[rogerbraun]

no, we really don't. Not every tool needs to be equipped for private discussions. ActivityPub and OStatus are used for Twitter-style communication. Those aren't high security communication services.

[freshhawk]

They turn into security problems in aggregate. For example, the threat to me from actors slurping up social media data to nudge/manipulate people at a large scale is much larger than the threat to me than someone reading my group chats to my friends or a lot of other personal info that is generally considered more private and more in need of high security.

If my personal twitter-style communication got out it would be worse to me than my more private messages, but it is worse to me personally if all the twitter style communication gets out than only my more private messages.

You have to account for manipulative big data risks in your analysis, thinking only about your personal data is an outdated approach.

[PaulRobinson]

Start with the safe and secure option, figure out how to dial it down and open it up.

Doing it the other way around? We literally have 50 years of experience of that being a terrible, terrible idea.

[CodeMage]

I might be wrong, but I would think that end-to-end public crypto can be used for more than just ensuring privacy.

[recursive]

HTTPS ensures more than just privacy. For instance, authenticity.

[rapnie]

i would consider a privacy-first approach a best-practice :)