this post was submitted on 05 Jul 2023
9 points (100.0% liked)

Fediverse

3 readers
1 users here now

This magazine is dedicated to discussions on the federated social networking ecosystem, which includes decentralized and open-source social media platforms. Whether you are a user, developer, or simply interested in the concept of decentralized social media, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as the benefits and challenges of decentralized social media, new and existing federated platforms, and more. From the latest developments and trends to ethical considerations and the future of federated social media, this category covers a wide range of topics related to the Fediverse.

founded 2 years ago
 

ActivityPub, the protocol that powers the fediverse (including Mastodon – same caveats as the first two times, will be used interchangeably, deal with it) is not private. It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable. To function, the network relies upon the good faith participation of thousands of independently owned and operated servers, but a bad actor simply has to behave not in good faith and there is absolutely no mechanism to stop them or to get around this. Worse, whatever legal protections are in place around personal data are either non-applicable or would be stunningly hard to enforce.

you are viewing a single comment's thread
view the rest of the comments
[–] Waltzy@lemdit.com 4 points 1 year ago (1 children)

All very true, basically the same deal as with any 90/early 00's forum.

[–] GingerKun@vlemmy.net 4 points 1 year ago (1 children)

It seems a lot worse than that... At least somebody would have to hack a 90s forum to see your DMs.

[–] sab@kbin.social 7 points 1 year ago* (last edited 1 year ago) (1 children)

No, you'd only have to be the admin. Which is the same at the Fediverse - DMs between two servers can in be seen by the admins of the two servers, should they so desire.

That's not really so different from mainstream social media, the difference here is that the admin is some normal person, not Mark Zuckerberg or Elon Musk or something.

It's absolutely important that people understand this - if you intend for anything to be private, use Matrix or Signal or something. Anything online that is not encrypted is just not truly private. Simple as that.

However, this is also true for any other social media people use. The fediverse is actually kind of neat in that the data is spread out across a bunch of servers, rather than at one central server where the same admins has access to everything.

[–] VanillaGorilla@kbin.social 5 points 1 year ago

I'm able to see the purchase history of everything that's bought at my company, be it online or in store. I don't do it, because I don't give a fuck and I've signed several agreements to be a good boy.

Data has to be validated, verified, checked, processed etc. Someone will have a possibility to view it if it's not an end to end encryption, and then you won't be able to easily report abuse. That's just how things work.