• RobotToaster@mander.xyz
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    3
    ·
    edit-2
    11 months ago

    If something is on a public unencrypted website, it isn’t private.

    Unfortunately certain people have chosen to mislead users about this.

    You may as well post your ass on a billboard then complain that people look at it.

      • Steve@communick.news
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        edit-2
        11 months ago

        None of that is private. It’s all readable by anyone with an admin account.
        As a general rule. If it’s not end to end encrypted, assume it’s public.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          11 months ago

          “Anyone with an admin account” comes down to “one or two people” not “public”. If your admin is a dick then yeah, your stuff may get leaked, but that’s not normal.

          • smeg@feddit.uk
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            That’s missing the point though: if something isn’t completely private then it has the chance of going public. Too many services pretend to be more private than they really are by using terms like “private message” when all they’re really offering is a relatively small barrier to seeing your data, especially if anyone can set up their own instance.

            • Skull giver@popplesburger.hilciferous.nl
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              11 months ago

              There’s a big difference between “theoretically this could become public” and “everything posted here should be considered public knowledge because the services don’t implement any boundaries”.

              Theoretically, any message you send over SMS can become public, because it’s unencrypted and your carrier and the recipient’s carrier can read it and do whatever they want. That doesn’t mean SMS is as public as a Mastodon post where everyone can see and interact with it if they just know the URL.

              With normal social media, like Facebook or Twitter or Tumblr, you can expect messages between people to only be readable by admins and the people interacting with conversations. The same is true for “follower only” content; centralised services can easily hide this stuff from random anonymous people.

              Most of the Fediverse is incapable of applying these filters effectively because of design decisions on the server implementation. It could be done, but it isn’t, because implementing it is a pain and maintaining the guarantees requires effort from instance administrators.

              Even encrypted messages can easily become public if the other end is malicious or gets hacked. There’s no true private messaging between different people.

              The threat model relevant here is “I want a service that lets me do social media in my in-group where trolls and other dickheads can’t enter our safe space without repurcussions”, not “Twitter can read my DMs” or “the government will prosecute me for being gay”. In that category, current Fediverse implementations fail, but Facebook and Twitter perform perfectly fine.

              If you’re afraid someone may read your messages, use Signal, or maybe Matrix/XMPP, but that’s not really the point here. The closest thing I can think of that implements social media in a federated yet encrypted fashion is Circles, but I don’t think that’s popular enough for daily use.

        • The Nexus of Privacy@lemmy.blahaj.zoneOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          11 months ago

          “Readable by anybody with an admin account” is not the same as public. And as a bunch of people involved in January 6 found out, end-to-end-encrypting something doesn’t keep mean it won’t get revealed. So the general rule is assume anything you say online could be made public; use Signal (or some other encrypted messaging that you trust) and limit distribution to a small number of trusted people to reduce the chances of that happening – but don’t count on it!