Mastodawn

Epsi Nov 16, 2022

It’s time. Delete your Twitter DMs

https://grahamcluley.com/its-time-delete-your-twitter-dms/

(If you have friends on Mastodon who have come from Twitter please boost to increase their chance of seeing this. Likes, although appreciated, won't increase this post's visibility)

It’s time. Delete your Twitter DMs

Twitter is in chaos. I'd rather delete my Direct Messages one-by-one than one day find that they are in the hands of a hacker or a disgruntled Twitter employee…

Graham Cluley

Just Matthew 🙏Nov 16, 2022

@gcluley sadly true Graham. "Move fast and break things" may actually break things in very risky, potentially even dangerous ways. It's worth noting that most Mastodon instances do not encrypt DM's in the back-end.

FediThing has moved!Nov 16, 2022

@Irreverent_B @gcluley

By the way, if anyone does want e2ee DMs on Mastodon, here's the issue to vote for:

https://github.com/mastodon/mastodon/issues/19565

According to one of the developers (ClearlyClaire) the encryption is already done, they're just waiting for agreement on a cleartext format.

support zero-knowledge encryption for toots/DMs · Issue #19565 · mastodon/mastodon

Pitch The UI now warns us that: Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon. Would it be possible to use zero-knowledge encryption such that...

GitHub

Chris Nov 16, 2022

@FediThing @Irreverent_B @gcluley Build a stripped down matrix server into mastodon, no need to invent the wheel over and over again. Use already decentralized secure messaging technology. Actually I think mastodon as a whole could do with a some matrix injection.

pingter Nov 16, 2022

@FediThing @Irreverent_B @gcluley Hmm. There's more to federated social media than Mastodon, and there are already specialized tools for E2EE messaging with that as their focus. Crypto potentially done badly may be worse than none at all.

FediThing has moved!Nov 16, 2022

@petererer @gcluley @Irreverent_B

There are already specialised tools, but nowadays a lot of people just expect DMs to be encrypted.

Most don't want to use specialised tools I guess.

Just Matthew 🙏Nov 16, 2022

@FediThing @petererer @gcluley and at some point one must share personal information on an unsecured network, unless I'm missing something.

FediThing has moved!Nov 16, 2022

@Irreverent_B @petererer @gcluley

People generally expect messages intended to be between two people to stay between two people.

I'm talking about a mainstream audience, not tech people.

Just Matthew 🙏Nov 16, 2022

@FediThing @petererer @gcluley

Yes, that's clear. I've no idea how Mastodon would scale to 4 or 500m daily users. It would probably need a 10x or 100x new servers as currently it's a fraction of that.

I'm pretty sure the main devs have reasons for not doing it that are well thought out. I'd be interested in seeing those ..

pingter Nov 16, 2022

@FediThing @Irreverent_B @gcluley Yes, sorry I didn't mean to say E2EE DMs shouldn't be implemented, just that there's a whole raft of software that would "need" to implement it, and all guarantee being secure.

Just Matthew 🙏Nov 16, 2022

@petererer @gcluley @FediThing

A lot will be confused when they @ mention someone in a DM only to discover they now see the message. That is not at all intuitive for a mainstream audience. I guess it's a feature, not a bug.

FediThing has moved!Nov 16, 2022

@Irreverent_B @petererer @gcluley

Yean, the current mention mode ought to be separate from any encrypted DM mode, definitely.

Just Matthew 🙏Nov 16, 2022

@FediThing
Yet to look into it fully, though perhaps e2ee brings potential challenges unwanted by the devs: no moderation or reporting ability and open to legal challenges.

Sonja Nov 16, 2022

@Irreverent_B @petererer @gcluley @FediThing

Wait ... what? That's a thing? 🤯

Just Matthew 🙏Nov 16, 2022

@sonjathegrey yes it's how Mastodon DM's work .. if you @men-tion another person, they are now in the conversation. It's a feature, not a bug.

Miguel Guhlin 🦉 🇵🇦 🇺🇲Nov 16, 2022

@gcluley you’ve heard of Semiphemeral right? Give it a try!

Graham Cluley Nov 16, 2022

@mguhlin My understanding was that it could only delete DMs from the past 30 days. Isn't that the case?

I thought this was a restriction twitter imposed on these automated deletion solutions.

Graham Cluley Nov 16, 2022

@mguhlin From Micah Lee's blog post about Semiphemeral:

"Twitter only tells Semiphemeral about the last 30 days of your DMs. Because of this, Semiphemeral can't automatically delete all your old DMs, only those within the last 30 days. "

The Nexus of Privacy Nov 16, 2022

@gcluley @mguhlin it can't do it automatically but you can upload a copy of your twitter archive.

Miguel Guhlin 🦉 🇵🇦 🇺🇲Nov 16, 2022

@nexusofprivacy @gcluley yes, that is what I did…2-3 times.

Miguel Guhlin 🦉 🇵🇦 🇺🇲Nov 16, 2022

@gcluley it got all of my DMs and I’ve been on Twitter a long while. It took forever and I had to help out a little…but all my DMs are gone. So try it.

SkyPiece Nov 16, 2022

The Chaotic Good 🏳️‍⚧️🏳️‍🌈🖖Nov 16, 2022

@gcluley If someone can help me do this without first sharing my ID with Twitter, that'd be good.

Because right now, Twitter is Demanding them.

Ben Pate 🤘🏻Nov 16, 2022

@gcluley: Wait, you guys were saying private stuff over Twitter?

AmiW Streetart ❄️Nov 16, 2022

@gcluley Do you have any other topic than T. witter? 🤔The word is muted almost everywhere here.🤭

Manuel Royal Nov 16, 2022

@gcluley If my account hadn't been permanently suspended a couple months ago, I'd definitely do that.

AnAffordableWizard Nov 16, 2022

@gcluley Workin on it. TBH 99% of my inbox is just daft spam, but there are a few things that might betray other folks confidence if leaked or sold into advertising databases.

nico kruppe Nov 16, 2022

All, please consider the possibility that you are no way in charge to delete anything you ever submitted on Twitta. Data was your price and Twitta's margin.

Musk won't delete the backups of your Data even If they're yours 🙄

Lesson learned? Really?

Morton Fox Nov 16, 2022

@gcluley I took a peek at my DMs. Nothing really confidential. Unfortunately, there are a lot of phishing links from Twitter users whose accounts have been compromised. Maybe I should finally get on with cleaning those out.

chow Nov 16, 2022

@gcluley If we don’t trust Musk, are we sure the deleted DMs are gone without deleting your account? And if we delete our account, how do we know iDMs are gone forever and not to be found anywhere?
One place the DMs still will be are at the receivers of your DMs.

I know I have shared information with mostly companies via DMs. Airlines, for instance, with questions about my flight or utilities about bills and outages. Companies won’t delete there DMs. #twitter #dm #delete

Ricky Nov 16, 2022

@chow @gcluley I’d be surprised if anything get deleted. People may third-party subpoenas to social media all the time.

Kori Maleski 🐘Nov 16, 2022

Yo! Update post with this:

https://micahflee.com/2020/09/semiphemeral-automate-deleting-your-old-tweets-likes-and-direct-messages/

Easily automate deleting your old tweets, likes, and DMs with Semiphemeral

Kabub Nov 16, 2022

@gcluley Great article! At this point, we should probably just delete any sort of info from our Twitter accounts. Also, thanks for explaining dm's on Mastodon!

ashar Nov 16, 2022

@gcluley nice thought but I doubt if deletion of DMs by a user is really possible. I suspect that DMs are made not visible and not destroyed.

Graham Cluley Nov 16, 2022

@ashar ..which makes them not visible to someone who breaches your account as well.

I agree it doesn’t necessarily provide as much security as if Twitter wiped them entirely, but it is less risk than leaving them.

Esoter1k 👑Nov 16, 2022

@gcluley Elon... the world's dumbest genius billionaire! 🤣

Short TSLA, Short Twitter... short (sell) everything that dumbass douchebag billionaire has!

Esoter1k 👑Nov 16, 2022

@gcluley If a dude is a conspiracy woo-woo populist figure... avoid like a plague! That's what Elon is... #smelllikefaacism

calc.exe Nov 16, 2022

@gcluley There's no guarantee hitting the "Delete" button will even drop those messages from Twitter's database.

Michael Veale Nov 16, 2022

@gcluley Most effective way, if they obey the law, is the make a GDPR request to get DMs deleted. No guarantee deletion from interfaces, even both sides, works (as you note). Instructions on how to use GDPR rights to delete DMs here: https://someone.elses.computer/@mikarv/109326253999130984

Michael Veale (@[email protected])

Twitter is now an insecure platform, haemmorhaging security experts. It could haemmorhage your DMs, through leak or sale. It's no hard guarantee, but your best chance to delete them is with is with #GDPR rights. I've written a blog on how: https://michae.lv/deleting-dms-from-twitter/

Someone Else's Computer

Dieu Nov 16, 2022

@gcluley Regarding 3., it certainly is.

midbit Nov 16, 2022

@gcluley Deleting your DMs won't do much sadly. You've pointed this out in your article, but you only delete your copy of the DM. The recipient still has their own copy and Twitter also keeps a copy for themselves. And since there's no E2EE, it's all in plaintext.

Coach Pāṇini ®Nov 16, 2022

@gcluley “Erasing your Twitter DMs doesn’t actually stop Twitter from keeping a copy of your private messages unbeknownst to you, even if you one day completely close your account.”

Zackery Fretty 🚲Nov 16, 2022

@paninid @gcluley yeah they’d definitely have backups, unless that’s a “micro service” 🤣

BalkansBohemia Nov 16, 2022

Already there.

Tiernan Douieb Nov 16, 2022

@gcluley do you have to delete them individually? I’ve got so many it’s exhausting to contemplate doing that.

Graham Cluley Nov 16, 2022

@tiernandouieb Some folks say a free tool called Semiphemeral can do the job - but I haven't tried it.

Tiernan Douieb Nov 16, 2022

@gcluley cool, didn’t know that one. Thanks!

Andy Berry 🌻Nov 16, 2022

I’m just amazed that anyone ever assumed privacy with Twitter DMs. I always assumed someone, somewhere could read them and I always conducted myself with the intent to bore such an intruder to death.

Rob\Viewdata UK Nov 16, 2022

@AJDB @gcluley Never assume anything on a computer, particularly somebody else's, is private. I learned this one whilst debugging an email server, mid 90s, came across messages between two staff obviously conducting an affair. Not people I knew personally, thankfully. (It was at a customer site. )
Unless e2ee is in force, assume /anybody/ can read your messages.

Terrybernstein Nov 16, 2022

@gcluley Just deleted my Twitter acct. Musk telling his staff they have to sign up to working like slaves or be fired was the last straw. F' him.

Graham Cluley Nov 16, 2022

@Terrybernstein It's extraordinary isn't it.... and I find it hard to believe it is legal (in Europe at the very least)

Rachel Lawson Nov 16, 2022

@gcluley I'm struggling to understand what the purpose of deleting DMs is. They are not encrypted so can already be read by Twitter and delete might not even really mean delete.

Joe in Fife 🏴󠁧󠁢󠁳󠁣󠁴󠁿Nov 16, 2022

@rachel_norfolk @gcluley sure, but someone logging into your account won't be able to read them

though, it does feel like a twitter data dump is imminent

Adam Jacobs 🇺🇦Nov 16, 2022

@gcluley Most of my personal stuff in DMs is when I've dealt with companies on Twitter and they've asked me to confirm stuff like my email or DOB.

I've been through my DMs and have DMed all the companies with whom I've shared personal data, asking them to delete the data on their end.

Of those who have replied so far, 1 was happy to help and told me they'd deleted all my DMs, and 2 have refused.

I don't suppose there is any way to make them do it under GDPR?

figstreetstudio Nov 16, 2022

@gcluley Thanks for the info but since the beginning I ignored the #DM junk on Birdsite. Never thought of using it, especially for important conversation. I checked those sent me after reading this and realized all were SPAM and useless. So, some of us need not go one delete at a time as nothing is contained therein except offers to sell nuddie pictures. However, it is important for us to share info about the risks of a former life on the Birdsite. Thanks for the heads-up.

Graymond Nov 16, 2022

@gcluley thanks for this, I certainly will be sharing your post.

MagsLHalliday Nov 16, 2022

@gcluley @davidallengreen if you live somewhere covered by GDPR you can also use it to request Twitter delete thy DMs. Whether they will is a whole other issue but…

https://michae.lv/deleting-dms-from-twitter/

Deleting DMs from Twitter using the GDPR

Twitter is falling apart at the seams. You might want to do your best to ensure your DMs don't end up in the wrong hands.

michael veale

MaFt Nov 16, 2022

@gcluley Slightly unrelated but was the image update uploaded manually to your post or was it pulled from OpenGraph / Twitter Cards? Cos when I'm posting links it's not doing it...

Graham Cluley Nov 16, 2022

@maft I think in that particular case I attached it manually.

MaFt Nov 16, 2022

@gcluley Cheers

Bruce_Ak Nov 16, 2022

@gcluley
Mmm. You can be sure they are backed up and that they won’t be re opening dozens of RAID archives to do an incomplete mark-delete operation on them