OC The fediverse is a privacy nightmare

ActivityPub, the protocol that powers the fediverse (including Mastodon – same caveats as the first two times, will be used interchangeably, deal with it) is not private. It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable. To function, the network relies upon the good faith participation of thousands of independently owned and operated servers, but a bad actor simply has to behave not in good faith and there is absolutely no mechanism to stop them or to get around this. Worse, whatever legal protections are in place around personal data are either non-applicable or would be stunningly hard to enforce.


I’m not sure this blog post is the “ah-ha!” revelation you think it is.

If you’re posting something, you’re choosing to put that out there on the public internet which should henceforth be considered “public.” This isn’t a privacy violation unless you choose to make it one by violating your own privacy by oversharing sensitive information.

This has been the case online since time immemorial. Once something’s out there, consider it non-retractable. This isn’t specific to the Fediverse/ActivityPub. Even in centralized forums/reddit the things you post were cached by web archive/scraped by unscrupulous sites/used to train AI, etc. even if you tried to delete them from the source server. “Deletion” has never truly been a thing on the internet, which is precisely why people should really consider what they post. Heck, there were specific sites dedicated to showing which comments were “deleted” from reddit in full.

I don’t consider any of these things “privacy violations.” A privacy violation would be if the email address you signed up to your instance with was being broadcast to other servers in the open. What you choose to put out there is up to you and the inherent danger with interacting with any form of social media.

mightysashiman avatar

The core issue is not the technology imho. It’s the people : their rampant narcissism that has become the new norm since facebook, and the urge to always post useless crap about themselve everywhere, then suprise-pokemoning when they realise it may not have been the brightest of ideas.

bathrobe avatar



Maybe you didn’t read where it says even DIRECT MESSAGES aka private messages you send to people, and don’t choose to post in public, is easily and easily available.

This place is already an echo chamber. Jesus that’s bad. Everyone is on a new team and now we love this team and this team is never wrong and all criticisms are invalid. Even the really bad ones.

I don’t really care. I’m old enough to have never trusted the internet. But let’s not pretend this isn’t a huge fucking deal, and isn’t completely fucked just because Reddit bad and fediverse good

Deceptichum avatar

Huh funny how a direct message is not a private message, almost like they’re even called completely different things.

Everything is public here, some stupid Euro anti-user ideals on privacy aren’t the be all and end all .

Things put in public are public. There is no privacy concern because there has never any privacy, nor will there ever be any privacy to be concerned about in a non-private platform such as this.

bathrobe avatar


@Bloonface @TiffyBelle

What do they call “private messages” on Twitter? What do you think DMs means on social media? Drivate Messages?

Deceptichum avatar

Does Twitter have private messages? I'd have assumed they have access to everything you've posted.

IMs, PMs, and DMs are all pretty different things.

bathrobe avatar


Yes. DMs on Twitter are Direct Messages and are supposed to be private messages send to someone else that no one else can see (except server admins, et al, as we are talking about here). If you send a DM to someone on Twitter or whatever social media (they use DMs to mean private messages on Instagram as well) it’s not on the public feed, no one can search it. Like having a text message conversation


"Direct Message" and "Private Message" indeed mean different things. In practice, because both involve messaging one individual user, a good deal of people (including myself) still expect them to be functionally the same. Part of this functionality we expect is that there is an attempt to make these messages less visible and easy to access than the reply I just sent to you right now. This expectation is validated on Twitter:

Direct Messages are the private side of Twitter. You can use Direct Messages to have private conversations with people about Tweets and other content.

on Instagram:

Instagram DMs are an in-app messaging feature that allow you to share and privately exchange text, photos, Reels, and posts with one or more people.

by Cambridge Dictionary:

a private message sent on a social media website, that only the person it is sent to can see

and by the fact that if you go on anyone's profile, you can see post history, comment history, and boosts, but not a list of who they tried to send an individual message to or what those messages were. I believe that more technical people could retrieve such messages, that the messages are not totally secure, but to my layman eyes, I do still expect that there was at least an attempt to make these messages private.

TiffyBelle, (edited )

There are literally warnings when you try to DM someone on Fediverse apps that say it should not be treated as a secure medium:



Even on traditional centralized platforms I’ve never treated DMs as “private.” Anything not end-to-end encrypted cannot be considered private and never has been able to be. Once again, these aren’t exclusive issues to the Fediverse.

With that said, I do see it as important to draw attention to these types of things. Users should absolutely know not to share sensitive information via DM, or make the mistake of considering them a secure medium on any platform, centralized or not.

melmc, (edited )
melmc avatar

Of course you can have encrypted group chats on Signal, if you're not concerned about meta data. Or xmpp group chats with encryption if you want decentralization. You can keep your secret stuff secret and your public stuff public simply by using different apps.

bathrobe avatar



And if other instance owners have access to the private messages of people on every instance, that is a shockingly large flaw. I’m not exactly sure how insecure private messaging would be here. Not that I have people to message. But it being centralized would be more secure if decentralization would allow a much larger number of people to have access to something that, really, should be private.

There are an overwhelming number of people I don’t think are savvy or cynical enough, call it what you will, to understand that just because they call something a private message - or just because it’s supposed to be a one to one interaction - doesn’t mean no one else can see it. I would think, if anything, an overwhelming majority of people who send a private message/DM on a social media assume that no one else at ALL has access to that information.


"Posting things publically is a privacy nightmare"

RoboRay, (edited )
RoboRay avatar

The Internet is inherently a privacy nightmare. The Fediverse, unlike other services, just doesn't pretend there is privacy.

If you want privacy, you should be using end to end encryption rather than trusting a service provider to protect you. This is as true for every other service as it is for federated ones.

LoafyLemon avatar

There's no stronger privacy protection than yourself.

By being in the open, you learn how to talk online without oversharing, or being an asshole, which I think is beneficial for mental health, but also for the platform as it reduces toxicity.

DMs being open I can see being a problem, but it could be fixed with end-to-end encryption.

rasterweb avatar

“The Internet is a privacy nightmare” (Fixed it.)

HeartyBeast avatar

Wait until you find out about e-mail!

PabloDiscobar avatar

e-mail is protected by law.

RoboRay avatar


PabloDiscobar avatar

Go troll somewhere else.

RoboRay avatar

Cite and quote the specific laws that actually prevent anyone but the recipent from reading an email. If you can't or won't, you are the troll.

PabloDiscobar avatar

No. I leave you this burden. It's too easy to type "Hilarious" and let the other party do the research.

RoboRay avatar

I can't find things that don't exist.

You are the one saying it does, so the burden of proof is on you, troll.

PabloDiscobar avatar


edit: lol, you downvoted me like kids do.

RoboRay, (edited )
RoboRay avatar

You were downed for failing to grasp very simple concepts of logic.


And pulling out is an effective form of birth control



  • Loading...
  • RoboRay,
    RoboRay avatar

    Sure, but that's not the broad and obviously false claim made.

    HeartyBeast avatar

    That depends entirely on which country you are in and where the mailservers that your email passes through is located.

    wave_walnut avatar

    Even if fediverse is a nightmare, SNS owned by big tech would be more worse than it.

    ZILtoid1991 avatar

    Mfs when they realize that a public social media is public (shocking relevation):


    aroom avatar

    Thanks @Bloonface for writing and sharing this. I think that it's fundamental to analyse what's happening with ActivityPub and the Fediverse. It's good to be here, it feels good to be freed of any disgusting CEO. But still I find it sane to ask ourselves about the quirks that should be addressed with the fediverse?

    I have a few on the top of my mind:

    • instance ownership - admin labour and mental charge, moderation, cost of the server and financing transparency
    • privacy
    • activityPub energy efficiency - is it efficient or should I refrain from posting?

    Not all instances are run as co-op. We rely on people who are doing a lot of work and paying server cost from their own pocket. Maybe they got funded by users, maybe not. It's not that transparent. And admin have some issues with each other, defederating, blocking instance for personal or non so personal reason. So at the end it's not a really sustainable way of building things in my opinion. Some instances are funded as co-op, but most are not. We are relying on individuals to keep things running. The mental charge is big.

    We need transparency about instance ownership to be able to choose what model we want to support.

    I'm also really interested on how the GDPR compliance will be enforced. Meta's threads couldn't launch in the EU, so I wonder about the status of Mastodon. Is it a work in progress situation or did the EU not reach out mastodon.social yet and wait for a bigger user base?

    Regarding the efficiency of the protocol, I couldn't find any discussion about it. I was wondering if the cost of being federated, posts and media being pushed from server to sever will have a negative impact regarding energetic consumption. I've read that mastodon was quite "hungry". So I asked one of ActivityPub co author about it, if they accounted energetic consumption when designing the protocol. The answer was "No." And they blocked me.

    Maybe it's not a big deal and the impact is not bad. But right now if have no idea. So I'm using a service without knowing the cost of it, the consequence, and this is not ok. And I find it really annoying that this topics is not being covered more and the discussion censored in a way.

    It's not a matter of ruining the nice thing we have. It's more about transparency, let users know where we are now, so we can all decide where we would go next.

    Deceptichum avatar

    Chat rooms and forums persisted for decades being run by small groups of users or individuals.

    This is completely sustainable and a return to what the Internet used to be before the sanitised corporate owned version you seem to think is important.

    Also do you know the cost and consequences of your ISPs internet connection you are using?

    Frankly your post sounds like some astroturfed concern-troll shit.

    aroom avatar

    Well I'm sorry that you read it this way. I was not my intention.

    You didn't address any of my points and you just unequivocally judged it and dismissed it.

    Deceptichum avatar

    I addressed your point of sustainability through examples of this being sustainable in the past and queried the validity of your concerns about “using a service without knowing the cost of it, the consequence” by questioning if you ever bothered with this in any other aspect of your life up until now (e.x. the very Internet you would use to access such a service in the first place).

    Im sorry your reading comprehension wasn’t able to see that.

    aroom avatar

    and for you throwing an example is enough to make a point? how do you know that I don't bother about it on other places on the web? do you know about whataboutism? do you think that the old "it was always like this so it's ok" is a relevant position?

    please keep your condescending tone to you. if you don't want to have a real discussion about this and just want to get upvotes, go for it. I don't care and leave me alone please

    Deceptichum avatar

    Mhmm because it’s so probable that any individual has actually gone to the length of questioning every ISP and only selecting the most ethical one, assuming you’re even in a location with multiple providers. Let alone every other aspect of their life. It’s far more likely concern trolling, especially coupled with this constant victimhood response you keep deflecting with.

    This is a real discussion, but you’re free to not respond … and let’s be honest you’ve addressed zero of my response so far so it’s not like anything would change.

    0xtero avatar

    It's a very good, well articulated post that anyone new to fedi should read and be aware of and try to internalize.

    I like the fediverse because it builds on the idea of small communities exchanging information, but I do agree that the protocol is somewhat lacking when it comes to data integrity and confidentiality - it's too easy to act in bad faith and there's very little we users can do to protect us from it. The protocol does excel in availability though, your posts are everywhere! So yay?

    This behavior, may, or may not be suitable for your personal threat model. You have to make that call, but I from what I've seen, it's one of those "oh this is too complicated"-things that surround fediverse adaption. Spreading awareness around this is hard. Your blog was well written and full of facts, but I doubt many got through the whole thing. It's more fun to discuss if we should call ourselves kbinners or kedditors.

    I've been debating this back and worth in my head ever since I joined - right now I'm still posting under my real name and try to post my content with that in mind. That means I have to moderate my posting. I think I might be too old school to not to, but who knows, at some point, I might run into that RaspberryPi armed nazi and that will probably change things.

    Ideally, I'd like to see some W3C activity around this. I was hopeful that perhaps one of the big tech players would throw money and resources to update the spec, but now that it's apparent Meta took that spot, I'm not very hopeful we'll ever see significant protocol improvements on that field.

    I'm interested in finding out how Meta is going to deal with federation - they do have to worry about regulators and privacy watchdogs after all - I'd imagine they won't enable their outgoing federation at all, because at that point they lose control over the data - or - maybe they'll just federate with couple of "big instances" (even though, that will be dodgy enough, as you point out in your post).

    The GDPR angle is interesting. I'd imagine someone will try to enforce it, sooner or later, but I doubt you'll find much interest from the law enforcement to go and bust someones lonely RaspberryPi, just because it isn't in compliance with GDPR. If you admin a large instance though... thoughts and prayers..

    Anyway - good info and well written. Worth a read if you're new to fedi!

    PabloDiscobar avatar

    Anyone can sync 100% of the fediverse on private servers for AI training, true. Do not get doxxed.

    If you go do microblogging with your own name it's on you.

    What the fediverse protects you from (in theory) is from getting your ip, email or browser id stolen and matched with your comments.


    All very true, basically the same deal as with any 90/early 00’s forum.


    It seems a lot worse than that… At least somebody would have to hack a 90s forum to see your DMs.

    sab avatar

    No, you'd only have to be the admin. Which is the same at the Fediverse - DMs between two servers can in be seen by the admins of the two servers, should they so desire.

    That's not really so different from mainstream social media, the difference here is that the admin is some normal person, not Mark Zuckerberg or Elon Musk or something.

    It's absolutely important that people understand this - if you intend for anything to be private, use Matrix or Signal or something. Anything online that is not encrypted is just not truly private. Simple as that.

    However, this is also true for any other social media people use. The fediverse is actually kind of neat in that the data is spread out across a bunch of servers, rather than at one central server where the same admins has access to everything.


    I'm able to see the purchase history of everything that's bought at my company, be it online or in store. I don't do it, because I don't give a fuck and I've signed several agreements to be a good boy.

    Data has to be validated, verified, checked, processed etc. Someone will have a possibility to view it if it's not an end to end encryption, and then you won't be able to easily report abuse. That's just how things work.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • fediverse
  • khanakhh
  • Durango
  • thenastyranch
  • slotface
  • mdbf
  • normalnudes
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • rhentai
  • cubers
  • rosin
  • magazineikmin
  • tacticalgear
  • tester
  • lostlight
  • GTA5RPClips
  • Leos
  • Youngstown
  • everett
  • cisconetworking
  • osvaldo12
  • relationshipadvice
  • HellsKitchen
  • ethstaker
  • modclub
  • bokunoheroacademia
  • sketchdaily
  • All magazines