People are concerned that #Mastodon admins can read their DMs.
Folks, should we tell them about Yahoo Mail, Gmail or even telecom companies like AT&T and Verizon, which are thousands of times worse when sent via SMS?
@joeo10 not to disagree technically: it's necessary to go E2E and have trust in the whole chain of services your messages go through if you want a strong guarantee of privacy. But "privacy" is technically and socially complex. I see concerns about DM privacy bubble up now because folks don't have good feelings about the integrity with which the data they consider to be private will be handled. That's legitimate.
@joeo10 I think that a reasonable way of convincing people wouldn't be to try to educate them about threat models or try to change their minds about the how the integrity of a Mastodon instance admin compares to that of Twitter.
I suspect there's a lot of traction to be had in sharing how big companies already have a history of employing people who violate the integrity of personal data (viz. Facebook engineers stalking women).
@joeo10 That said, it seems like the world model that people have is that big companies have an externally imposed responsibility to handle private data responsibly. Taking a moment to reflect, I myself feel this way to some degree.
From where I stand, I have a reasonable degree of faith that Gmail message data is actually secure from that sort of misuse. (Even engineers working on Gmail features simply don't have access to message data.)
@joeo10 There are a lot of really good points I'm simply not engaging with here, of course. The fact that E-mail still runs on a protocol which, underneath it all, amounts to caching plain text files on random hard drives until your message reaches its destination, is confusing at best.
@joeo10 And maybe, just maybe, it's bad to have digital messaging centered in the hands of a small number of entities who insulate their employees from the consequences of decisions that negatively impact users and aren't themselves particularly answerable to anyone.
@trurl You have good points especially with employee misuse of data. I do agree that companies need to do a much better job in securing people's dats in general.
In terms of Gmail, I'm sure some employees by law is required to have that personal data and even government agencies and law enforcement have some backdoor into it in the event of an investigation or checking out all without a warrant too. I don't think Gmail is that secure because of that. Edward Snowden showed us that.
@joeo10 Forking the thread: did you have any conversations about Mastodon vs. Twitter recently? I've been trying to read what people are saying online, and I learned a bit about why some are so concerned about Twitter becoming a much worse environment. It boils down to their social needs and communities differing substantially from mine.
Understanding that is a pretty important first step in being able to offer help in dealing with a Musk-owned "Free Speech Absolutist" Twitter.
@trurl I don't but I'm sure there are some around the instances that do if you look.
Kind of interesting but for me, it's more like back in 2016-17 when Mastodon started and I'm sure it has improved slightly with potential.
@trurl Exactly, most DM/PMs in most platforms aren't encrypted to begin with anyway so it's basically a need to know that most don't understand for the most part. I know privacy is a lot more complex especially in governments that want to undermine it.
@joeo10 the Wickr Me side is still open source. I won't use the pro product. Besides which the pro product makes everybody ID by email address and not be able to use self selected handles.
@bradysflungtablet You should read this post on what makes a good messaging platform and even though it's about Signal (which I don't trust either), it's related. https://dessalines.github.io/essays/why_not_signal.html#what-makes-a-good-messaging-platform
@joeo10 fun fact: it's really hard for a Googler to read someone's Gmail without good reason, and they'd have a near 100% chance of being caught and fired for doing so.
@tw One good reason of course is if a government agency requests it which happens all the time. The US NSA or FBI for example can slap a NSL (National Security Letter) requiring those employees to look at a person's email and legally can't tell anyone else about it.
@joeo10 sure, that's a thing for anything hosted in the US or otherwise subject to US law. From what I've seen the "admins can read your DMs" meme is more about individuals, which is how I interpreted this instance and thus how I replied.
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko