Recent searches
Search options
Administered by:
: Indigenous Terror 
I've updated my brief introduction to Mastodon with a new heading: "How private is "Private"?": https://gist.github.com/joyeusenoelle/74f6e6c0f349651349a0df9ae4582969#how-private-is-private
I've reprinted it here because it should be read.
I cannot stress this enough: Private toots are not encrypted or secure.
The admin of your server can read any toot posted on their server, as well as any toot sent to a user on their server. This is a necessary security precaution.
Admins don't want to read your private toots, but they have to be able to because otherwise private toots allow some users to secretly harass others or to conduct illegal dealings without the admin's knowledge, and under many laws the admin will be responsible for enabling the harassment or illegal behavior even if they didn't know it was happening.
That said, in general, your admin will only look over the toots you've marked Private if they have reason to believe harassment or illicit dealings are going on. Make sure you trust your admin to act like this, and if you don't, it might be time to look for another instance.
As a general rule, if an application you're using isn't peer-to-peer and relies on an intermediary like a server, the information you're sending isn't secure unless you take extra steps outside the application to secure it.
@noelle I don't think “we have to be able to read private toots” is really true. If it were, how come WhatsApp / Signal etc are able to do what they do, legally or ethically.
Is it a design decision, or just the result of the complexity of implementing e2e encryption? I suspect the latter.