The 200+ Sites an ICE Surveillance Contractor is Monitoring (www.404media.co)

submitted 3 weeks ago by drascus@sh.itjust.works to c/privacy@lemmy.ml

28 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] davel@lemmy.ml 5 points 3 weeks ago

ActivityPub DMs are not encrypted between servers

It is insofar as TLS/SSL/HTTPS encryption is used in transit. That’s what I mean by encrypted in transit.

i could read anyone’s DMs to users on other servers

If you’re an administrator for (WordPress) ActivityPub server A, you can see all the DMs coming to and leaving from your server, yes. And they’re not encrypted at rest, so you can read them any time. But how would you see DMs going between server B and server C, when your server isn’t involved in the transaction?

[-] arotrios@lemmy.world 3 points 3 weeks ago* (last edited 3 weeks ago)

It apparently scrapes everything on the public feed. So when I subscribed to users on Mastodon server A from Wordpress, DMs from Mastodon server A going to Mastodon server B became visible.

I had a separate account on Mastodon server A to confirm that I couldn't see these DMs as Mastodon user on server A, and that the Wordpress scrape was grabbing messages normally not meant for public view.

This was using the ActivityPub plugin for Wordpress about six months ago.

EDIT: I should be clear that I was as surprised as the other commentators that the DMs weren't encrypted and that I could see them at all through a 3rd party software. I did NOT see DMs between local users - only cross-instance.

this post was submitted on 12 Mar 2025

88 points (98.9% liked)

Privacy

36445 readers

903 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS