this post was submitted on 12 Jun 2024
110 points (99.1% liked)
Fediverse
17734 readers
162 users here now
A community dedicated to fediverse news and discussion.
Fediverse is a portmanteau of "federation" and "universe".
Getting started on Fediverse;
- What is the fediverse?
- Fediverse Platforms
- How to run your own community
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hmmm it was even able to pull in private DMs.
Maybe private DMs on Mastadon aren't as private as everyone thinks... that, or the open nature of Activity Pub is leaking them somehow?
Edit - From the article:
From what @delirious_owl@discuss.online mentioned below, it sounds like this shouldn't be very shocking at all.
They're called DMs not PMs
? Did you mean that the other way around? And if you did... forgive me, I don't really use Mastodon. I was never much of a twitter fan. I don't really like how all of my likes are public (although I guess I have had to get used to that with Lemmy).
No. They're direct. They're not private.
Ah, I see. So it's the same mistake that Lemmy users make when thinking that Upvotes/Downvotes aren't public.
It sounds like DMs on Mastodon are public, but are commonly mistaken to be private then?
I don't know why anyone would think any of this stuff is private. It can be pseudonyms, but that's up to you.
PM never implied any form of end to end encryption. It only ever meant people couldn't see it apart from site operators. I genuinely don't believe people thought it meant otherwise.
But on a federated system, everyone can see all messages. That's expected.
No, should just be your instance admin and the admin of the instance your messaging.
The shocking part was less about Maven's methods or lack of ethics, and more along the lines of "How the fuck did they do that?!"
What @delirious_owl@discuss.online seemed to be implying is that direct messages on Mastodon should be considered "public" rather than "private".
I'm assuming that's along the same lines of how Lemmy users generally think that their upvotes/downvotes are private when in reality, if you know how to look for them, you can see them.
I don't think we should expect privacy from either. Instead, we need better documentation.
Personally, I'd appreciate to see a public dashboard displaying everyone's DMs and upvotes would help.