“Anyone with an admin account” comes down to “one or two people” not “public”. If your admin is a dick then yeah, your stuff may get leaked, but that’s not normal.
That’s missing the point though: if something isn’t completely private then it has the chance of going public. Too many services pretend to be more private than they really are by using terms like “private message” when all they’re really offering is a relatively small barrier to seeing your data, especially if anyone can set up their own instance.
There’s a big difference between “theoretically this could become public” and “everything posted here should be considered public knowledge because the services don’t implement any boundaries”.
Theoretically, any message you send over SMS can become public, because it’s unencrypted and your carrier and the recipient’s carrier can read it and do whatever they want. That doesn’t mean SMS is as public as a Mastodon post where everyone can see and interact with it if they just know the URL.
With normal social media, like Facebook or Twitter or Tumblr, you can expect messages between people to only be readable by admins and the people interacting with conversations. The same is true for “follower only” content; centralised services can easily hide this stuff from random anonymous people.
Most of the Fediverse is incapable of applying these filters effectively because of design decisions on the server implementation. It could be done, but it isn’t, because implementing it is a pain and maintaining the guarantees requires effort from instance administrators.
Even encrypted messages can easily become public if the other end is malicious or gets hacked. There’s no true private messaging between different people.
The threat model relevant here is “I want a service that lets me do social media in my in-group where trolls and other dickheads can’t enter our safe space without repurcussions”, not “Twitter can read my DMs” or “the government will prosecute me for being gay”. In that category, current Fediverse implementations fail, but Facebook and Twitter perform perfectly fine.
If you’re afraid someone may read your messages, use Signal, or maybe Matrix/XMPP, but that’s not really the point here. The closest thing I can think of that implements social media in a federated yet encrypted fashion is Circles, but I don’t think that’s popular enough for daily use.
“Readable by anybody with an admin account” is not the same as public. And as a bunch of people involved in January 6 found out, end-to-end-encrypting something doesn’t keep mean it won’t get revealed. So the general rule is assume anything you say online could be made public; use Signal (or some other encrypted messaging that you trust) and limit distribution to a small number of trusted people to reduce the chances of that happening – but don’t count on it!
If something is on a public unencrypted website, it isn’t private.
Unfortunately certain people have chosen to mislead users about this.
You may as well post your ass on a billboard then complain that people look at it.
Fediverse software has followers-only posts, direct messages, local-only posts … Mobilizon and Streams even have private groups.
None of that is private. It’s all readable by anyone with an admin account.
As a general rule. If it’s not end to end encrypted, assume it’s public.
“Anyone with an admin account” comes down to “one or two people” not “public”. If your admin is a dick then yeah, your stuff may get leaked, but that’s not normal.
That’s missing the point though: if something isn’t completely private then it has the chance of going public. Too many services pretend to be more private than they really are by using terms like “private message” when all they’re really offering is a relatively small barrier to seeing your data, especially if anyone can set up their own instance.
There’s a big difference between “theoretically this could become public” and “everything posted here should be considered public knowledge because the services don’t implement any boundaries”.
Theoretically, any message you send over SMS can become public, because it’s unencrypted and your carrier and the recipient’s carrier can read it and do whatever they want. That doesn’t mean SMS is as public as a Mastodon post where everyone can see and interact with it if they just know the URL.
With normal social media, like Facebook or Twitter or Tumblr, you can expect messages between people to only be readable by admins and the people interacting with conversations. The same is true for “follower only” content; centralised services can easily hide this stuff from random anonymous people.
Most of the Fediverse is incapable of applying these filters effectively because of design decisions on the server implementation. It could be done, but it isn’t, because implementing it is a pain and maintaining the guarantees requires effort from instance administrators.
Even encrypted messages can easily become public if the other end is malicious or gets hacked. There’s no true private messaging between different people.
The threat model relevant here is “I want a service that lets me do social media in my in-group where trolls and other dickheads can’t enter our safe space without repurcussions”, not “Twitter can read my DMs” or “the government will prosecute me for being gay”. In that category, current Fediverse implementations fail, but Facebook and Twitter perform perfectly fine.
If you’re afraid someone may read your messages, use Signal, or maybe Matrix/XMPP, but that’s not really the point here. The closest thing I can think of that implements social media in a federated yet encrypted fashion is Circles, but I don’t think that’s popular enough for daily use.
“Readable by anybody with an admin account” is not the same as public. And as a bunch of people involved in January 6 found out, end-to-end-encrypting something doesn’t keep mean it won’t get revealed. So the general rule is assume anything you say online could be made public; use Signal (or some other encrypted messaging that you trust) and limit distribution to a small number of trusted people to reduce the chances of that happening – but don’t count on it!