Since there’s a lot of new people trying out Mastodon, something to be cautious about: your DMs can be read by admins of your instance and the instance of the recipient, and when your toots cross an instance boundary, it’s possible for your private toots to get boosted. Some of the privacy guards in place on platforms you’ve used before don’t work the same here.

@misty Also, unlike birdsite: DMs go to ~everyone~ mentioned, even in the body, not just the list of users at the start of your toot. So if you want to complain about @user@annoying.server, don’t mention them in full or they’ll get a copy too.

@futzle Oof, yeah. That’s a major difference all right!

@misty @futzle I've been scratching my head about the way to phrase this and generally came up with..

Admins can't see DMs in the app... if requires going out of my way to log into the DB and do extra work to do it (I never need to log into the box), but there is no native out of the box way to see DMs in the webapp.

and they are best to be considered restricted, not private...

until the crypto is added in a few months, and then we can say your privacy is "secured".

@shlee @futzle I’m aware, I’m the admin of the instance I’m posting from.

@shlee @misty Seems clear to me, but I’m not sure what users were expecting, are people really thinking that Mastodon is an end-to-end encryption platform too? Don’t know how you counter that kind of fundamental disconnect.

@futzle @misty TBH. I've spent a lot of time telling the Mastodon devs to remove the "direct messages" from the home timeline because a DM is not a toot.


wondering about this.. I think the reason I get so mad about DMs being in my timeline is because a "limited toot" or "mentioned" or "restricted" is better NAME than direct message.

A limited toot could be on my timeline perfectly fine, but a direct message shouldn't.. and the name is the only problem I have...

I love the feature and function of a DM in mastodon (by any other name)

@shlee @futzle Can you please untag me from this conversation?

@misty @futzle Quick note of appreciation to you both for clarifying these points. It's a little wild getting used to the way this weird place works, even as a techie and a sysadmin.

@misty good to know except I can’t even find the DM button :)

@violeta @misty It's in the menu you get from the "..." button next to Follow/Unfollow in their profile. I had never seen it before either, until I went looking because people were talking about DMs suddenly. Clearly these privacy issues aren't going to be a concern for some of us.

@violeta @misty idk what you're on if there are like apps or whatever, but at least on desktop browser, it seems you can DM via toots
like your normal posting place, you change the privacy so that it becomes a DM
at least that's what it looks like here, ig I'm not entirely sure

@misty Mastodon really should incorporate end to end encryption for DMs

@phocks @misty encryption is a terrible idea and will open the door for right wing extremist trolls to spread hate.

@phocks it prevents instances from scanning messages, thus creating potential for harassment. @misty

@phocks basically instances might want to run "spam" filters on DMs, and it's not going to work with encryption.


@juliank @misty I would much rather heaps of random people I don't know not be able to see my private communications but that's just me. Might leave for somewhere that respects user privacy ¯\_ (ツ)_/¯

@phocks @misty I think that's a different platform, you don't want to be discoverable for that.

Because if you are discoverable, and have views or are "different", you are subject for harassment.

Preventing that harassment must be important to make sure we have a safe environment we can express ourselves in. It's not enough to just ban accounts in retrospect.

@misty so like... if you DM someone from another instance they can get boosted??? or if they're followers-only but not DMs? I'm very confused and also concerned

@raphaelmorgan @misty Na, the people who set up and run the Mastodon software can log into the database on the server and see the DM text, just like the people who have access to the Twitter database can see all your twitter DMs. End to end encryption is the only way to stop this. ie. Use Signal for your private messaging needs.

@phocks @misty that's what was said in the first part of Misty's post, I'm confused about the second part ("when your toots cross an instance boundary, it's possible for your private toots to get boosted")

@raphaelmorgan @phocks My understanding is that post privacy is just a flag on the post. The server on the other side is free to ignore it, so if it doesn't implement private posts (or has been coded to ignore private posts), then it can be boosted just like any other post can.

@misty Also on the commercial silos your DMs can be read by the admins. Not?

@VictorVenema It’s a threat model thing. Twitter is a giant company under political scrutiny, with formal logging structures and a low likelihood of anyone with access caring. On Mastodon sysadmins are your peers and you’re exposed to more of them regularly.

@misty My threat model is different. 😎

Corporations do this as cheaply and badly as they can get away with. They pay their employees as badly as they can get away with and they are happy to earn an extra by forwarding private correspondence.

While on Mastodon the admins are most likely honest people, at least in the idealistic building phase we are still in.

In both cases I would never use a DM for something that was important to keep secret. Only to avoid calling out people in public.

@VictorVenema Look, you can nitpick my post all you want but I’m just offering a little friendly advice to new users who don’t know how things work here yet. Go rant on your own timeline.

@misty Thanks for the heads up. I'm still trying to get used to navigating Mastodon and all its other intricacies.

@misty there is a way to see if my instance allow the admin to read my DM? or this is the default?

There is a more private instance?

I'm still confuse here, I'm so lost LOL

@rtheodoro It’s a technical thing. They’re stored as plain text posts in the database, so someone with access to the server’s database can read them.

@misty Well, The admins *can*. It's not like there's a screen for it in the app? They'd have to dump out the contents of the database.

@fishidwardrobe Yes, and I think users should know that’s possible and easy.

Sign in to participate in the conversation

Hometown is adapted from Mastodon, a decentralized social network with no ads, no corporate surveillance, and ethical design.