Extinction looms for FTAV’s Mastodon presence

  • CaptainJanegay@kbin.social
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Anyone who owns a server can access all the data stored on it, unless the data is end-to-end encrypted. Whether it’s mastodon, Lemmy, Facebook, twitter, Gmail, vBulletin, whatever.

    If you need to say something that you can’t risk anyone else seeing, use an end-to-end encrypted messaging app, or implement encryption yourself using e.g. PGP.

    • emeralddawn45@discuss.tchncs.de
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      I mean I don’t care I’m not saying anything illegal anyway, and I assumed reddit administration could read messages, I’m just surprised. I assumed because of how lemmy started and the whole idea of taking away drastic overreach by admins that private messages would be set up to be… private.

      • stevecrox@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        The admins to perform upgrades, monitoring, fixes, etc… will require root access to the database. That means they can alter all your posts to say *blah blah blah" if they wanted.

        Similarly passwords will be encrypted within the database and encryption algorithms have to be able to go in both directions. Normally they need a seed value to start random generation. The admin defines the seed as a result an admin can decrypt everything in the database.

        • kspatlas@artemis.camp
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          This is incorrect, passwords should be hashed, not encrypted. Hashing is only one way (unless you use a terrible hashing algorithm or your attackers have access to a quantum computer), these hashes are also often salted, which means adding extra data to the hash to protect against some attacks