aral,
@aral@mastodon.ar.al avatar

Direct messages (DMs) on / / the are not end-to-end encrypted () and you should never include sensitive/private information in them.

Until they are e2ee, this is all we should be telling people. Anything else is irresponsible and could cause vulnerable people harm.

Specifically, it doesn’t matter:

  • if your instance admin is ethical or not
  • whether Elon Musk can read DMs easier on Twitter
  • etc.

It’s not end-to-end encrypted. It’s not private. End of.

defnull,
@defnull@chaos.social avatar

@aral Mastodon shows a very clear warning if you try to write a DM and it's called "direct" message, not "private" message. I do not know how Mastodon could make this any clearer.

claudius,

@aral this is at the top of the direct messages, Mastodon is very upfront about it (as it should be!)

Another, IMO, less discoverable problem is, how easily one can compromise their own direct messages when they mention a third party by name - which apparently includes that third party in the conversation.

m0xee,

@claudius @defnull
Mastodon isn't the only software used on Fediverse and, I'm not sure about it, but I think this message appears precisely because a lot of people were raising awareness of the issue. Some ignore even the most explicit warnings — society often instructs us to break the rules, and unless they understand what the warning is about they will likely just dismiss it.
No harm in mentioning it one more time and having a discussion about it 🤷
@aral

clov,

@aral that's what I call "technical privacy".

"Legal privacy" is easier to understand: everything not meant to be public, is private.
And sharing private message, like not-encrypted email or not public AS Object (like mastodon's toots), without correspondent agreement is violating privacy (France also have a "Secret de la Correspondance" legal protection).

aral,
@aral@mastodon.ar.al avatar

@clov “Legal privacy” without “technical privacy” is wishful thinking.

Lack of “technical privacy” is what gets people killed.

trustno1,

@clov @aral „Legal“ Privacy without a proper definition of „Legal“ is worth nothing, besides the fact that it involves relying on external facts (people not breaching agreements, govt not changing laws, court orders). „Legal Privacy“ is something I would never advise clients. I‘m a big fan of technical measures - that‘s something you can more likely rely on.

aral,
@aral@mastodon.ar.al avatar

@trustno1 @clov My point is you need both. “Legal privacy” either enshrines “technical privacy” into law or it is bullshit. You can have “technical privacy” without “legal privacy” but you might have to have it from prison and I cannot make guarantees about the state of your kneecaps.

trustno1,

@aral @clov Your second sentence is the perfect summary of what I was trying to say with my toot 👍

clov,

deleted_by_author

    •
    aral,
    @aral@mastodon.ar.al avatar

    @clov And without “technical privacy”, “legal privacy” is worth about as much as the paper it’s written on.

    (Or, more precisely, without “technical privacy” being protected by “legal privacy”.)

    jla,

    @aral thanks for the reminder , my friend

  • All
  • Subscribed
  • Moderated
  • Favorites
  • mastodon
  • DreamBathrooms
  • InstantRegret
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • rosin
  • everett
  • Durango
  • Youngstown
  • slotface
  • cubers
  • kavyap
  • ngwrru68w68
  • ethstaker
  • JUstTest
  • mdbf
  • Leos
  • GTA5RPClips
  • osvaldo12
  • tester
  • modclub
  • khanakhh
  • cisconetworking
  • provamag3
  • anitta
  • normalnudes
  • megavids
  • lostlight
  • All magazines
    •