dnstommy t1_ixjz7kk wrote on November 24, 2022 at 12:28 AM

Mastodon saves all DM clear text in the sql database. So the admins can read all your DMs for ever. This is a non-starter for most people.

jsled t1_ixkhc1d wrote on November 24, 2022 at 2:54 AM

Wait until I tell you about pretty much every service you use online...

In any case E2EE DMs in mastodon are in development

dnstommy t1_ixki85f wrote on November 24, 2022 at 3:02 AM

This isn’t an argument.

I absolutely use no services that save my DMs clear text. Should not have even started the app with on service, non-public messages.

it’s a non starter and I recommend no one use it. If this is the the security they thought was ok, imagine the rest of it. Join Mastodon and just wait for the alert that your information has been compromised.

rufustphish t1_ixlp1ky wrote on November 24, 2022 at 11:26 AM

Couldn't you just use it knowing what you say might be read in the future? How are you ok with Reddit?

jsled t1_ixlsgs4 wrote on November 24, 2022 at 12:11 PM

> Should not have even started the app with on service, non-public messages.

Maybe the service you think they should have built is not the one they wanted to?

It's not a private messaging protocol. It's an ActivityPub implementation, a public-posting protocol.

In fact, DMs in Mastodon are broadcast to anyone mentioned in them; if you @jsled@mstdn.io in a DM to your buddy, talking shit about me, it gets posted to my inbox!

If you want secure private comms, use Signal, use Cwtch, use SSB.

EmeraldAlicorn t1_ixkrxxo wrote on November 24, 2022 at 4:30 AM

Just send an sql injection attack as a dm. Dogshit security.