Well, I mean, there is a lack of privacy. That's kind of how the platform exists architecturally. I just don't find that to be a problem, per se. It's a social platform, which makes sense to me for everything on the protocol to be "open" to one degree or another. Not everything has to be securitymaxxed.

[–] adhisimon@lemmy.world 1 points 2 hours ago

I agree with you. It's a social platform. Most people might think it's a nice feature, but I don't think E2EE is an urge.

[–] artyom@piefed.social 1 points 4 hours ago* (last edited 4 hours ago) (1 children)

What lack of privacy are you referring to?

[–] skaffi@infosec.pub 6 points 1 hour ago

The fact that everything you write, upload or otherwise do (boost, upvote, downvote, etc.) is never private in any way or at any point, on any platform using the ActivityPub protocol, including Mastodon, along with every other platform or service that's a part of the Fediverse, such as Lemmy or Piefed. Everything is out in the open, able to be seen by third parties.

This is by design, and it's what enables federation to take place between a multitude of servers aka. instances. So it's a trade off.

But properly implemented encryption could help to mitigate this to some degree. I think think most things won't meaningfully benefit from being encrypted, since most things on these platforms are meant to be publicly visible in the first place - such as this conversation you and I are having now. But it would certainly be nice to be able to have direct messages that are also for sure private messages. And I can imagine a couple of other things where encryption could also be meaningfully applied, to some extent.