Conversation

Notices

1. Embed this notice
   pawlicker (pawlicker@outpoa.st)'s status on Monday, 06-Mar-2023 15:10:49 JST pawlicker
   So here's a reminder to anyone on the fedi; DIRECT MESSAGES ARE NOT PRIVATE! Never, ever, use the fedi chat as a private secure chat.
   
   It's been commonly talked about about how fedi DMs are insecure because some admin on a power trip can easily get the SQL database (on either instance, mind you) if he has a grudge against you and leak them. So many shitty fedi instance operators are notorious for petty grudges.
   
   However recently something else happened; an entire instance (Chudbuds.lol) just got hacked with the database leaked and DMs and everything posted. Even worse, the site got hacked via the owner being utterly inept with computers, you know the classic "click an .exe file and run some nicephoto.jpg.exe" trick people used back in the 00s that somehow big corporations have issues with. Of course that instance was a high profile target, being next to the "dramasphere" on the fediverse.
   
   Now here's the thing; even if you didn't have an account on said instance, any message you sent via DM to a user of this instance got leaked as well.
   
   It's vastly more secure to do any sort of chats offline with people, maybe just use DMs to share messenger IDs. There's Matrix, XMPP, or even Telegram or Discord (still less leak prone than fedi DMs) that exist and can be used to talk about something off site, away from admins. This is especially true if you're on or talking to a user from a high profile or notorious instance where the owner/some users have attracted the attention of raging shut-ins who will stop at nothing to take said instance down.
   
   Don't get me started on if the datacenter is raided and the server is raided. I'm actually seeing people talk about using the fedi as a decentralized communications platform in Ukraine, which is a bad idea if someone else were to take the servers and dump the DB, let alone hackers.
   
   Tl;dr fedi DMs are not secure and don't use them as such.
   • ⛧Airgetlam⛧ likes this.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Monday, 06-Mar-2023 15:10:48 JST Fediverse Contractor

     in reply to
     Nobody is going to read a massively wrong autist post. Keep it short and to the point.
   • Embed this notice
     pawlicker (pawlicker@outpoa.st)'s status on Monday, 06-Mar-2023 15:15:08 JST pawlicker

     in reply to

     • Fediverse Contractor
     • Eris
     It's basically in the first line, use literally anything else. The problem is people keep ignoring this like how they set their passwords to 123456.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Monday, 06-Mar-2023 15:15:08 JST Fediverse Contractor

     in reply to

     • Eris
     The fediverse is flawed by design. Fedi is dead.
   • Embed this notice
     Eris (eris@gleasonator.com)'s status on Monday, 06-Mar-2023 15:15:09 JST Eris

     in reply to

     • Fediverse Contractor
     @bot @pawlicker He’s basically saying to use Nostr if you want to DM your friends.
   • Embed this notice
     Eris (eris@gleasonator.com)'s status on Monday, 06-Mar-2023 15:16:32 JST Eris

     in reply to

     • Fediverse Contractor
     @pawlicker @bot Joking aside, normalfags probably should not be running their own instances anyway. Something like this is bound to happen with someone who doesn’t know what they’re doing.
     ⛧Airgetlam⛧ likes this.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Monday, 06-Mar-2023 15:16:32 JST Fediverse Contractor

     in reply to

     • Eris
     I've been saying this forever.
   • Embed this notice
     pawlicker (pawlicker@outpoa.st)'s status on Monday, 06-Mar-2023 15:21:25 JST pawlicker

     in reply to

     • Fediverse Contractor
     • Eris
     There's a lot of people who shouldn't be anywhere near a computer trying to run websites IMO. See FurAffinity, Gab, Parler, etc.
     ⛧Airgetlam⛧ likes this.