An administrative announcement.
Motherfuckers.
https://mastodon.cloud/media/oxNPAqhKHeUAAvMv1X8
Q: How private is Mastodon / GNU Social?
A: Not very. Use email, XMPP, or other secure, encrypted protocols if you need privacy.
@dredmorbius is there any philosophical reason why mastodon isn't on an encrypted protocol, or is it happenstance?
Also, as far as I can tell, everything on Mastodon is public anyway (e.g. no DM feature)
@abbenm There is the option in Mastodon to post Unlisted, Private, or Direct, as well as Global, which you'll find under the :earth_americas: icon in the Toot editor.
These limit the /distribution scope/ of messages, but /do not/ encrypt messages. Instance admins, Follow Bots, and others may be able to see those messages.
I'd have to read spec for the comms link encryption itself.
@dredmorbius awesome, thanks for the tip. glad to know there are DMs. If you don't mind my wasting more of your time, how is it that follow bots "and others" would be able to see non-public messages?
@abbenm Admins can see all traffic, so there's that.
I need to re-scan the docs, but your "Private" posts go to your followers only. Note that your followers select you, /you do not select your followers/. Though you can /block/ selected followers. So ... if you've got a ton of followers, "Private" really isn't particularly useful.
Some of the GNU Social admins strongly recommend small, 40-50ish, instances, so that everyone knows everyone, or at least largely so.
@dredmorbius by the way neither email nor xmpp is encrypted by design regarding your admin. Thus use email+GPG or Xmpp+otr :)
@Cryptie Fair point. Clearly you'd have to encrypt either. I'm not entirely convinced xmpp is a particularly valid option myself.
@Cryptie Or XMPP+OMEMO
@dredmorbius email is not a good example for a secure, encrypted protocol ;)
@dredmorbius well, was it intended to be private or a broadcast / Twitter alternative? Most people here want to get their word out I guess.