Toots about "instance admins can read your DMs" have been going around. This is true and you should be aware of it!
You should also be aware that it's true of social media and email services broadly: the companies that run the service store your messages and can read them.
But it did remind of a particular service that uses end-to-end encryption and therefore can't read your messages: Signal. If you are concerned about true privacy, good service to use. Also, their take on it entertains me:
@nbfiroozye
WhatsApp say they do, but I don't believe they've ever been audited and since they haven't published anything as open-source, we can't really tell what their encryption is like...
The trouble with both Signal and WhatsApp is that they're tied to your phone number, which, unless you use a burner phone (illegal in some countries), is tied to your identity. I would think XMPP with OMEMO starts to solve that, but there's still the metadata...
@Rowyn
@dheadshot @nbfiroozye @Rowyn in fact, WhatsApp uses the same protocol that Signal uses. However, your WhatsApp cloud backups aren't encrypted AFAIK, so it's all kinda pointless.
Funnier still, people use internet-connected software keyboards like GBoard to type messages into their super-secure end-to-end-encrypted messengers.
Better, installing Signal from an app store run by a giant bigco means you could be installing a modded binary that sends your private keys to the mothership...
@missqarnstein @Rowyn @dheadshot @nbfiroozye Google could definitely ship a Signal binary modded to do just about anything to a targeted individual, and the only way it would be noticed would be if the targeted individual was watching for it. No one else would ever see it.
Or, they could just ship a systemwide keylogger in GBoard or Play Services and turn it on for users of interest.
You can't trust a phone where a bigco can update the OS/apps at any time. You don't own it. Signal can't help.
Rowyn
NB Firoozye
Deadly Headshot
Gabriel Bauman
hot tran*sexual menace