[stormbrew]

> it's pretty easy to assume that decentralized means there aren't admins who can read private messages.

I'm not sure why you would assume that? It's not something you run on your computer, it's still a website (or set of websites). Admins of your email can also read your email, if they want, and even with gmail in the mix it's probably one of the most "federated" systems ever built.

> I would certainly assume that in 2022 it would built using encryption for the parts that are private, and aren't DM's private? Why would admins be able to read them? Is there a justification for that?

They could potentially be encrypted at rest, in the database, but that doesn't really help much. The owner of the site would have the keys to decrypt them, and on smaller sites it's very unlikely that there'd be any real chain of custody involved.

If you've ever sent a DM on a forum did you think that was encrypted? It wasn't. Or twitter or facebook for that matter. It's not really practical for any data stored on a central server to be encrypted in a way that irrevocably prevents the owner of the service from accessing it.

[crazygringo]

> I'm not sure why you would assume that?... If you've ever sent a DM on a forum did you think that was encrypted?

The whole assumption here is that Mastodon is supposed to be better than those, right? Or else why are we switching? Twitter is centralized and can read all your stuff and censor it too. So isn't the point that Mastodon isn't and can't do those bad things?

We expect WhatsApp and iMessage to provide E2EE. Similarly open-source Signal and Telegram are encrypted. So why wouldn't you assume another high-profile open source project isn't adopting those same best practices for the private-messages part of it?

[stormbrew]

> Mastodon is supposed to be better than those, right?

Here are the ways mastodon is better than twitter:

- It can't be bought by a billionaire man baby

- It can't be coerced into hosting awful people because they drive revenue

- It doesn't require advertising in order to continue existing

- Because of that I'm not being endlessly datamined by adtech every moment I'm using it.

- It can't die because one website goes down, and everyone on it doesn't experience awful performance just because one instance is falling over.

- If I don't like the admins of the instance I'm on, I can move to another instance and bring much of my data with me without having to exfiltrate it with tools that violate the TOS.

- I can use whatever clients I like with it and I never have to worry about the company deciding it doesn't like third party apps and killing them slowly with api rate limits.

There are also a lot of ways it's worse than twitter, though they're mostly along the lines of "some of my friends aren't on it". Things don't have to be "better in every way" than other things to be "better for me (or you)". There are always tradeoffs.

Re. WhatsApp, Signal, Telegram and iMessage are all apps you run on your phone. And if you can read the messages on them from a website (as you can if you turn on a feature for imessage), then the admins of the service also have access to your messages.

Again, we're talking about a website here.

[woojoo666]

> Re. WhatsApp, Signal, Telegram and iMessage are all apps you run on your phone. And if you can read the messages on them from a website (as you can if you turn on a feature for imessage), then the admins of the service also have access to your messages.

Not true. Web clients for Matrix are open source, and you can self host them if you are afraid of the default host trying to inject spyware to the page

[Sprocklem]

I mean, the website admin in that case can still access your messages. It's just that the admin is you.

[woojoo666]

That's true. Though I guess that when my parent comment referred to "admin", the were referring to the admin for the homeserver (the one routing the messages), which is different from the one hosting of the web client.

This is why services like Matrix and Signal open source their client. Because for security minded people, securing the client is much easier than securing the server.