• 4am@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      Seems if the messages are sent in an inherently insecure fashion, all one would need to do is set up an instance that purposefully does not filter out all the things it’s supposed to be kind/competent enough to filter out, and boom it has everything.

      • kevincox@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        It’s not “inherently insecure” at least not to that degree. (Once could argue that lack of E2EE is insecure.) If you stand up an unrelated instance you shouldn’t be able to access private messages that don’t relate to an account on your instance. So only bugs in your instance, or your conversation partner’s instance, will be able to leak those messages.

    • jherazob@beehaw.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      I recall somebody’s working on actual, E2EE Mastodon DMs, but couldn’t give you details, i guess when it’s ready we’ll know when people start using it