stopthatgirl7Aug 1, 2023

We tried to run a social media site and it was awful

Extinction looms for FTAV’s Mastodon presence #fediverse

https://www.ft.com/content/8d995a24-d77c-4208-a3a6-603d8788ebcd

Client Challenge

Show threademeralddawn45
Mastodon administrators have access to everyone’s private messages? Wtf? Is lemmy like that?
Aug 1, 2023 at 5:02pmWeb
Show threadCaptainJanegayAug 1, 2023

Anyone who owns a server can access all the data stored on it, unless the data is end-to-end encrypted. Whether it's mastodon, Lemmy, Facebook, twitter, Gmail, vBulletin, whatever.

If you need to say something that you can't risk anyone else seeing, use an end-to-end encrypted messaging app, or implement encryption yourself using e.g. PGP.

Show threademeralddawn45Aug 2, 2023
I mean I don’t care I’m not saying anything illegal anyway, and I assumed reddit administration could read messages, I’m just surprised. I assumed because of how lemmy started and the whole idea of taking away drastic overreach by admins that private messages would be set up to be… private.
Show threadstevecroxAug 2, 2023

The admins to perform upgrades, monitoring, fixes, etc.. will require root access to the database. That means they can alter all your posts to say *blah blah blah" if they wanted.

Similarly passwords will be encrypted within the database and encryption algorithms have to be able to go in both directions. Normally they need a seed value to start random generation. The admin defines the seed as a result an admin can decrypt everything in the database.

Show threadAnarchoYeastyAug 3, 2023
Please never talk about passwords and encryption again without actually learning what is going on. You have no idea what you are talking about. Passwords are NEVER encrypted because then passwords can be decrypted and stolen. Passwords are salted (a phrase / string of characters is added somewhere in your password) and then hashed. Hashed are one way you cannot convert a hash back into a raw string. The only way to get a password from the hash is to try and hash random passwords until you get one that matches your hash. Hence the salt which is included and different for every account. You’d have to spend forever on each row in order to figure out passwords. If you EVER find someone has stored ENCRYPTED passwords take them out back and beat them up because they are being criminal in their neglect.
Show threadMadbrad200Aug 1, 2023
Reddit admins also have access to your reddit messages, btw. Never assume they’re private.