[thisisjasononhn]

I recognize that this is an advisory post, but I have seen a number of people out there that shout this as a valid reason to not use Mastodon, which I hate, and I feel is such a lazy excuse.

You know what other sites don't have encrypted DMs?

- Twitter

- Facebook Messenger

- Instagram

- TikTok

- YouTube

- Reddit

- LinkedIn

- Email

and on and on.

Basically ANY major site that doesn't explicitly advertise DMs as E2E (or encrypted alone) can just be assumed to NOT be encrypted. So why complain about Mastodon alone then (again, directed at the hypothetical person).

Beyond that, yes it's a bit of an issue where the admins of an instance can read your DMs. If that's a problem, then you yourself can self-host an instance, or find a friend to do so, and enjoy peace of mind.

Or, just use an encryption method like PGP, encrypted online text paste services, saltstack, etc new fangled encryption methods, or send pre-encrypted files hosted on external services.

end rant blah

[fragmede]

The lowered level to hosting is the issue though. It's one thing for Facebook Messenger to be unencrypted, Facebook is this whole big faceless company. A random Facebook employee has zero interest in my local gossip of who's sleeping with who because they have no idea who anybody even is. It's another thing to use Mastodon where the instance is run by your cousin Bob who knows who everyone involved is and would really like to read your DMs to get some juicy info to gossip about.

[notRobot]

Or just use something that does have e2e (Matrix/WhatsApp/Signal) for the DMs and reserve Mastodon for the microblogging.

[taubek]

Is it hard to implement end to end encryption? What is the reason for lack of it on messaging apps?