@greghendrix On the other hand, thatâs true for most communication we do over the internet: Twitter, e-mail, Discord, Slack, and so on. Server owners and administrators can always read your data. The only exception is end-to-end encrypted services, like Signal.
@sod @pimoore @pratik Thanks for clarifying. I donât know much about the topic and had a couple of questions.
@greghendrix These are a good couple of questions. đ Iâll try my best to answer them.
1. Yes, absolutely. Governments, for example. Last year, 23.9 thousand information requests affecting 54.9 thousand accounts were submitted, and Twitter handed out the information in ~38 % of the cases. They receive information requests from non-government folks as well. For example, during divorce proceedings, one party might be interested in what the other has been up to online.
Anyone who decides to compromise Twitter â as a whole or targeting individual accounts â may also be able to read DMâs. Data breaches and leaks happen all the time. Depending on the vulnerability exploited, DMâs wonât be accessed in all cases. One from the top of my head that did involve DMâs was the incident back in 2020. And the other incident in 2020. This year, the data leak affecting 5.4 million Twitter accounts involved personal data about anonymous accounts but no DMâs.
Also worth noting is that âpeople that work at Twitterâ is not static. You might decide that âhey, the current owner and the thousand of employees are 100 % good people and would never spy on behalf of a foreign country.â Okay, thatâs fine. But what about the next owner and the employees of tomorrow? đ
2. Thatâs not a totally unrealistic scenario youâre describing. Yes, the people owning your data can read it and decide what to do with it. For example, monetizing it, as Google famously did with Gmail until late 2017. (They read Gmail usersâ emails and displayed personalized ads based on the content.)
> [B]ut is that different since Twitter is a company and the person running the game dev Mastadon server is just a person?
I donât know. I guess Twitter would have more money and resources to defend itself in court should it break any laws. đ
When it comes to conversations online that are not end-to-end encrypted, I think about them as a chat with a friend in a public space, like a cafe or a park. You have reasonable privacy, but thereâs always a risk of someone overhearing your conversation.
@sod Thanks for the detailed response, itâs very interesting. Iâll read through the links you posted. People were talking about Mastodon at work and were put off by the server owner being able to read your messasges, but it seems like we already donât have privacy no matter what we do when using online services đ
@greghendrix I wouldnât go as far as saying no matter what we do, but yes: privacy online is hard to get right. đ You are out of luck if the service provider has the keys to encrypt and decrypt your data.
To keep something secret from third parties, you and the person youâre communicating with must be the keysâ sole owners. Thatâs end-to-end encryption. Element, Session, and Signal are three alternatives for sending messages end-to-end encrypted.
