Ok just to be clear, are DMs end to end encrypted on mastodon ?

Also what about cross platform, like DMs between mastodon and friendica/pleroma ?

#askfedi #noobquestion

Follow

@futureisfoss DMs are a complicated topic.

To answer your first question, no, they are not end-to-end encrypted.

The second answer is even worse: They aren't even necessarily direct. There are platforms that will just show them publicly. Mastodon definitely handles them properly, but nothing prevents them on other platforms to be published.

Therefore do not use them to have private conversations. Use a platform like Matrix or Signal for such conversations instead.

@sheogorath
@celia
Well, I didn't expect this. How can we call the fediverse private if it doesn't even have basic things like encryption ? 🤔

@futureisfoss @sheogorath @celia because you have the possibility to own your data... Not like facebook

@futureisfoss @celia Who called the Fediverse private?

The software that makes up the fediverse is often more privacy aware as in not tracking or monetizing on it's user, and in general it provides more control over your content, but that doesn't mean it's private.

@sheogorath
I know that there's benifits of using mastodon, most of which are related to decentralization (preventing censorship, excessive data collection, ads etc.). But I consider e2ee as pretty basic these days, and I expected DMs to be private.

Personally, I don't think I've used DMs for anything private, but a lot of people would've used it thinking that they're really private. This is kinda misleading.
@celia @BollerwagenPicard

@sheogorath @futureisfoss in the Activity Pub protocol "DMs" are nothing but unlisted posts, this is by design, so treat them as such.

Mastodon's interface is not that clear in this case imo, calling it a direct message is simply misleading because it still a message from instance to instance, not direct.

In Pleroma these types of messages are described as "Post to mentioned users only" which I don't think is misleading. It is a normal post, but only shows up on the Timeline of users that are mentioned in it.
@sheogorath @futureisfoss This feature should only be used to have a conservation without spamming other people's timelines basically.
@futureisfoss @sheogorath End to end encryption with ActivityPub is probably possible and would probably look very similar to email with PGP.

However I have not seen a fediverse client with this type of feature yet.
Sign in to participate in the conversation
Sheogorath's Microblog

This is my personal microblog. It's filled with my fun, joy and silliness.