Direct messages (DMs) on #Mastodon / #ActivityPub / the #fediverse are not end-to-end encrypted (#e2ee) and you should never include sensitive/private information in them.
Until they are e2ee, this is all we should be telling people. Anything else is irresponsible and could cause vulnerable people harm.
Specifically, it doesn’t matter:
if your instance admin is ethical or not
whether Elon Musk can read DMs easier on Twitter
etc.
It’s not end-to-end encrypted. It’s not private. End of.
@aral Certainly journalists should never use DMs on Mastodon or Twitter to communicate with sources. I was disturbed to learn how many journalists use DMs heavily on Twitter.
@aral@mvsde at best #ActivityPub direct messages are a “hailing frequency” of sorts… a way to initiate communication and then switch to more appropriate communications channel.
The “DM” settings on Fediverse should just let you put in your Threema / Signal / etc. contact details instead of having any DM functionality—unless it’s going to let you use public key encryption to deliver your messages.
@aral I am not sure you can say even e2ee is secure. The weak point is you if don't know if the person at the other end of tunnel is actually who you think it is. If Mastodon implemented e2ee but someone else got into your recipient's account, how would you know? In a more extreme case the secret police torture the unlock and try to work you for info.
On the other end of my spectrum if I wanted to send a read only password to my cloud storage of moss pictures a I would consider a DM here
if you want decentralized #E2EE for social networking, the #Matrix protocol is where it's at. Though its more #decentralized discord than twitter. The #ActivityPub protocol will probably never have it. Which is fine, different tools for different things...
@aral I don't think that this should be "solved" at all. There are a lot of good IM protocols out there and great apps for that. Don't like the pace of IM? There are privacy-centric e-mail providers. People should use whatever they are comfortable with! Tighter integration — maybe, but there is no need to reinvent the "Mastodon wheel".
@aral sadly correct. will be good if they ever do become end to end encrypted. becuase I think but could be wrong, the instance admin of the other instance can read them too, ie this is my own instance, but if I sent you a dm, your instance admin could prob read my dms to you? or only your dms that you send me.
@aral It would be much quicker and more interoperable if they could just marry ActivityPub (Mastodon) with the Matrix chat protocol somehow to provide e2ee chat with the same @ handle.
@aral Has there been any movement on e2ee in the fediverse at all? I can find articles covering proposals and such dating from 2020~ or so, but not much else.
@aral This is profoundly good advice. I believe there was a recent case of law enforcement seizing a server admin’s computer while a backup was on the machine. No matter how much you trust your community, as you said, all unencrypted communication should be considered public and discoverable
@michael_robinson I use Signal. This isn’t about cursing the darkness. It‘s about countering an article that appears to be making the rounds on the fediverse today that appears to downplay the issue.
@PNeurona@coloco@aral Es verdad, pero ¿como puedo verificar para otros que @fathermcgruder es lo mismo que crimedad@crimedad.work? No es imposible, pero es mas facil si hay integracion con Mastodon.
@aral They shouldn’t even be called DMs. Private mention is better, but even the ‘private’ indicates more privacy than you truly have.
Granted, I actually think they are a cool concept. Sometimes you only want to mention a specific person and not really bother someone else, but it’s doesn’t need to be private as such.
Add comment