Francois BallouxNov 7, 2022
James Ferguson 

Hey everyone. Just making sure everyone knows that direct messages on here are not end-to-end encrypted. They work more like a post, with visibility set to the person/people you tag.

This means an admin (like me), can read these by looking at the database/in backups.

I promise never to do this.

If that's not good enough (which is fine, obviously), please use something like signal for DMs

p.s. Twitter DMs are also not encrypted and anyone there can read them too.

Nov 7, 2022 at 2:07amWeb
Show threadJames Ferguson Nov 7, 2022
Also, I read up on the work by the devs over the last few years on this issue. It is coming, but crypto stuff can take a bit of time to get right. And they want to get it right.
From github:
"the encryption protocol is mostly Matrix's one-on-one protocol, with Facebook's message franking (which allow the recipient of a message to report it to their instance without disclosing other parts of the conversation or compromising the key material)"
Show threadNeilNov 9, 2022
@Psy_Fer_ Nice. In the meantime, I'd recommend something like Matrix over Signal, especially here on the fediverse (as Signal is just another walled garden which most have just moved away from).
Show threadJames Ferguson Nov 9, 2022
@neil Yea that's a good suggestion. Thanks for mentioning it.
Show threadFyodor UrnovNov 7, 2022
@Psy_Fer_ Thank you for being the sysadmin for this channel. It's appreciated.
Show threadLaura WhiteNov 7, 2022
@Psy_Fer_ While "I will never look at these, but use Signal" is a perfectly reasonable policy, it's worth thinking through what you / future admins might do in various accused harassment via DM situations. Hopefully not a thing we'll have to worry about as we grow, but if I know one thing about online communities, it's that moderation at scale is non trivial.
Show threadJames Ferguson Nov 7, 2022

@laurakwhite If you are being harrassed via DM, I'll treat it like being harassed via public posts.

Not sure how the report function works on DMs just yet, as there hasn't been any. So looking forward to that as it comes.

Saying all of that, I have no time for stooges. If people stuff me around trying to moderate a situation, it won't end well for them.

Show threadYoann Pageaud 🧬Nov 7, 2022

@Psy_Fer_ Good to mention ! So many people are confused on Twitter about DM on Mastodon: there is no DM on Mastodon and it is certainly not working like an instant messaging app.

As an alternative, Signal is great. But to remain in the #OpenSource #SelfHosted solutions, #NextcloudTalk is even greater I think 😃 !

I have been using this, hosted on my own server for almost 2 years now, to talk with friends and family: overall, I am pretty satisfied with it (with few bugs from time to time).

Show threadLuis Pedro CoelhoNov 7, 2022

@Psy_Fer_ It's probably not true that "anyone [at Twitter] can read [your DMs] too"

It is true "that there are people at Twitter that can read them", but I think if anyone at Twitter could login and read the database, it'd be both bad practices and not GDPR-compliant

Show threadJames Ferguson Nov 7, 2022
@luispedro Sure you are probably right. They also built end-to-end encryption for their DMs, but never implemented it...for reasons?
Anyway, it will be great when that feature is created and implemented here.
Show threadMartin SmithNov 7, 2022
@Psy_Fer_ what if I DM you ?
Show threadJames Ferguson Nov 7, 2022
@Martinalexsmith what 2 people say over a whisky together in the early hours of the morning is far beyond what encryption can hope to attain.
Show threadAmanda Warr Nov 7, 2022
@Psy_Fer_ given that the only DMs I have actually sent on this site are to you, I'm not too concerned about you being able to read them.
Show threadJames Ferguson Nov 8, 2022
@Amandatron89 😅
Show threadPhilNov 9, 2022
@Psy_Fer_ and RPG.net / enworld forums and all those other geek haunts people frequent
Show threadStever RobbinsNov 9, 2022
@Psy_Fer_ Thank you! This is really good information for us to know.
Show threadBen MowlNov 9, 2022
@Psy_Fer_
I remember when someone got hold of all of Aaron Banks twitter DM's and put them up as a torrent ..
Show threadAydin Kurt-ElliNov 10, 2022
Transparency, honesty, community. I'm really loving the vibes here on @Mastodon @Psy_Fer_
Show threadJosephNov 10, 2022
@Psy_Fer_ Thanks for this. I didn't know, and have made the mistake. I might also add that I like this. I think encryption is overused.