technical note about this tech as I see some confusion/misconceptions:
Admins of your instance have complete control over your account. Really, we can read all the posts (including DMs) and we can even impersonate/hack your account with ease.
Make sure you trust your admins.
Here on toot.cat we have a CoC that applies to both admins and non admins. Admins are expected to abide by the CoC and not oppress users as well.
@Moustache yep. running your own instance is a totally fine thing to do. I'll even help anyone get one setup :)
@polymerwitch why not yeah. up for some tuts ? toot.
@Moustache I would start with the mastodon github:
https://github.com/tootsuite/mastodon
I've heard of people having great success running an instance on a raspberry pi. If/when you run into issues just ping me questions and I'll see if I can help :)
@polymerwitch J'ai pas regardé le code ( c'est du ruby en plus ... ) ca me semble logique, sauf si on considere la mise en place de cryptage mais ca doit être méga chiant a gérer ...
@polymerwitch Which is exactly the same risk model as IRC. Not sure why people are freaking out.
@kwanre I think a lot of users are learning about the threat model of adversarial admins on for the first time. Many people are not used to being able to choose servers to trust
@polymerwitch Shit I don't know if I can trust @chr Can I trust you dude?
@bksmgglr @polymerwitch i haven't put forth any explicit policies on the matter but i place myself under the same restrictions i would anyone else on the server. the only content i read is public content / in my feed and DMs addressed to me directly.
@polymerwitch @chr I was mostly joking. Although I think it is important to take this topic seriously. I personaly like that you want to keep this instance small, I think it is the right approach. Everyone is probably out to make it a good place, so just shout if you need help and we'll do our best. Keep up the good work mate.
@polymerwitch this was what I like about diasporas proposal, encrypt everything.
@polymerwitch Is it terrible that I imagine someone will eventually write a client that encrypts, chops messages into 500 character chunks, and sends them through Mastodon DM as a security tunnel?
Because honestly, I only know 3/4 of that would be feasible and I have no idea how much of a server PITA that stuff would be. (I barely did dev work, but I'm very good at breaking shit, that's why I was in QA, but I know zip all about stuff that would, to others, obviously overload things.)
@sydneyfalk I think that will happen too, but I think the answer is to treat DMs here as hidden, but not private. If you want private messages using signal or riot.im as a back channel makes sense to me
@polymerwitch I was aware of signal, but riot.im is news to me. :) TYVM!
@sydneyfalk we can already do that heh keybase encryption is plain text
@kodo I'll have to look into it, I fell out of crypto stuff ages ago when I was still unmedicated -- wonder how much I can pick up and how quick. (With the new regimes (already in|coming into) place, I think I need to get on it sooner rather than later.)
@sydneyfalk keybase is pretty easy to use.
I don't trust myself, let alone other people. The only legit assumption is that everything is compromised.
“When one is writing a letter, he should think that the recipient will make it into a hanging scroll.”
― Tsunetomo Yamamoto, Hagakure
@polymerwitch if someone posts a direct message to another user on the same instance, can admins of other instances see that message?
@polymerwitch @bcrypt another reason to support encryption
@bcrypt I don't believe that would federate with us. if users on our instance can see a message in their TL then it's stored plaintext in the db
@polymerwitch This is concerning, but not surprising, and should be public (more public at least) information. How hard is it to edit the code of your own instance?
@polymerwitch or don't trust anybody. never. ever.