H3KTLC 
racheltobac Lots of folks asking me “can’t the admin see your DMs on Mastodon?” Yes. Use this site like every single thing you do or say is public, which isn’t much more different than how you should use other non encrypted platforms where engineers/admin employees working on the platform can see your personal messages. Treat all communication here like it’s on a public forum, then take it to encrypted comms for private conversations.
This is like a public square where anyone can listen to you shout! Then if you want to talk to someone privately you can do so.
We are getting these questions because of a cool reason — Mastodon has reached folks who aren’t familiar with this concept! That’s cool and we can celebrate that while helping the folks who are newer to threat modeling/encrypted platforms or who just want to learn more about how this works!
Aditya Anand@racheltobac Because there are no advertisers and no need to push a certain viewpoint. The feeling I get after using Mastodon is quite unique. My brain has been so used to seeing advertising that I am feeling like as if I am in remission.
Allison Nixon@racheltobac "treat this like an old school vbulletin or PHPBB forum", ok that makes sense to me.
👩💻 Jess "GirlGerms" Dodson 
@racheltobac 100% agree - I avoid DMs on anything other than encrypted platforms if I don't want it shared with others. Surely this is a no-brainer?
Tanawts@racheltobac Indeed, Mastodon is IRC for your Web Browser/Mobile -- chat / broadcast / shitpost accordingly
Matt Doughty@racheltobac If anything, people have sort of ignored this issue on systems that are commercially owned, but that is also a bad idea.
I don't trust the bird site either in that regard.
Officially Tara 🕷️ 
🌹@racheltobac when people get upset about this, it makes me worry about how they use all kinds of other insecure technology... like dms on the bird site have never been secure either!
David@racheltobac scoping “DM” out was a smart move, and I agree strongly with your take. No reason folks can’t advertise Signal (or whatever) addresses in their bios.
Corvid@racheltobac it’s peculiar that people raise such a fuzz about Mastodon instances being able to read your DMs while also using equally insecure services like SMS and Facebook Messenger.
There’s something that allows people to trust large corporations with their sensitive data that doesn’t translate to non-profit or community run sites.
There’s something that allows people to trust large corporations with their sensitive data that doesn’t translate to non-profit or community run sites.
Random Damage 🌻@CleverCorvid @racheltobac I think there's an assumption that a for-profit company is somehow more trustworthy, despite all the available evidence to the contrary
Skyper 💻🎧☕📖@racheltobac FYI, Mastodon is working on adding end-to-end encrypted DMs: https://github.com/mastodon/mastodon/issues/19565.
Derek Caelin 🌱@racheltobac I believe it was Thomas Wolfe who once said, "Dance like nobody is watching, DM like it will one day be read aloud in a deposition."
Tim Richards@racheltobac TBH I always treat DMs or whatever as if I’m sending postcards; ie assume someone unintended may read it.
Hofo@racheltobac even encrypted data can out, secret is in your head. Speak it, write it and it’s vulnerable.
Escarpment@racheltobac Spot on. Private messaging and public messaging are completely different things. This network is optimized for public messaging. A "DM" is just a public post you think would only be interesting to a single person.
Michael Stein@racheltobac @fraunora ... e.g. like email.
Brax@racheltobac 🤔 That's weird. I mean the phone company can hear my phone calls whenever they want BUT it's a crime if they do it. They can go to jail for it. I know someone at Facebook and they are fired if they read something private without a previous accepted request motivated by good reasons.
グレェ「grey」Uh, what?
I think you need to review CALEA & the PATRIOT Act, both of which have provisions for warrantless wiretapping.
Good luck getting AT&T to go to jail. They were convicted as a monopoly & still exist in tyrannical form.
AFAIK, SILC is one of the only end-to-end encrypted comms protocols which even *attempts* to encrypt messages from server operators.
Like SSH, SILC may still be vulnerable to strace/etc. encrypted memory attacks.
Exercises left to the reader.
@byterhymer @racheltobac Well, I'm european and we have much stronger privacy laws but in any case warrantless wiretapping is still something ordered by gov agencies or law enforcement and not Jonny spying his ex girlfriend's private messages or calls. People go to jail for that everyday.
I'll leave you the exercise of understanding the difference.
Jarrod Stenberg@racheltobac not going to bother to look it up, but apparently peeking at DMs can fall under FTC rules and legal precedents established for telecom. Nonetheless, you’d be a fool to assume that they’re truly private.