technical note about this tech as I see some confusion/misconceptions:

Admins of your instance have complete control over your account. Really, we can read all the posts (including DMs) and we can even impersonate/hack your account with ease.

Make sure you trust your admins.

Here on toot.cat we have a CoC that applies to both admins and non admins. Admins are expected to abide by the CoC and not oppress users as well.

@Moustache yep. running your own instance is a totally fine thing to do. I'll even help anyone get one setup :)

@Moustache I would start with the mastodon github:

github.com/tootsuite/mastodon

I've heard of people having great success running an instance on a raspberry pi. If/when you run into issues just ping me questions and I'll see if I can help :)

@polymerwitch J'ai pas regardé le code ( c'est du ruby en plus ... ) ca me semble logique, sauf si on considere la mise en place de cryptage mais ca doit être méga chiant a gérer ...

@polymerwitch Which is exactly the same risk model as IRC. Not sure why people are freaking out.

@kwanre I think a lot of users are learning about the threat model of adversarial admins on for the first time. Many people are not used to being able to choose servers to trust

@polymerwitch Shit I don't know if I can trust @chr Can I trust you dude?

@bksmgglr @polymerwitch i haven't put forth any explicit policies on the matter but i place myself under the same restrictions i would anyone else on the server. the only content i read is public content / in my feed and DMs addressed to me directly.

@polymerwitch @chr I was mostly joking. Although I think it is important to take this topic seriously. I personaly like that you want to keep this instance small, I think it is the right approach. Everyone is probably out to make it a good place, so just shout if you need help and we'll do our best. Keep up the good work mate.

@polymerwitch this was what I like about diasporas proposal, encrypt everything.

@polymerwitch Is it terrible that I imagine someone will eventually write a client that encrypts, chops messages into 500 character chunks, and sends them through Mastodon DM as a security tunnel?

Because honestly, I only know 3/4 of that would be feasible and I have no idea how much of a server PITA that stuff would be. (I barely did dev work, but I'm very good at breaking shit, that's why I was in QA, but I know zip all about stuff that would, to others, obviously overload things.)

@sydneyfalk I think that will happen too, but I think the answer is to treat DMs here as hidden, but not private. If you want private messages using signal or riot.im as a back channel makes sense to me

@polymerwitch I was aware of signal, but riot.im is news to me. :) TYVM!

@kodo I'll have to look into it, I fell out of crypto stuff ages ago when I was still unmedicated -- wonder how much I can pick up and how quick. (With the new regimes (already in|coming into) place, I think I need to get on it sooner rather than later.)

@polymerwitch @thegrugq

I don't trust myself, let alone other people. The only legit assumption is that everything is compromised.

“When one is writing a letter, he should think that the recipient will make it into a hanging scroll.”
― Tsunetomo Yamamoto, Hagakure

@polymerwitch if someone posts a direct message to another user on the same instance, can admins of other instances see that message?

@bcrypt @polymerwitch yes. Assume that everything on gnusocial is purely public and can be viewed by anyone. There have been discussions about having "real" DMs and my favoured option would be to have a field in the database and UI button for "contact me directly". That could then fire up your preferred xmpp client with omemo and so on. By keeping private and public as separate majesteria you can optimise for both situations.

@bcrypt I don't believe that would federate with us. if users on our instance can see a message in their TL then it's stored plaintext in the db

@polymerwitch This is concerning, but not surprising, and should be public (more public at least) information. How hard is it to edit the code of your own instance?

Sign in to participate in the conversation
Toot.Cat

A Mastodon instance for cats, the people who love them, and kindness in general. We strive to be a radically inclusive safe space. By creating an account, you agree to follow our CoC below.

Instance Administration

  • Woozle: Supreme Uberwensch, general support, web hostess
  • Charlotte: tech support, apprentice in warp-drive arcana (aka Mastomaintenance)
  • ash: backend stuff, gay crimes

The Project: