Just FYI everyone, don't assume DMs on here are private. From what I can piece together they can very easily be displayed totally publicly if circulating to other instances.

@shinobimonkey I'd say this is important enough that we should get clarification on it asap

I always assume complete lack of privacy in every instance. Just seems the safe way to go.

@shinobimonkey I would never assume a DM was private anywhere other than perhaps on Signal

@schwa DMs are just normal Toots with different privacy settings, but when circulating to other instances there is no guarantee those settings will be respected and the DM not circulated fully publicly.

@shinobimonkey end-to-end public cryptography can fix that

@wiz Definitely an architecture aspect that needs to be totally redone.

@shinobimonkey @wiz Even if it was encrypted you still wouldn't want people knowing *who* you are talking too.

@kelbie @shinobimonkey well with current technology this is no different from hosting your email on google, or sending DMs on twitter, even if encrypted they can still see the “envelope sender” info to know where to route the message

@kelbie @shinobimonkey to put it simply, this is why everyone should run their own node, and not trust others instances

@wiz @shinobimonkey
We need a way to prove to a server that a message can be decrypted by one of their users without knowing which user it can be decrypted by.

@shinobimonkey I found some direct messages in my Inbox, although they were clearly Replies to toots. Weird.

Sign in to participate in the conversation
Bitcoin Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!