technical note about this tech as I see some confusion/misconceptions:
Admins of your instance have complete control over your account. Really, we can read all the posts (including DMs) and we can even impersonate/hack your account with ease.
Make sure you trust your admins.
Here on toot.cat we have a CoC that applies to both admins and non admins. Admins are expected to abide by the CoC and not oppress users as well.
@polymerwitch or don't trust anybody. never. ever.
@Moustache yep. running your own instance is a totally fine thing to do. I'll even help anyone get one setup :)
@polymerwitch why not yeah. up for some tuts ? toot.
@polymerwitch J'ai pas regardé le code ( c'est du ruby en plus ... ) ca me semble logique, sauf si on considere la mise en place de cryptage mais ca doit être méga chiant a gérer ...
@polymerwitch Which is exactly the same risk model as IRC. Not sure why people are freaking out.
@kwanre I think a lot of users are learning about the threat model of adversarial admins on for the first time. Many people are not used to being able to choose servers to trust
@polymerwitch @chr I was mostly joking. Although I think it is important to take this topic seriously. I personaly like that you want to keep this instance small, I think it is the right approach. Everyone is probably out to make it a good place, so just shout if you need help and we'll do our best. Keep up the good work mate.
@polymerwitch this was what I like about diasporas proposal, encrypt everything.
@polymerwitch Is it terrible that I imagine someone will eventually write a client that encrypts, chops messages into 500 character chunks, and sends them through Mastodon DM as a security tunnel?
Because honestly, I only know 3/4 of that would be feasible and I have no idea how much of a server PITA that stuff would be. (I barely did dev work, but I'm very good at breaking shit, that's why I was in QA, but I know zip all about stuff that would, to others, obviously overload things.)
@sydneyfalk I think that will happen too, but I think the answer is to treat DMs here as hidden, but not private. If you want private messages using signal or riot.im as a back channel makes sense to me
@polymerwitch I was aware of signal, but riot.im is news to me. :) TYVM!
@sydneyfalk we can already do that heh keybase encryption is plain text
@kodo I'll have to look into it, I fell out of crypto stuff ages ago when I was still unmedicated -- wonder how much I can pick up and how quick. (With the new regimes (already in|coming into) place, I think I need to get on it sooner rather than later.)
@sydneyfalk keybase is pretty easy to use.
@polymerwitch if someone posts a direct message to another user on the same instance, can admins of other instances see that message?
@bcrypt I don't believe that would federate with us. if users on our instance can see a message in their TL then it's stored plaintext in the db
@polymerwitch This is concerning, but not surprising, and should be public (more public at least) information. How hard is it to edit the code of your own instance?
A Mastodon instance for cats, the people who love them, and kindness in general. We strive to be a radically inclusive safe space. By creating an account, you agree to follow our CoC below.