ActivityPub, the protocol that powers the fediverse (including Mastodon – same caveats as the first two times, will be used interchangeably, deal with it) is not private. It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable. To function, the network relies upon the good faith participation of thousands of independently owned and operated servers, but a bad actor simply has to behave not in good faith and there is absolutely no mechanism to stop them or to get around this. Worse, whatever legal protections are in place around personal data are either non-applicable or would be stunningly hard to enforce.
Email is only protected under certain circumstances, and the law does not contemplate protection against the provider… only the provider’s disclosure of your email to third parties. However, internal disclosure is, as far as I know, not prohibited.
Refer to the Email Privacy Act (USA) and the GDPR for more info.
Note: Best to consult a privacy lawyer versus a Melpomene if you have questions. @RoboRay
Sure, but that’s not the broad and obviously false claim made.
Agree, which is why I shared. Just looping you in as a courtesy!