Doc Edward Morbius ❌Q: How private is Mastodon / GNU Social?
A: Not very. Use email, XMPP, or other secure, encrypted protocols if you need privacy.
[moved/Inactive] NasquerAbben@dredmorbius is there any philosophical reason why mastodon isn't on an encrypted protocol, or is it happenstance?
Also, as far as I can tell, everything on Mastodon is public anyway (e.g. no DM feature)
@abbenm There is the option in Mastodon to post Unlisted, Private, or Direct, as well as Global, which you'll find under the :earth_americas: icon in the Toot editor.
These limit the /distribution scope/ of messages, but /do not/ encrypt messages. Instance admins, Follow Bots, and others may be able to see those messages.
I'd have to read spec for the comms link encryption itself.
@dredmorbius awesome, thanks for the tip. glad to know there are DMs. If you don't mind my wasting more of your time, how is it that follow bots "and others" would be able to see non-public messages?
@abbenm Admins can see all traffic, so there's that.
I need to re-scan the docs, but your "Private" posts go to your followers only. Note that your followers select you, /you do not select your followers/. Though you can /block/ selected followers. So ... if you've got a ton of followers, "Private" really isn't particularly useful.
Some of the GNU Social admins strongly recommend small, 40-50ish, instances, so that everyone knows everyone, or at least largely so.
Sebastian@dredmorbius email is not a good example for a secure, encrypted protocol ;)
MMN-o ✅⃠@dredmorbius But at least you can use #tor against most instances afaik. !GNUsocial also works hard on avoiding third party servers, so no external javascript (also compatible without javascript at all) as well as locally stored media. Not even third party servers with a misleading domain name (i.e. Amazon S3 on a subdomain.service.example DNS).
Pseudonymity is king in a decentralised network and anonymous access to your pseudonym means mass-duplication publishing of possibly sensitive data. That's one security/privacy combination out of many.
!XMPP is good in other ways, for other security/privacy scenarios.
!XMPP is good in other ways, for other security/privacy scenarios.
Bob Mottram@mmn xmpp is one of the best systems for private communications in my opinion, even though the cool kids don't seem to like it. It can be routed through Tor. An xmpp server can run only from an onion address (you can do that with !Freedombone) and you can have encrypted group chat with OMEMO which has the OWS-type ratchet.