Looking forward to end-to-end encryption in Mastodon if for no other reason the "aha! Mastodon's DMs are not really private" semi-bogus statement will finally be over.
Yes, it's true. Yes, it's a legitimate concern.
But:
1. Other sites and services (Twitter, FB, etc.) *also* have unencrypted DMs.
2. Mastodon devs are working on it.
3. Relatedly: Even email is not encrypted.
You have to trust your admins *everywhere*. (And prefer using end-to-end encryption whenever possible.)
But at least corporations are run by professionals which are often limited by some measures to ensure privacy and it's hard one would risk to be fired just to read a random conversation by strangers.
Instead on Mastodon the instances are managed by enthusiasts and are often not professional, but ideological and childish and I can definitely see them looking at private conversations.
Let's face it, most people just can't handle power responsibly.
@post Hence me saying that you have to trust your admins everywhere and DMs everywhere are not encrypted.
(And that end-to-end encryption is not just a good idea, but something that should be enabled by default everywhere.)
Having a big, corporate, monolithic network does not add security or privacy. Likewise, having a decentralized network doesn't magically fix these issues either.
@post Even for admins, it's not easy to look at other people's DMs on Mastodon.
But it's easy for Facebook employees to snoop, and they've been caught multiple times already.
https://www.forbes.com/sites/zakdoffman/2019/01/30/facebook-has-just-been-caught-spying-on-users-private-messages-and-data-again/
And Elon Musk has been giving lots of access to private Twitter conversations to randos in the whole "Twitter Files" thing. This looks like it also includes access to DMs.
https://thepostmillennial.com/breaking-twitter-files-reveal-staff-have-access-to-users-dms
...Also, Twitter is a big monolithic target:
https://www.zdnet.com/article/twitter-says-hackers-accessed-dms-for-36-users-in-last-weeks-hack/