Aral Balkan  

Direct messages (DMs) on #Mastodon /#ActivityPub / the #fediverse are not end-to-end encrypted (#e2ee) and you should never include sensitive/private information in them.

Until they are e2ee, this is all we should be telling people. Anything else is irresponsible and could cause vulnerable people harm.

Specifically, it doesn’t matter:

- if your instance admin is ethical or not
- whether Elon Musk can read DMs easier on Twitter
- etc.

It’s not end-to-end encrypted. It’s not private. End of.

1+
Claudius  

@aral this is at the top of the direct messages, Mastodon is very upfront about it (as it should be!)

Another, IMO, less discoverable problem is, how easily one can compromise their own direct messages when they mention a third party by name - which apparently includes that third party in the conversation.

1
m0xEE
Follow

@claudius @defnull
Mastodon isn't the only software used on Fediverse and, I'm not sure about it, but I think this message appears precisely because a lot of people were raising awareness of the issue. Some ignore even the most explicit warnings — society often instructs us to break the rules, and unless they understand what the warning is about they will likely just dismiss it.
No harm in mentioning it one more time and having a discussion about it 🤷
@aral

· Web · 0 · 0 · 0
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml