toskarin:

toskarin:

every time tumblr or twitter is shit, recommendations for mastodon instances start going around. my criticism of mastodon hasn’t changed for years now, and it’s a variation on “imagine if tumblr drama could result in a website being deleted and your worst ex getting access to every dm you’ve ever sent”

did you know that mastodon admins can read your dms as long as either you or the recepient are on an instance they host, because they’re not encrypted

proponents argue it’s not a problem when it’s actually extremely a problem considering that mastodon (by design) encourages small friend groups to run instances together and have personal relationships with admins

like it’s just not fit for purpose

This isn’t an issue that is specific to mastodon, your email provider can do this as well, along with Facebook Messenger by default, along with anything using SMS and everything using RCS that doesn’t support google’s extensions for encryption. Only telegrams’ secret chats are only visible to the end recipients.

ANYTHING that doesn’t support end to end encryption means that the administrator can read your direct message. And this can mean one of SEVERAL administrators:

1) The person who runs the server application.
2) The person who administers the virtual server, if applicable.  (If its run in a VPS or in the cloud)
3) The person who runs the PHYSICAL server.  (encryption of the virtual disk does not help you here because as the server is running it needs the the ability to decrypt it and that key usually sits unencrypted in memory)

Now  I’m not saying this isn’t a problem, it very much is, but styling this as a specific mastodon problem as opposed to overall issue with messaging systems seems wrong to me.

So yes, you have to trust your admin doesn’t read your DMs, but also for anything that supports end to end encrypted messaging, you’re going to have to trust that the person running the messaging application isn’t shipping your private key back to their infrastructure and the using it for later decryption.

This all falls back figuring out what threat model you want to protect against and what level of trust you’re willing to have.