Here’s one post about it. I’m not one for direct messaging on social media personally. And on centralized services it’s true that your direct messages can be seen by employees if they’re sufficiently motivated or by court order, hacks, that sort of thing. But on mastodon both the administrator of your instance and the admins of the instances of the people you’re messaging can see your direct messages. Since an instance can be set up quickly by just one person, there’s higher likelihood of access. That person may have no qualms about accessing private info, they may have insufficient resources for proper security, or to fight legal efforts to access information. A large company will in theory have more concern about reputational risk if it’s uncovered they’ve accessed private information than some individuals will. I know many people running instances take great pride and care in what they do, but that’s not always true.
Setting an instance is easy, but actually getting a significant amount of users is much more difficult. And as admin you can only see the private messages of your local users, no one else. So if you are not talking about illegal stuff the risk is negligible. And if you are, use a real messenger application or better yet avoid all computers.
Here’s one post about it. I’m not one for direct messaging on social media personally. And on centralized services it’s true that your direct messages can be seen by employees if they’re sufficiently motivated or by court order, hacks, that sort of thing. But on mastodon both the administrator of your instance and the admins of the instances of the people you’re messaging can see your direct messages. Since an instance can be set up quickly by just one person, there’s higher likelihood of access. That person may have no qualms about accessing private info, they may have insufficient resources for proper security, or to fight legal efforts to access information. A large company will in theory have more concern about reputational risk if it’s uncovered they’ve accessed private information than some individuals will. I know many people running instances take great pride and care in what they do, but that’s not always true.
Setting an instance is easy, but actually getting a significant amount of users is much more difficult. And as admin you can only see the private messages of your local users, no one else. So if you are not talking about illegal stuff the risk is negligible. And if you are, use a real messenger application or better yet avoid all computers.