in User freedom

Can fediverse admins read your DMs?

As the news about Elon Musk buying Twitter reaches more people, Mastodon (and others) face increase in user number and active members. This is good news.

And yes, fediverse admins can read your DMs. That’s not news to anyone. Every person with some knowledge of how internet and web application/services work knows that a sysadmin and those with access to databases control everything and in this example, can read your direct messages.

Even with encrypted services, a sysadmin can disable encryption or do various series of attacks to get your encryption keys/passwords. I posted something on Mastodon the other day about the irony of people using Gmail to sign up for Mastodon (or generally any other social network/online service) and then being worried about the privacy of their DMs.

I’m not saying they don’t have a right for privacy or their concern is baseless. Coming from Middle East I truly understand it. Here’s a scenario as an example: Imagine an authoritarian regime, like Russia, sets and runs thousands of Mastodon instances and operates them to aggregate data about people. People unknowingly will send private messages and all of those messages are now in hand of a regime that suppresses its opposition.

Or even if you trust an instance admin, you can still be in danger as Mastodon is a federated network and the admin of the other instance you’re talking to (through DMs) can too read your messages.

However, trusting a social network for private messaging is wrong at first place. You shouldn’t use a social network of any kind to send important messages or to communicate safely. Mastodon DMs (or any other network’s direct message) is just a post that is shown to people who are mentioned, nothing more.

The best use for DMs is to ask for a private communication method or handle, like XMPP, and then contact them there. It would be nice for Mastodon and other fediverse software to have end-to-end encrypted private messaging implemented in.

The other thing is that Mastodon, and every other fediverse software I now, are free software. Meaning people can run, study, change, and share it as they wish (under the terms of the free licenses they have) and it gives people to freely modify the software and run their own server to please their own needs for communication on the fediverse. I don’t think that can be done by normal everyday users as they probably lack skills, time, and money to do so, but it’s possible.

The other thing is that we should teach people about their privacy rights and how internet and online services work. For a long time, mega corporations mistreated people and misguided them to accept or trust services that violate their basic human right of privacy and it should be our job and obligation to teach them this.

Fediverse is currently the best social network we can have. It’s decentralized, without ads, without trackers, and designed solely for socializing and creating networks/connections. We should help develop it to be more secure and trustworthy and we should keep promoting it to have more people there. Of course, that requires us to be honest, respectful, and welcoming to new people.