Follow

So Mastodon does NOT encrypt DMs.

I was able to trace a string directly from a DM into a the postgres database. There is no encryption at rest. Nor is there end to end encryption. (Yet!)

Here is a photograph of a DM with the string "N0VAn0vaN0VA"

It is possible to connect to the database as a Mastodon admin (owner of the instance) and query for specific records/DMs.

su - 'postgres' -s /bin/sh -c 'psql'

\c mastodon_production

select text from statuses order by id desc;

h/t @ellie

ellieayla.net/@ellie/108216109

@ellie

There it is. Easy peazy. Lemon squeezy.

Make sure you follow good privacy practices folks.

🐘 💨

@nova I don't know the details of when, but it is on the roadmap to have this introduced

@luxliquidus @nova A visibility enum is *simple* and *direct* but certainly not *private*.

select * from statuses where visibility=3;

On Pleroma Admin we have it easier
(Note the Chats box with the user DMs)

@nova Neither do most other social media platforms, AFAIK. The threat vector here is just that there are so many servers, each with their own admins. Which is why @darius emphasizes so much the role of trust in social media.

@lrhodes @nova correct. the federated model is equivalent to unencrypted email (which most of the world seems fine with, for better or for worse).

I do know end to end encrypted DMs are coming to Mastodon. But also that breaks the federation model a bit -- other services won't support it, and getting the ux around that correct (like how Signal degrades to SMS, except for infinite potential remote services) is hard for a volunteer team of a handful of people.

@darius @lrhodes @nova This is true, AND, one can get away with "This is a hard thing to do for a volunteer team of a handful of people" for only so long. At some point, someone on the bridge of this social media vessel needs to make a call and dedicate their small amount of resources to working on fixing something that's not really broken but could be.

@trishalynn @darius @nova I've been thinking. Maybe the better way to do it is indirectly. That is, instead of having e2e encryption in Mastodon (which also creates the issue of how different releases deal with passing DMs back and forth), maybe hook into the API of an existing encrypted messenger (say, Signal) and pass private messages that way.

@lrhodes @trishalynn @nova that would be offloading the relatively easy part (the encryption) and leaving the hard part (ux) though!

@darius @trishalynn @nova Maybe so. I wasn't really thinking in terms of difficulty. And at rate, I don't see a way to offload the ux problem.

What offloading the encryption part could do, I think, is emphasize the distinction between Mastodon DMs (which will stay unencrypted on servers that are slow to upgrade, and on other ActivityPub systems that Mastodon federates with) and genuinely private p2p messages. Seemlessness feels like a liability in this case.

@lrhodes @trishalynn @nova that's the ux problem though. I'm not even saying that Mastodon is trying to do something seamless (I genuinely don't know), just that the user expectations are there and it makes everything that much harder

@nova they can also be seen by admins between instances, just FYI!

@nova This is already known, but I think there is already an issue/pull request adressing this.

@nova This is what the documentation sais: docs.joinmastodon.org/user/pos

"Mastodon is not an encrypted messaging app like Signal or Wire, the database administrators of the sender’s and recipient’s servers have access to the text."

@tastytea Sorry! I know that the project is aware. I am not necessarily writing these messages for Mastodon developers/maintainers.

This is a message for newcomers to the app who are curious like myself. As a security researcher, I also prefer to exercise these things myself.

Nice to meet you. Do you develop Mastodon?

@nova I’m not a Mastodon developer or maintainer.

I’m just a user who finds it a bit weird that so many people are surprised that DMs are unencrypted, especially since most of them seem to come from Twitter, a service where your DMs are most likely being read by robots to extract and sell information about you, and maybe by people too.

@tastytea It sounds like you made an assumption about myself that isn't necessarily accurate.

I wouldn't say I am "surprised" by this at all. I checked because I "assumed" this was the case.

I am glad I did the research. I now have evidence to support what I shared. I was mostly sharing the validation and independent research that I performed as a 3rd party validation.

@nova This is well known :ablobwink: Encryption for DM's is planned for the future I think! 🤔 💪

Please use a service like Matrix private group E2E encrypted for senstive stuff and don't use social media for that :blobcathearts:

Litte question.. Why would you wanna do this?

Users trust you as a server admin you won't do such things. I get that you can demonstrate but why advertise such things..?

@stux @nova The best thing I can do is to have a stated policy, in writing, that admins on my instance do NOT read DM's, but to be absolutely sure, use an external encrypted app. I guarantee you Twitter has an internal way to read DM's and no policy blocking it. At the end of the day, be trustworthy, like birdsite isn't.

@bradysflungtablet @nova Exactly ❤️ With us it's kinda a pain to even loot it up, and for the birdsite I'm kinda sure they just have a tool for that!

In the past on Mastodon viewing DM's was possible but this has been removed a long time ago 💪 and with a reason 😄 I trust admins on the Fedi much more than any Twitter corp to be honest

@nova e2e encryption is on the road map. but honestly... what's the argument here? do you really think Twitter can't read your DMs?

@tyr Why do you think I am "Arguing" with anyone?

I am doing research and sharing my findings. Why are you imposing so many assumptions on my content?

Sign in to participate in the conversation
Hachyderm.io

If you follow the rules, you are welcome to join. Here we are trying to build a curated network of respectful professionals in the tech industry. We are hackers, professionals, enthusiasts, and are passionate about life, respect, and freedom. We believe in peace. Safe space. Tech Industry. Economics. OSINT/News. Linux. Kubernetes. Infrastructure. Security. Hackers. Respect. LGTBQIA+. Pets. Hobbies.