> As new users set up their accounts and start using Mastodon, they realize that some things work differently than on Twitter … DMs are complicated, and there are concerns about their security.
Isn’t the security model for Mastodon DMs the same as Twitter?
@theking @fediverse DMs aren’t encrypted. They’re basically just posts with a very small audience. Your instance admins can see them, and anyone mentioned in them can see them.
Afaik DMs on Twitter are also not encrypted, so moderators or other employees can view them. So the number of people who can view your DMs on Twitter is probably much higher (hundreds of employees) compared to Mastodon (a couple of server admins).
If, on Mastodon, you make a DM between you and someone else, then you @ a third user in that DM, then the third user becomes able to see that DM. At least that’s what I heard a few weeks ago.
This is because DMs are, regrettably, just normal posts with default visibility of two people. If you @ more people, then they gain visibility into the DM.
@pizza_is_yum
Hmm, okay yeah I could see that being surprising to people who don’t know about it.
@fediverse
Yeah, both have the exact same unexisting security model.
@SrEstegosaurio @theking I hope I live to see the day where end-to-end encryption for DMs is considered the bare minimum
Same…
@theking Not really. A DM between users on different servers is exposed to multiple instance operators. @fediverse
Its exposed to the admins of instances where the involved users are registered. For example if
@sally@mastodon.socialsends a dm to@nelly@example.com, only the admins of mastodon.social and example.com can access it.@arkiuat
So like the same as email or SMS?
@fediverse@theking I‘ve only just begun to study the detailed ActivityPub spec, and I haven’t read the DM part yet. @fediverse
deleted by creator
deleted by creator
deleted by creator
