Seems if the messages are sent in an inherently insecure fashion, all one would need to do is set up an instance that purposefully does not filter out all the things it’s supposed to be kind/competent enough to filter out, and boom it has everything.
Yes, just like on twitter, reddit, and most of the other platforms the Fediverse is trying to replace, server admins are free to read your messages. There’s no encryption. The Fediverse just adds more server admins to the mix.
I would not recommend using the DM function on most Fediverse platforms for things you’d like to keep private. While in most cases there are no privacy risks, there are also very few guardrails to ensure that.
You’re better off using a federated platform with encryption support like Matrix or XMPP. Neither of those are very safe if you don’t verify the other’s keys (although neither is any other chat service, even Signal) but both are much safer.
If it weren’t for the lack of shared credentials, I would’ve expected someone to add a minimal secure chat client to the Lemmy frontend already. Especially on the servers that host a Matrix server already
It’s not “inherently insecure” at least not to that degree. (Once could argue that lack of E2EE is insecure.) If you stand up an unrelated instance you shouldn’t be able to access private messages that don’t relate to an account on your instance. So only bugs in your instance, or your conversation partner’s instance, will be able to leak those messages.
Seems if the messages are sent in an inherently insecure fashion, all one would need to do is set up an instance that purposefully does not filter out all the things it’s supposed to be kind/competent enough to filter out, and boom it has everything.
Yes, just like on twitter, reddit, and most of the other platforms the Fediverse is trying to replace, server admins are free to read your messages. There’s no encryption. The Fediverse just adds more server admins to the mix.
I would not recommend using the DM function on most Fediverse platforms for things you’d like to keep private. While in most cases there are no privacy risks, there are also very few guardrails to ensure that.
You’re better off using a federated platform with encryption support like Matrix or XMPP. Neither of those are very safe if you don’t verify the other’s keys (although neither is any other chat service, even Signal) but both are much safer.
If it weren’t for the lack of shared credentials, I would’ve expected someone to add a minimal secure chat client to the Lemmy frontend already. Especially on the servers that host a Matrix server already
It’s not “inherently insecure” at least not to that degree. (Once could argue that lack of E2EE is insecure.) If you stand up an unrelated instance you shouldn’t be able to access private messages that don’t relate to an account on your instance. So only bugs in your instance, or your conversation partner’s instance, will be able to leak those messages.