Direct/private messages are NOT end to end encrypted on #mastodon, don't use it for anything sensitive - https://microblog.shivering-isles.com/@sheogorath/105374055398321836
You'll have to manually encrypt messages using pgp or something if you want #privacy on DMs. If you're concerned about this, just try to let the #devs know. An ideal solution would be to implement e2ee on the #activitypub protocol itself, so that all #fediverse platforms and future platforms get it. This way, even cross-platform DMs would be encrypted.
> Don't use [DM's] for anything sensitive
In addition don't use DM's and expect them to hang around as an archive of past conversation.
If people you DM'ed with clean up & delete messages on their side, they also disappear from your inbox, breaking the conversation threads.
It can be really confusing if you are not aware of this.
Note sure if the latter is a good approach as E2EE is notoriously difficult to implement and comes with a massive pain-in-the-ass requirements such as key verification. I would let Mastodon do one thing - ActivityPub - well and leave E2EE to projects that specialise in direct secure comms.
I said this cause e2ee is pretty much basic these days. Especially when mastodon advertise itself as a privacy friendly alternative, people would think that DMs are e2ee - this is misleading. Also I don't think the unix philosophy applies to security features.
And like I said, e2ee should be implemented on activitypub protocol itself. So that every platform that uses the protocol gets it. Encryption should also work in cross platform DMs this way.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.