Follow

Mastodon is not a good place to share private data. It's a distributed set of SQL databases. There's no real oversight or accountability. There's not really even an attempt to secure anything. There's no encryption, even for DMs. It's all stored in plaintext in Postgres (and often elsewhere, like Elasticsearch and Amazon S3).

@root true day. but it's not designed for security. It's designed for no ads and no attention-sucking algorithms

@root
"Socialize freely and organize responsibly" is how I put it in the docs for the instance I have in soft launch

@root
We need to be able to set the privacy of our toot to the instance only, thus we would know exactly where our message is stored.

@ZeldAurore @root you know where it is stored, but it is never stored securely.

Which is fine as long as you have your expectations right.

(sending direct toots is probably more private than sending email, but barely so. )

@arjenpdevries @root
I know, but I know personnaly my admin, and I know the instance is running on a computer in his room. So that is fine for me.

@root I'm old enough to remember when CB radio was popular (that anyone could listen into, join in or record to gain info for later) and later when mobile phones were analogue (so easily monitored with scanners, usually illegal but still widely done), so I treat Mastodon use with similar caution

To be fair many admins and other people do warn users about this, and to use other services with end to end encryption for more private comms..

@root Lectures about security from the person that's logged in as root?

/me ducks

@root now, to be fair, that describes most online services, even some more "pro" than Mastodon (heck, I remember a number of cases of big services that didn't even crypt the user passwords properly).

@root
Not a criticism of #Mastodon (feature not a bug, etc.) and no different than other tools that people use, notably #email, just something that is worth periodically reminding people of, hence the boost.

#privacy

@root
Yup, wie should use a blockchain for that. It's completely encrypted™ and does not lose data™.

Sign in to participate in the conversation
puddle.town

i run my own instance just for me