Red
link
fedilink
1851Y

They are no more safe than sending a message like this :). Except you would be the only person it’s targeted for. besides the admins of both instances can read them as well.

Which is why I’m the web interface it says it’s not safe/e2e encrypted.

Worried about it? Add a matrix handle to your profile and then it enables a “send a secure message” button in the UI. And redirects people to use matrix to send messages to you

besides the admins of both instances can read them as well.

What?

Nothing on lemmy is private. Your instance is just hosted on a server, and in this instance that server is essentially just someone elses computer. Anything you do or say on the server can be viewed by the admin and whoever they decide to delegate access to.

This is true for practically every online service ever.

This is true for practically every online service ever.

Sorry i have to correct this statement. Unless all encryption can be broken one day (which is a different discussion), end-to-end encryption can be seen as private … if both parties can trust each other to keep it so.
One can see if a service/app does e2ee if they (best) ask you to enter your public key (and only that) which will be shared to others to enable them to encrypt messages to you (such PMs can only get decrypted with your private key which is stored nowhere but on your own devices), and verify signatures done using your privkey. In the second-best case, an application will generate a key pair on your device and instruct you to store away the private key it just generated somewhere safe and protected by a long passphrase because if you lose it your PMs can not be recovered.

Interestingly, the ActivityPub protocol and IIRC also the Lemmy database have a “public key” field which could be used for e2ee purposes but the functionality is just not implemented.

Wait until you hear about the people hosting your email

Red
link
fedilink
81Y

Haha, love the image. I think everyone feels that way the first time they learn it.

End to end encrypt emails whenever you can too. Now, getting those you communicate with to implement and utilize pgp? That’s a whole other battle.

the admin of your Instance has full access to your account as they have full access to the database that holds your dms

Yeah, really it would be surprising to me if this wasn’t the case.

Didn’t know about the Matrix integration. Thanks!

I didn’t know about the matrix feature, thank you!

Oh shit that matrix feature is real cool. Thanks for sharing.

@Kidplayer_666@lemm.ee
creator
link
fedilink
121Y

Oh ok, thanks!

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.97K Posts
  • 74.6K Comments
  • Modlog