Just as a heads-up, don’t use PMs/DMs on Mastodon, and if you have to never share any private information.
Admins of sending and receiving instances can read those, as there is no end-to-end encryption. Even if you trust the admins, instance ownership could change or hackers or government could get in.
Use different tools designed specifically for this.
@thomasfuchs Note that this isn’t different from other social networks, though in that case it’s employees of the company the social network is operated by that can read your private messages. Some end-to-end secure solutions include Telegram, Signal and iMessage (to a degree).
@thomasfuchs it would be nice somehow to have a fix for this but nothing short of public/private key stored on client side comes to my mind.
@thomasfuchs valid, though keep in mind this is just as true for facebook, twitter, and the like. Admins can (And do) read your DM's there too.
@freemo yup, use something like iMessage, Telegram etc, that has end-to-end encryption
For some users, Signal’s use of phone number as primary identifier is a legit risk. Some people want to message others without revealing their phone numbers.
XMPP+OMEMO may be better for some use cases, but not because Signal is out to get us.
@mkb @thinkMoult @thomasfuchs @freemo It's not that Signal would be deliberately sabotaging anything. I don't think intent factors into bad cybSec. The chain of trust is instantly broken the moment I have to use Play to install it, since it's a blackbox. Google has been known before to acquiesce to bad actor demands (NSA).
However, the phone verification is a sticking point for me by itself. That's a window into my meatspace ID that I'm not sure most should be too comfortable with.
Yeah, for many threat models phone numbers don’t work well as a primary identifier.
If you find you absolutely have to use Signal at some point, it does work to set up a Google voice number and use that instead. I did this on an old Android phone with no SIM. I’d expect the same to work with a throwaway number from Burner.
What have you been using for messaging? Do you like it?
I use XMPP+OMEMO, and Signal both for messaging depending on the technical capabilities of my recipient.
For email, its GPG and Protonmail, again depending on the technical capabilities of the recipient.
Files, its Firefox Send.
I feel using both preferred and consumer friendly options helps people switch.
Telegram’s encryption is off by default and must be explicitly enabled.
Also, if your threat model includes state actors then know that the people who created Telegram’s protocol aren’t cryptographers. Cryptographers who have evaluated the protocol generally view it as subpar.
Keybase also has end-to-end encrypted messaging though I haven’t seen their protocol assessed.
@thomasfuchs it would be amazing to see some of the techniques applied in SSB, Briar, and others applied here; thanks to the pliable nature of the protocol, it's definitely possible to add secure end-to-end encryption for PMs and DMs here.
@thomasfuchs i am happy to give people my discord through PMs in order to have actually private convos. or other social media :P I'm a big fan of marrying different platforms together
@thomasfuchs Isn't it the default for all social networks? I don't know any social network which offers end-to-end encrypted direct messages. The most likely alternative most people will chose is email which can be end-to-end encrypted but most likely won't be.
@bjoern see the second toot in the thread :)
@thomasfuchs it happens so often to me that I reply to a toot just to notice afterwards that someone else already replied something similar because there is no indicator in the timeline that there are already replies... 😕
@bjoern I’m sure the clients and the web app will become better over time. That’s the one thing I actually liked about the official Twitter client, I found the thread view really useful.
@thomasfuchs I mean, I use it sometimes, but only as a way to say something 'quietly'. Like, I don't really mind if people know what I said but it's not of interest to anyone more than a couple of people so I just don't shove it in their timelines.
@thomasfuchs note: this is true for all websites, including Twitter and Facebook. the only truly secure way of transmitting private information is through E2E-encrypted services like Enigmail, Telegram, WhatsApp, etc. and even then there is contention over it.
@fariparedes please see the other toots in the thread
@fariparedes (unfortunately Mastodon makes those a bit hard to discover when there’s many replies)
See this idea from @blaine 🔗 https://mastodon.social/users/blaine/statuses/100570761019831564
@Yolandi this toot answers your question
@anarkeolog thank you
@thomasfuchs Do you mean the instance hosts? Or the instances themselves?
@thomasfuchs I think this is fair and not a huge deal. There are messaging services available and mastodon isn't something we need for that.
@curio yeah, just setting expectations. people may think that because it's sort of "peer-to-peer" that direct messages are private, when they aren't really.
@thomasfuchs Is this something the Mastodon community can work on (since, you know, open source), or has it been discussed before?
@jacobherrington I’m sure it could be solved, but otoh it may be just not the right platform for private messages (there’s plenty of solutions with end-to-end encryption already).
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!