs valid, though keep in mind this is just as true for facebook, twitter, and the like. Admins can (And do) read your DM's there too.

@freemo yup, use something like iMessage, Telegram etc, that has end-to-end encryption

@thomasfuchs @freemo for those reading this thread, here's a non-comprehensive list of alternatives to sending e2ee information online.

1. GPG
3. Signal Messenger
4. Wire
5. Telegram
6. ProtonMail
7. Firefox Send

@thinkMoult @thomasfuchs @freemo I'll echo this but warn against Signal for now. I want to trust it but they are doing some fishy stuff regarding telling people to use the Play store to get the app, even after self-hosting it.

@alice @thomasfuchs @freemo yes. I'm also wary, which is why I put something like XMPP and OMEMO first.

One explanation behind recommending the play store is because centralised package management does help mitigate rogue fake packages. Pros and cons.

@thinkMoult @alice @thomasfuchs @freemo

For some users, Signal’s use of phone number as primary identifier is a legit risk. Some people want to message others without revealing their phone numbers.

When it comes to the Play Store issue, I place more weight on OSS, privacy policy, and best-in-class protocol than I do on a nebulous threat.

XMPP+OMEMO may be better for some use cases, but not because Signal is out to get us.

@mkb @thinkMoult @thomasfuchs @freemo It's not that Signal would be deliberately sabotaging anything. I don't think intent factors into bad cybSec. The chain of trust is instantly broken the moment I have to use Play to install it, since it's a blackbox. Google has been known before to acquiesce to bad actor demands (NSA).

However, the phone verification is a sticking point for me by itself. That's a window into my meatspace ID that I'm not sure most should be too comfortable with.

@alice @thinkMoult @thomasfuchs @freemo

Yeah, for many threat models phone numbers don’t work well as a primary identifier.

If you find you absolutely have to use Signal at some point, it does work to set up a Google voice number and use that instead. I did this on an old Android phone with no SIM. I’d expect the same to work with a throwaway number from Burner.

What have you been using for messaging? Do you like it?

@mkb @alice @thomasfuchs @freemo nice tip about the throwaway number.

I use XMPP+OMEMO, and Signal both for messaging depending on the technical capabilities of my recipient.

For email, its GPG and Protonmail, again depending on the technical capabilities of the recipient.

Files, its Firefox Send.

I feel using both preferred and consumer friendly options helps people switch.

@thinkMoult @thomasfuchs @freemo

Telegram’s encryption is off by default and must be explicitly enabled.

Also, if your threat model includes state actors then know that the people who created Telegram’s protocol aren’t cryptographers. Cryptographers who have evaluated the protocol generally view it as subpar.

Keybase also has end-to-end encrypted messaging though I haven’t seen their protocol assessed.

@thinkMoult @thomasfuchs @freemo Telegram only has end to end encryption on private chats, not for normal individual chats or group chats

LB I wouldn't necessarily say "don't ever use DMs" but definitely don't say anything you wouldn't want to be public

(the same also goes for unencrypted email, though)

@thomasfuchs it would be amazing to see some of the techniques applied in SSB, Briar, and others applied here; thanks to the pliable nature of the protocol, it's definitely possible to add secure end-to-end encryption for PMs and DMs here.

@thomasfuchs i am happy to give people my discord through PMs in order to have actually private convos. or other social media :P I'm a big fan of marrying different platforms together

@thomasfuchs Isn't it the default for all social networks? I don't know any social network which offers end-to-end encrypted direct messages. The most likely alternative most people will chose is email which can be end-to-end encrypted but most likely won't be.

@thomasfuchs it happens so often to me that I reply to a toot just to notice afterwards that someone else already replied something similar because there is no indicator in the timeline that there are already replies... 😕

@bjoern I’m sure the clients and the web app will become better over time. That’s the one thing I actually liked about the official Twitter client, I found the thread view really useful.

@bjoern @thomasfuchs Facebook offers E2E encrypted “secret chats” in Messenger. It uses the Signal protocol. They introduced it more than a year ago, but I haven’t heard about it anymore or tested it.

@shibayashi @bjoern given Facebook’s track record with privacy, I’d try other apps first 😬

@thomasfuchs @bjoern Sure, absolutely agree with you ;)

I guess the probably just used the know-how from the WhatsApp team to implement the protocol.

It’s not enabled by default in Facebook Messenger and therefore barely used. It’s the same problem with Telegram.

@thomasfuchs I mean, I use it sometimes, but only as a way to say something 'quietly'. Like, I don't really mind if people know what I said but it's not of interest to anyone more than a couple of people so I just don't shove it in their timelines.

@thomasfuchs note: this is true for all websites, including Twitter and Facebook. the only truly secure way of transmitting private information is through E2E-encrypted services like Enigmail, Telegram, WhatsApp, etc. and even then there is contention over it.

@fariparedes (unfortunately Mastodon makes those a bit hard to discover when there’s many replies)

@thomasfuchs Do you mean the instance hosts? Or the instances themselves?

@thomasfuchs Is this something the Mastodon community can work on (since, you know, open source), or has it been discussed before?

@jacobherrington I’m sure it could be solved, but otoh it may be just not the right platform for private messages (there’s plenty of solutions with end-to-end encryption already).

@thomasfuchs I feel like privacy is the way forward for social media, definitely something worth discussing with @Gargron imo

Sign in to participate in the conversation

The original server operated by the Mastodon gGmbH non-profit