Another masto privacy query:

Do you know how much admins of local and remote servers have access to?

The admin of your local server can fairly easily access any and all posts you make, no matter how private you set them to.

The admin of any remote server that receives a post you make ALSO has full access to that post, regardless of privacy settings.

So for example, if you DM private info to someone on another server, their admin could theoretically look at that DM and all attached media.

@pandora_parrot But Mastodon doesn't send your posts to instances that don't host a user that you've accepted as a follower, right?

@moonbolt That's true for most posts, but not for public posts. Those will go everywhere unless your server has that server banned/blocked.

@pandora_parrot @moonbolt Public posts only reach instances where at least one person follows you. (Individual public posts can also reach an instance by being boosted by someone followed by someone on that instance.)

@cassolotl @moonbolt Also, relays will forward all public posts from your server to other servers on that relay.

@pandora_parrot @moonbolt Oh yeah, I forgot those were a thing! Last time I checked most instances weren't using them, but I don't even know how to find out whether a given instance uses a relay...!

@cassolotl @moonbolt So annoyingly, it's not reported anywhere. Beach City belongs to a few, as do several of the furry instances.

@pandora_parrot @moonbolt Whoa! That's maybe something for the Github issue list. Feature request: publish relay connections somewhere publicly accessible.

@pandora_parrot @moonbolt (I'd add it now but it's 1am and I'm on mobile! If no one else does it I'll add it tomorrow.)


I didn't know the details. But I'm cynical enough to always send DMs with the thought in the back of my mind that someone else could get hold of them. This means there are careful limits to what I will and won't DM. :/

@pandora_parrot i literally have no idea how to access any of that, even though i admin an instance, lmao

i also have pretty much zero interest in learning how to access it

@extinct I was the same as you until a user asked me to fix the capitalization on their newly created account which required some database hacking. At which point I dug into it all and was *shocked* at how easy it was to see all of his posts, private or public.

@extinct Luckily, it was less than 10 posts at that point and I had permission to be doing what I was doing, but OMG it was pretty eye opening to see how I could just look up posts however I wanted.

@pandora_parrot yeah, there's been a few PSAs about it in the past, but it should kind of be an * on every instance, plain and clear, so people know that their account is not a secure place to have sensitive info

really, who knows who can see your stuff on other sites, best just not to put it out there and use actually secure, encrypted options instead

@extinct SUPER STRONG agree on this. I want like a warning to pop up before they use higher privacy settings and shit so that, for like on our server, they know they're trusting me (and @violetSpark) with all of their data. AND trusting us to keep abreast of who we're federating with and any bad actors that might be out there. and so on and so forth.

@pandora_parrot Honestly, I would be surprised and confused if this wasn't the case. Why would an admin of a server not be able to access everything on it? They need to be able to see stuff in case there are problems. We are meant to choose servers run by admins we trust because of this. It seems like common sense to me.

@cassolotl You can see by the poll that it is not, in fact, universal. While it seems 85+% of people do know this to be the case, it's definitely not universal.

@pandora_parrot Of course! :) Common sense is never universal. It's just that I would find it weird if the admin of any kind of server didn't have access to any part of it. 🤷

@cassolotl I think there's a lot of non-technical people that don't quite get that kind of thing.

I think also like that's not how Discord works? And a lot of folks think masto is more like Discord somehow, where all the "mastodons" are more connected via some centralized authority or something.

They don't realize that when we "run a server" we literally are operating a computer that hosts the database and everything.

@pandora_parrot I mean, I am very vocally not at all technical, I've done a lot of advocacy speaking up about how hostile Mastodon is both as a community and behind-the-scenes/development-wise to non-technical people. I get that others know less than me though, or different stuff to me.

@pandora_parrot Will you do a follow-up poll asking how people feel about this? I'd be curious to see those results!

@cassolotl Sure! What do you think I should ask more specifically?

@pandora_parrot Hmmm, I dunno, something like, how does the above info make you feel?

I knew, it's fine/good
I didn't know, it's fine/good
I knew, I don't like it
I didn't know, I don't like it


Or just

It's good
It's whatever
I don't like it
Other/see results


@pandora_parrot i did not know this, but it doesn't surprise me, either. my general assumption re: sending info online is that it could be seen by someone other than its intended recipient unless explicitly stated.

thanks for the insight!

@drexagon I'm so glad you got this information then! I think it's really important to know what you're consenting to when you post online.

Sign in to participate in the conversation
Beach City

Beach City is our private beach-side sanctuary for close friends and awesome folks. We are various flavors of trans, queer, non-binary, polyamorous, disabled, furry, etc.