RuudNov 9, 2022

Reminder (or maybe eye-opener) to Mastodon users:

Direct Messages on Mastodon are NOT encrypted.

What does this mean: The message is in the database un-encrypted. Anyone with access to the database could potentially read the messages.

For mastodon.world, only the admins have database access (@jeroen, @spaceriker and myself).

If you have really sensitive info, don't share it on Mastodon. There are secure messaging apps for that.

Show thread藤井太洋, Taiyo Fujii
@ruud @spaceriker @jeroen
It's a good reminding. I'm going share every months.
Nov 9, 2022 at 9:57pmWeb
Show thread藤井太洋, Taiyo FujiiNov 9, 2022
@spaceriker @jeroen @ruud
I wrote a novella about developing E2E crypt transporting on Mastodon when Twitter obeys to Chinese censorship, and won Japanese traditional literally award in 2017.
DM encryption had been the most prominent theme since then.
If Mastodon offers web client based vital delivery system, it would be the biggest innovative one after OAuth.
Show thread藤井太洋, Taiyo FujiiNov 9, 2022

@spaceriker @jeroen @ruud
oh!
@Gargron
already implemented!

https://github.com/tootsuite/mastodon/pull/13820

Add end-to-end encryption API by Gargron · Pull Request #13820 · mastodon/mastodon

Fix #1093 A set of APIs required for the double ratchet encryption algorithm, specifically the Olm implementation developed by Matrix -- but it should be roughly the same as libsignal. An additiona...

GitHub