this post was submitted on 01 Aug 2023
7 points (100.0% liked)

Fediverse

287 readers
1 users here now

This magazine is dedicated to discussions on the federated social networking ecosystem, which includes decentralized and open-source social media platforms. Whether you are a user, developer, or simply interested in the concept of decentralized social media, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as the benefits and challenges of decentralized social media, new and existing federated platforms, and more. From the latest developments and trends to ethical considerations and the future of federated social media, this category covers a wide range of topics related to the Fediverse.

founded 2 years ago
7
We tried to run a social media site and it was awful (www.ft.com)
submitted 1 year ago by [email protected] to c/[email protected]
15 comments fedilink hide all child comments
 

Extinction looms for FTAV’s Mastodon presence

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 year ago (1 children)

Anyone who owns a server can access all the data stored on it, unless the data is end-to-end encrypted. Whether it's mastodon, Lemmy, Facebook, twitter, Gmail, vBulletin, whatever.

If you need to say something that you can't risk anyone else seeing, use an end-to-end encrypted messaging app, or implement encryption yourself using e.g. PGP.

[–] [email protected] 0 points 1 year ago (1 children)

I mean I don't care I'm not saying anything illegal anyway, and I assumed reddit administration could read messages, I'm just surprised. I assumed because of how lemmy started and the whole idea of taking away drastic overreach by admins that private messages would be set up to be... private.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

The admins to perform upgrades, monitoring, fixes, etc.. will require root access to the database. That means they can alter all your posts to say *blah blah blah" if they wanted.

Similarly passwords will be encrypted within the database and encryption algorithms have to be able to go in both directions. Normally they need a seed value to start random generation. The admin defines the seed as a result an admin can decrypt everything in the database.

[–] [email protected] 1 points 1 year ago

This is incorrect, passwords should be hashed, not encrypted. Hashing is only one way (unless you use a terrible hashing algorithm or your attackers have access to a quantum computer), these hashes are also often salted, which means adding extra data to the hash to protect against some attacks