My least favorite part about new folks logging in is the DM panic.

“Oh no, my DMs are unencrypted and can be read by the instance moderators and admins.”

“... just like every other social platform you’ve ever used, plus most email platforms.”

“Well, yeah, but on those other platforms the admins are a team of underpaid entry level employees at a faceless company, not a single person or small group of individuals that’s I can get to know”


My favorite part about new folks joining is all the new frens.

Hi new frens.

Show thread
@ajroach42 The chance that specifically your DMs will be read is low, but the chance that someones DMs are being read by the Twitter/Facebook/etc people is high.

Or even with e.g. Google Mail, where they even tell you they do it (but it's a computer that does it, so it's ok!)

@elomatreb plus, thanks to bad 80s privacy laws, law enforcement is also reading your DMs and emails, as long as they are six months old, without a warrant.

@ajroach42 At least in the US context, yeah.

Technically Privacy Shield and the likes are supposed to prevent this for e.g. EU citizens (there are more similar treaties like that), but somehow I doubt that's actually the reality
@elomatreb @ajroach42
Lmao ignore that.

On Pleroma it’s even lower cause I ain’t digging thru the database to find your DMs

@ajroach42 I'm getting better at diffusing this. The hot take you can use to deflate this baloon is: "Because unlike Twitter (or even IRC) you can *make your own instance with your own rules* and give that the same importance as any other instance."

This is fundamentally different, but as blogging was fundamentally different from legacy publishing, I think it'll take a decade for it to really set in for folks

@ajroach42 if they're that concerned about it, they should probably use PGP :)

@ajroach42 honestly I'd be more scared by the underpaid entry level employees that probably all have a big neon glowing "leak data" button on their desk at all times.


This rings of

"Mastodon isn't perfect so I'm going back to twitter"

@Sir_Boops This is the new "This encryption is not 100% safe so I won't use any encryption at all"


@ajroach42 speaking of (but not officially FOR) Google, access to user data is heavily logged AND actually audited for misuse.

I know many people disagree with what Google and others consider valid uses, of course, which is a perfectly good reason to move to "more free" services. But I, for one, feel comfortable that no one at Google is reading my personal mail (or could, without it being noticed).

My opinions and experiences, I do not speak for Google officially.

@ajroach42 (and to be clear because 500 chars isn't enough, my "perfectly good reason" should not be taken as a judgment or insinuation that anyone owes me or anyone else a reason for a choice to change platforms or anything else they do)

@tw @ajroach42 Yeah that's my take on it too: big corp: safeguards against casually looking up someone's messages. Fediverse: 1 admin with root access

@ajroach42 I mean, I shared it as an FYI to new users as an IT auditor, but I'm sure accurately describing how a platform works counts as a "panic."

@ajroach42 yeah! Who the fuck would use this DM feature for confidential communication. Encrypt yourself!!

@ajroach42 also like, as an admin, I have not the spoons to try and figure out how to read someone’s DMs and no interest in doing it anyway?

I don’t see the point.

I get people being worried but also I feel like it’s being blown out of proportion tbh

@ajroach42 the other side of that coin is instance admins are more likely to have some personal interest in their users.

@rook Sure, I can see that. It makes sense to me.

That's a good reason to pick an admin you can trust, and know the limits of the security of your platform.

It's not a good reason to leave mastodon.

@ajroach42 I'd say that's a personal decision. Especially since it hinges on trusting *two* admins in probably most cases, one of which you can't choose.

I trust mine, but there are still things I wouldn't DM locally because the risk is too great.

If Mastodon never gets some kind of useful E2E I will certainly leave, at the very least for platform network that supports it.

@rook Is there a platform that supports E2E?

Is it possible to trust E2E running in a web browser?

@ajroach42 the safe bet has it there will be.

And yes.

@rook I won't trust e2e encryption in a browser, unless it's running in a plugin that I can audit.

IMO, end to end encryption in a pure web app is a fantasy.

@ajroach42 I think this gets away from the point somewhat. I can reasonably expect my DMs to be read much less often by Twitter staff than by instance admins on multiple statistical bases.

Excuses against demands improved security sound too much like arguments for backdoored encryption to me in this instance. Trust us, we're the government. Find an absolutely trustworthy admin (none exist), and assume your correspondent has done the same.


I'm not really sure what you're trying to say.

My point was and remains "don't send sensitive information in a DM on any platform"

You mentioned e2e encryption for DMs, which would be a half measure at best. It would be easy to hack, and a sense of false security at worst, without a major overhaul of how DMs work.

I'm all for increased security.

I'm not a fan of a feeling of increased security, without a measurable impact on security.

@rook If you want e2e encrypted DMs, they are possible now.

Just encrypt your DMs before you send them in an external tool. The tools we have for this aren't great, and the character limit on DMs makes it harder. This should be improved.

But it has to use an external tool, IMO.

Don't rely on software that can be altered without your knowledge for encryption.

@ajroach42 @rook It might be because I'm kind of a noob when it comes to encryption but I'm not sure why browser-based OTR would be fundamentally less secure than, say, Pidgin using OTR.

@wraidd @ajroach42 the main concern is you get the code payload from an untrusted source. There are ways around that, but few people understand them.

@wraidd @rook The problem isn't OTR.

The problem is that you have to trust that the javascript client you're using to read your messages is secure, and hasn't been altered or tampered with.

and it's not on your machine, it's on someone else's machine, so you have to trust that.

If law enforcement orders google, for example, to back door their chat OTR implementation, you'd have no way to know it or to stop it.

@ajroach42 @rook Oh okay. Because the "client" doesn't live locally there's no way to trust it. That makes sense.

@ajroach42 "don't send sensitive information in a DM on any platform"

That rules out all of internet commerce, and a lot besides.

I know, you mean only social networks. But other protocols can manage it, what's so wrong with social networks? I don't buy it.

DMs already provide a false sense of security for the uninitiated. Somewhat less false security would a) be better, and b) observable in a way that could reveal bad actors.


"Other protocols can manage it" Explain what you mean by this, please?

@rook Right.

You can use PGP to encrypt DMs on mastodon right now.

You just don't do it in the mastodon web interface.

That's the bit you can't trust.

I'm not sure where I'm failing to communicate this clearly.

PGP is fine. Doing PGP encoding and decoding in a web app is untrustworthy, because you don't control the code that makes up the web app, and you have no way to reliably audit it, or be certain that it hasn't been changed.

@ajroach42 my point is I don't have to use PGP externally to... PGP. Or any other secure messaging platform, like say HTTPS.

@rook HTTPS encrypts the data between your browser and the server. It doesn't hide the data from the server.

e2e encryption requires the data to be en/decrypted outside of the server.

If you're trusting code from the server to do this, that means that anyone who has compromised the server (technically or legally) can render that encryption useless in a way that would be very difficult for you to discover.

Doing PGP in a web app is as insecure as full disk encryption on cloud servers.

@ajroach42 yeah, if you ignore the infrastructure. But then DMs are already secure.

@rook What does this mean?

I have no idea what you're trying to say here.

@ajroach42 you assume there is no way to trust the code you receive from the instance without auditing it more than once, or to run code locally hosted without a browser plugin or something to that effect.

But my example gives you one payload to audit, which will then reside in local storage. Going forward, *any* exfil yields a network observable, which is a huge step up. No plugin, no ongoing audits.

@rook sure, that could be a first step.

But then how do you prevent things like this: ?

So long as the code that is rendering your decrypted message is mutable, it can't be trusted.

I'm not saying that this is impossible, just that it will not be easy, and that I'd hesitate to trust most implementations that rely on a browser capable of executing arbitrary code.

I'm also not sure how we got here from 'don't send private data in cleartext',

@rook But it's been an interesting chain of thought to follow, at least.

@ajroach42 sure there are other parts of the problem, but I just negated two of your assumptions on the spot. If that doesn't disrupt your thinking I really don't think there's any use saying anything more.

As for plaintext, again, I disagree that Mastodon DMs shouldn't be secured (or sent in plaintext at all.)

And I still think a person shouldn't be admonished for leaving Mastodon if they object to insecure DMs.

Show more

@ajroach42 further to that, I don't believe good e2e in the browser is that hard.

@rook I'm not saying it's hard to implement. I'm saying it's hard to trust.

@ajroach42 I mean in a trustworthy manner. That's what I meant by "good."

@rook Would you mind explaining how you would implement trustworthy end to end encryption in a web app, because I would love to be able to do this, but I can't think of a single way I would trust that doesn't rely on at least some local code.

@ajroach42 the solution is to change the assumptions. Examine them and see how to break them.

I'll give you an example: A good first step is to commit to local storage code to perform the crypto specialized to your key(s).

At that point you can at least monitor traffic to determine whether anything is being exfiltrated.

There are more problems to solve, but I hope you get the idea.

@rook I'm still not sure what point you're trying to make.

You're saying that mastodon should have some kind of magical, trustworthy, browser based asymmetric key encryption, that doesn't rely on any local code, and then saying that we need local code after all?

Either I'm being exceptionally dense today, or there's some other kind of gap between what you're saying and what I'm understanding.

@ajroach42 @rook oh, wow, sorry to get into your discussion but...
I work for the company which does e2e in the browser exclusively for quite a long time and feels quite good.

@ajroach42 @rook I don't know of any social media sites per se that use E2E unless they're handing off DMing to, say, XMPP.

Don't know about the second, but Matrix/Riot seems to think so.
Sign in to participate in the conversation
R E T R O  S O C I A L

A social network for the 19A0s.