this post was submitted on 21 Dec 2022
14 points (100.0% liked)

Fediverse

17722 readers
2 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] theking@mathstodon.xyz 4 points 2 years ago* (last edited 2 years ago) (4 children)

> As new users set up their accounts and start using Mastodon, they realize that some things work differently than on Twitter ... DMs are complicated, and there are concerns about their security.

Isn't the security model for Mastodon DMs the same as Twitter?

[–] knottedthreads@mstdn.social 3 points 2 years ago (1 children)

@theking @fediverse DMs aren't encrypted. They're basically just posts with a very small audience. Your instance admins can see them, and anyone mentioned in them can see them.

[–] nutomic@lemmy.ml 3 points 2 years ago

Afaik DMs on Twitter are also not encrypted, so moderators or other employees can view them. So the number of people who can view your DMs on Twitter is probably much higher (hundreds of employees) compared to Mastodon (a couple of server admins).

[–] pizza_is_yum 2 points 2 years ago (1 children)

If, on Mastodon, you make a DM between you and someone else, then you @ a third user in that DM, then the third user becomes able to see that DM. At least that's what I heard a few weeks ago.

This is because DMs are, regrettably, just normal posts with default visibility of two people. If you @ more people, then they gain visibility into the DM.

[–] theking@mathstodon.xyz 2 points 2 years ago

@pizza_is_yum
Hmm, okay yeah I could see that being surprising to people who don't know about it.
@fediverse

[–] SrEstegosaurio@lemmy.ml 2 points 2 years ago (1 children)

Yeah, both have the exact same unexisting security model.

[–] poppamunz@dftba.club 2 points 2 years ago (1 children)

@SrEstegosaurio @theking I hope I live to see the day where end-to-end encryption for DMs is considered the bare minimum

[–] arkiuat@mspsocial.net 1 points 2 years ago (2 children)

@theking Not really. A DM between users on different servers is exposed to multiple instance operators. @fediverse

[–] theking@mathstodon.xyz 3 points 2 years ago (3 children)
[–] arkiuat@mspsocial.net 2 points 2 years ago

@theking I‘ve only just begun to study the detailed ActivityPub spec, and I haven’t read the DM part yet. @fediverse

[–] nutomic@lemmy.ml 2 points 2 years ago

Its exposed to the admins of instances where the involved users are registered. For example if @sally@mastodon.social sends a dm to @nelly@example.com, only the admins of mastodon.social and example.com can access it.