this post was submitted on 20 Aug 2023
128 points (97.8% liked)

Privacy

31975 readers
498 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 46 comments
sorted by: hot top controversial new old
[–] reddthat@reddthat.com 186 points 1 year ago (5 children)

They are no more safe than sending a message like this :). Except you would be the only person it's targeted for. besides the admins of both instances can read them as well.

Which is why I'm the web interface it says it's not safe/e2e encrypted.

Worried about it? Add a matrix handle to your profile and then it enables a "send a secure message" button in the UI. And redirects people to use matrix to send messages to you

Oh shit that matrix feature is real cool. Thanks for sharing.

[–] SharkEatingBreakfast@sh.itjust.works 14 points 1 year ago (3 children)

besides the admins of both instances can read them as well.

What?

[–] trk@aussie.zone 57 points 1 year ago (1 children)

Wait until you hear about the people hosting your email

[–] reddthat@reddthat.com 8 points 1 year ago (1 children)
[–] VolunTerry@monero.town 2 points 1 year ago* (last edited 1 year ago)

Haha, love the image. I think everyone feels that way the first time they learn it.

End to end encrypt emails whenever you can too. Now, getting those you communicate with to implement and utilize pgp? That's a whole other battle.

[–] rog@lemmy.one 32 points 1 year ago (1 children)

Nothing on lemmy is private. Your instance is just hosted on a server, and in this instance that server is essentially just someone elses computer. Anything you do or say on the server can be viewed by the admin and whoever they decide to delegate access to.

This is true for practically every online service ever.

[–] DivergentHarmonics@sopuli.xyz 3 points 1 year ago

This is true for practically every online service ever.

Sorry i have to correct this statement. Unless all encryption can be broken one day (which is a different discussion), end-to-end encryption can be seen as private ... if both parties can trust each other to keep it so.
One can see if a service/app does e2ee if they (best) ask you to enter your public key (and only that) which will be shared to others to enable them to encrypt messages to you (such PMs can only get decrypted with your private key which is stored nowhere but on your own devices), and verify signatures done using your privkey. In the second-best case, an application will generate a key pair on your device and instruct you to store away the private key it just generated somewhere safe and protected by a long passphrase because if you lose it your PMs can not be recovered.

Interestingly, the ActivityPub protocol and IIRC also the Lemmy database have a "public key" field which could be used for e2ee purposes but the functionality is just not implemented.

[–] Still@programming.dev 22 points 1 year ago (1 children)

the admin of your Instance has full access to your account as they have full access to the database that holds your dms

[–] Lanthanae@lemmy.blahaj.zone 14 points 1 year ago

Yeah, really it would be surprising to me if this wasn't the case.

[–] Kidplayer_666@lemm.ee 12 points 1 year ago

Oh ok, thanks!

[–] gabriele97@lemmy.g97.top 10 points 1 year ago

I didn't know about the matrix feature, thank you!

[–] CaptObvious@literature.cafe 8 points 1 year ago

Didn’t know about the Matrix integration. Thanks!

[–] mo_ztt@lemmy.world 49 points 1 year ago (1 children)

Short answer: Unsafe

Long answer: UNSAAAAAAAAAAAAAAAFFFFFFFFFEEEEEEEEEEFE

[–] kratoz29@lemm.ee 4 points 1 year ago (1 children)
[–] mo_ztt@lemmy.world 9 points 1 year ago

Unsmatrixafe

[–] Xylight@lemmy.xylight.dev 44 points 1 year ago

DMs are basically comments without a post and only one regular user can see it. No encryption, and it can be viewed by admins. (Private message reporting is a thing)

[–] BlackEco@lemmy.blackeco.com 37 points 1 year ago (1 children)

DMs on the fediverse (and Lemmy) are posts with a specific visibility that marks them as DMs. They are sent like any other posts, so there's no encryption and instance admins could in theory read them in the database.

[–] Hotzilla@sopuli.xyz 14 points 1 year ago* (last edited 1 year ago) (1 children)

Not in theory, in practice, but this is not high need feature.

If you need to keep your sexting private, use another platform. If you have a exhibition fetish, go ahead.

As a coder I can say that e2e encryption is pain in the ass, key generation and exchanging, complex and annoying to do.

[–] amju_wolf@pawb.social 4 points 1 year ago (2 children)

e2e encryption is pain in the ass, key generation and exchanging, complex and annoying to do

No, no it's not.

Yes, it's more complex than sending plaintext. But for starters it'd be extremely simple to generate a keypair for every user and publish the public key with their profile. When sending DMs you'd use this public key to encrypt the message.

As for storing the private key you could encrypt it with (a derivative of) the user's password, and store it decrypted possibly just in the user's browser.

This simple measure would prevent simple ways of reading the DMs, though obviously you still need to trust that your instance admins are actually serving you the code they claim they do. But it'd definitely prevent "accidental" misuse.

[–] kalleboo@lemmy.world 14 points 1 year ago (2 children)

As for storing the private key you could encrypt it with (a derivative of) the user’s password

And now every time a user forgets their password and does password recovery, they lose all their DMs.

E2EE chat is a difficult problem.

[–] DivergentHarmonics@sopuli.xyz 2 points 1 year ago

That's a feature not a bug!
Actually, users should not be required to trust the browser storage or in-app key generation, but be enabled to enter their own pgp key.

[–] amju_wolf@pawb.social 1 points 1 year ago* (last edited 1 year ago)

I mean you could just store it encrypted in the database for the basics, and for advanced users allow them to back it up.

There are tons of ways to improve it, but there is definitely way more you can do without much inconvenience to the users. I doubt losing old DMs is a huge issue when you forget your password...

[–] Hotzilla@sopuli.xyz 1 points 1 year ago

Fediverse adds level of complexity on it, like you mention.

Malicious Lemmy instance could man-in-the-middle by providing it's public key in behalf of the user in other side. Normally this can be mitigated by CA, but CA doesn't fit very well in decentralized system.

You could add AES with users own password, but problem is that same malicious instance could also steal users password.

IMHO false sense of privacy is worst than knowing that stuff is unsecure. Again in my opinion fediverse is comparable to yelling in town square.

[–] Melody@lemmy.one 22 points 1 year ago* (last edited 1 year ago) (1 children)
  • It is not unsafe.
  • It is not 100% private. Admins can read your messages if they choose to investigate your messages.
  • It will not get blasted out to the whole fediverse; just to the recipient you indicated. (Unless an admin from the previous point reads your message and publishes it publicly on the fediverse)
  • You do not get to do anything naughty with it; expect to be caught if you break the rules.
[–] booty@hexbear.net -1 points 1 year ago* (last edited 1 year ago) (3 children)

It is not unsafe.
It is not 100% private. Admins can read your messages if they choose to investigate your messages.

These points contradict one another.

[–] lemann@lemmy.one 5 points 1 year ago (1 children)

How so? The message is safely delivered solely to the intended recipient, albeit in plain text (not private).

If there's anywhere that the commonly used email analogy fits, I think it would be here

[–] booty@hexbear.net -3 points 1 year ago (1 children)

Safe and private are synonyms in this context.

[–] towerful@programming.dev 3 points 1 year ago (2 children)

I disagree.
Users likely trust their instances admins

[–] TrustingZebra@lemmy.one 4 points 1 year ago (1 children)

Unless I run a Lemmy instance myself (which is possible), I have zero reason to trust an instance's admins.

Even if my instance's admin happens to be the founder of privacyguides.org, that doesn't mean he will never read any "private" messages (or be forced by someone else to hand them over).

[–] zwekihoyy@lemmy.ml 0 points 1 year ago (1 children)

if you don't trust the instance why would you use it? 🤨

[–] TrustingZebra@lemmy.one 3 points 1 year ago

Even if I did fully trust my instance, I also would have to trust any instance I message with.

I personally just use Lemmy for public comments.

[–] booty@hexbear.net 0 points 1 year ago

What definition of safe are you using which makes a private messaging system without privacy safe? What would have to occur for it to become unsafe, if not being private does not make it unsafe in your eyes?

[–] CrayonMaster@midwest.social 2 points 1 year ago (1 children)

It does what it claims to do, it's just that what it claims to do is clearly not complete privacy.

[–] booty@hexbear.net 0 points 1 year ago

If something claims to be unsafe and delivers, that doesn't make it any more safe.

[–] Melody@lemmy.one 2 points 1 year ago (1 children)

No; they don't. You just wanted to be a reply guy.

[–] booty@hexbear.net 2 points 1 year ago

They absolutely do. A private messaging system which is not private is the definition of unsafe. Especially in the context of a post on !privacy@lemmy.ml

[–] Gork@lemm.ee 12 points 1 year ago (2 children)

Anyone remember the days when they were called PMs? They are least used the word Private in the acronym.

[–] Nioxic@lemmy.dbzer0.com 1 points 1 year ago (1 children)
[–] Gork@lemm.ee 4 points 1 year ago

Direct Message. As opposed to Private Message.

Services at least acknowledge that the messages aren't private, which is an improvement I guess.

[–] KrapKake@lemmy.world 1 points 1 year ago (1 children)

Yes, and when we used the term "programs" instead of "apps" for everything.

[–] Gork@lemm.ee 1 points 1 year ago

Let's go even farther back and say they were all "applications"

[–] HiddenLayer5@lemmy.ml 8 points 1 year ago (1 children)

Not safe at all because it was not designed to be, it even tells you as much. Use them to exchange e2ee contacts and then use that.

[–] roanescence@mstdn.social 2 points 1 year ago

@HiddenLayer5 @Kidplayer_666 U can use it to privately talk as much as ur comfortable with it going public.

[–] booty@hexbear.net 4 points 1 year ago

I don't know any of the technical details, but my understanding is they're very unsafe. Our instance has a warning recommending that you take conversations involving sensitive information to Matrix

[–] Grownbravy@hexbear.net 3 points 1 year ago

I dont think they’re supposed to be any safe at all. As part of our board culture we’re to expect that DMs offer no security, and to use other platforms if it’s a concern.