Through #ActivityPub, #Mastodon privacy settings rely on voluntary cooperation. You *request* that instances only share your content with the audience you specify, but there is no real way to enforce that.
This comes as a surprise to many users.
Me, I think I'd change the UI to call it "suggested broadcast"' rather than anything related to privacy so that users are more aware of where their content might end up.
I think that is on the right path although there are some technologies that can balance security against convenience.
The thing that always comes to my mind is that we have all of these solutions that academic computer science figure it out decades ago, I keep thinking of the '70s, that just didn't make it into prevalent usage in all of this time, that just didn't get implemented in user facing applications.
We know how to secure things. We just don't. And that is frustrating to me but it is what it is.
@volkris If not E2EE, what kinds of solutions do you have in mind?