Mastodawn

Early worries I have as a journalist using Mastodon for #journalism:

1) Subpoenas & source protection: You're at the mercy of whoever operates your instance. I'm guessing most smaller instance admins aren't also lawyering up to protect newsgathering.

2) The owner of your instance can read your DMs. Be careful.

3) Publishers could effectively verify journalists by running instances from their official domains. They could surveil their journalists there too. Not every publisher is ethical.

JB Emmons Nov 5, 2022

@couts Excellent points to raise. The fact that DMs aren't encrypted was already a concern to me, but the subpoena issue is arguably a much, much bigger concern for journalists.

Short-term solution: maybe add a note to your profile saying you don't monitor DMs for tips & directing potential sources to a Signal number / alternative encrypted platform.

Andrew Couts Nov 5, 2022

@IntlLawGnome That's my plan! I need to get a virtual number for Signal tho, as my actual phone number is virtually unusable without being posted on social media haha

JB Emmons Nov 5, 2022

@couts A $10/yr plan from MySudo to get a number that you ONLY use for Signal is probably one of the easier options. I guess there's always Google Voice, but I think most people with a GV number like to use that for other purposes.

Andrew Couts Nov 5, 2022

@IntlLawGnome Thanks so much for the tip, I'll definitely check it out.

Viveka Nov 6, 2022

@IntlLawGnome @couts longer term solution: maybe journalists’ professional associations should run instances.

GeneBean Nov 6, 2022

@IntlLawGnome @couts @Viveka you could skip the number all together and use @session

Josef Nov 7, 2022

@IntlLawGnome @couts Twitter DMs were not encrypted eighter.

Dan Fain, Ph.D.Nov 5, 2022

@couts @IntlLawGnome These are fair points, albeit applicable to most platforms that mix publishing and messaging, not unique to the Fediverse. The Mastodon iOS app has a button marked “Publish,” which is a good way to think about participation here. Secure messaging should really be handled via separate channels: perhaps journos should add Signal contact in their Mastodon profile metadata?

Andrew Couts Nov 5, 2022

@danfain @IntlLawGnome Very fair—it's definitely not just Mastodon, the Fediverse, or any other communication tool. End-to-end encrypted chats are the only way to go if you want the most assurance that private convos stay private. (And even there, things can go haywire.)

Stephen Judge 🇮🇪🇪🇺Nov 5, 2022

@couts Thoughts; 1. Stay on an independent journalism instances like https://journa.host/about and collectively fund @adamdavidson to support infrastructure and legal protection.
2. Your DM's on Mastodon are as private as on Twitter; so not at all, and Mastodon warns you of this.
3. Add verified links to OpenPGP fingerprints and Matrix/Signal/Threema/Wire/Session/Briar handles for #SecureMessaging.
4. Verify yourself with @keyoxide signatures. 5. Encourage the use of @securedrop at your media org

Journa.host

The server for working journalists and news outlets on Mastodon. Home to active & retired journalists, media scholars, and a variety of news and journalism adjacent professionals. #Newstodon

Mastodon hosted on journa.host

Andrew Couts Nov 5, 2022

@adamdavidson @securedrop @StephenJudge @keyoxide All very good advice!

Stephen Judge 🇮🇪🇪🇺Nov 5, 2022

@couts Glad you think so. I'd love to see https://journa.host be the hub of high quality independently hosted journalistic discussions. But integrity and protection of communication and sources is vital.

Journa.host

The server for working journalists and news outlets on Mastodon. Home to active & retired journalists, media scholars, and a variety of news and journalism adjacent professionals. #Newstodon

Mastodon hosted on journa.host

Tim Chambers Nov 6, 2022

@StephenJudge @couts Same 👍

Nemo_bis 🌈Nov 6, 2022

@couts @adamdavidson Also, to keep #journalists safer, maybe unions can run #fediverse instances for their members?

Tim Chambers Nov 6, 2022

@StephenJudge @couts @adamdavidson @keyoxide @securedrop

These are all great recommendations.

sharp Nov 6, 2022

@couts Your worries are correct and it's a good analysis of the situation. Remember also though that all of Twitter's engineering staff also has access to their production data, including DMs presumably, with no logging or audit system.

This isn't speculation: it's from mudge's whistle-blower testimony.

Andrew Couts Nov 6, 2022

@sharp Indeed!

Michael Downey 🧢Nov 6, 2022

@couts Mastodon isn't secure or private. Use Signal (good) or SecureDrop (better) for sources. Journalists should also use @keyoxide to verify their identity linking across services and sites.

Steve Sawczyn Nov 6, 2022

@couts I think those are very valid concerns. I think Mastodon is great for general social stuff, but there will always be a place for systems like Signal, Matrix, and the like to ensure secure, private communication.

Drew Mochak Nov 6, 2022

@couts For what it's worth, it looks like there are or were plans to have E2E encrypted DM support for instances but I'm not sure what the state of them is currently. https://github.com/mastodon/mastodon/pull/13820

Add end-to-end encryption API by Gargron · Pull Request #13820 · mastodon/mastodon

Fix #1093 A set of APIs required for the double ratchet encryption algorithm, specifically the Olm implementation developed by Matrix -- but it should be roughly the same as libsignal. An additiona...

GitHub

Drew Mochak Nov 6, 2022

@objectinspace @couts Actually this is probably a better summary of the current state. Looks like they are looking for a cryptographer to implement it client-side. https://github.com/mastodon/mastodon/issues/19565

support zero-knowledge encryption for toots/DMs · Issue #19565 · mastodon/mastodon

Pitch The UI now warns us that: Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon. Would it be possible to use zero-knowledge encryption such that...

GitHub

Tim Chambers Nov 6, 2022

@couts Very good notes here.

Sreedev Krishnakumar Nov 6, 2022

@couts These are extremely valid points. But as for the first point you raised, even Twitter DMs were susceptible to subpoenas but they do also have good lawyers.

I did not think of third point until now, and what you said is exactly what's going to happen once media houses start setting up their own instances and urge their journalists to make accounts in those..

Mrs Mouse at work Nov 6, 2022

@couts is #1 any different than facebook or twitter? I mean, SOP should always be move the contact to a safe contact method ASAP, right?

Sreedev Krishnakumar Nov 6, 2022

@couts I would really like to hear the thoughts of @adamdavidson, who runs journa.host on this.

Will Rehwinkel Nov 6, 2022

@couts Thanks, if you ask me it's best to use the fediverse more casually and use other apps for more secure matters. (which seems like a better way to do things in general, compartmentalization and all)

Trees Nov 6, 2022

@couts Which means instances with lawyers who will help protect journalists / unions will become a preference for journalists... As in Mastodon is a nice sea-change to be talking about new online communication infrastructure/utility development that's not controlled by the major social media providers.

Zalasur 🐸🇺🇦Nov 6, 2022

@couts I've sort of felt like journalists should operate under specialized instances for this reason. Either one managed by their employer or one run by a trusted third party organization.

jimmyrayreid Nov 6, 2022

@couts I'm astonished that news organisations don't have their own instances in here. Why are there BBC journos just on random servers?

Andrew Couts Nov 6, 2022

@jimmyrayreid They will. This kind of thing involves meetings, security assessments, editorial strategy planning, etc. It just takes time.

Bruce Elrick Nov 9, 2022

@couts mairix.org has end-to-end security. Perhaps us it for that aspect?

binaryphile Dec 7, 2022

@couts Never consider any messaging system secure that doesn't support end-to-end encryption.

Oblomov Dec 7, 2022

@binaryphile @couts and even then only if it's open source with verifiable builds.

Tristan Louis Dec 7, 2022

@couts on that last point, then why would you associate with said publisher?

Jeff Dec 7, 2022

@couts I think that point 2 is kinda overblown. The same can be said of your DMs on Twitter or private messages on Facebook etc. It's a reason to be smart about what you share on certain platforms but not a reason not to use them.

Stan Fletcher Dec 7, 2022

@couts I believe all of those points now apply to the birdsite under its current ownership. In fact, that platform is probably worse since its owner can release any tweets or DMs that he chooses at any time.

Brianary Dec 7, 2022

@couts Probably a good reason for news orgs to run their own instance.

The Alaskan Hepcat Dec 7, 2022

@couts DM's are not PM's.

DM's are "directed messages" not private inbox chatting.

This reply is considered a type of DM in Mastodon territory.

Language counts, and it's helpful to educate up and down.

@couts Don't use DMs for anything intended to be private, just like with Twitter.

Tradecraft Writing Dec 7, 2022

@couts I think I’d be reluctant to trust an unencrypted medium, especially a social media account, for convos with sources I need to protect. Perhaps I would use some tool like Confide or Signal or GNU or PGP-encrypted emails, but a lot of times it comes down to low tech tradecraft, for lack of a better word. Meeting someone in the ordinary course of their life, such as at a grocery store, for example.

Joe ❌👑Dec 7, 2022

@couts Yes, Mastodon DMs shouldn't be used for anything confidential. They aren't designed for that. Instead provide other means for sources to contact you: an app that does end to end encryption like Signal or WhatsApp, for example.