Meg (@[email protected])

I was going to post an answer after the poll was over but people have been asking a lot, so I guess you get it early? I'll be editing it into the post after the poll is done so people who voted get a notification about it as well. The right answer is that you have to get into the database to read them. Which means you need system administrator access to the hosting servers, not the software "admin" status Mastodon itself has. I'm pretty surprised by the results so far because they don't mesh well to me with how urgent people see this problem. Not because it's unimportant for people to be aware of the constraints of privacy on a website, but because: - this is not unique to Mastodon or even really a feasible problem to solve for basically any web site based system. Anyone telling you you can solve this with "just implement e2e ok?" is selling snakeoil. I could get into why but that'd be a whole other post. But what it boils down to is that if your admin is willing to root around in the database manually for your posts, they're probably willing to do various other workarounds for any practical mitigation including both encryption at rest and end to end encryption. - Mastodon actually tells you every time you send a "private message" the thing everyone is constantly at pains to say and amplify anyways. Maybe apps are less good about warning users? But I think the software itself is pretty clear about this and is, if anything, overstating the "problem". So these results leave me more confused than I was before, basically, about how people mentally model their privacy concerns in terms of the software they use.

Dependency