Someone told me they are public some months ago? Like if someone wanted to look up your lemmy DMs they could.
Comment on Xitter Pause Encrypted DMs.
sparky@lemmy.federate.cc 3 weeks agoAs it happens, you shouldn’t trust Lemmy DMs either, as they’re not encrypted and can be read by instance administrators. So don’t use them to say anything that you wouldn’t be okay making public.
NotMyOldRedditName@lemmy.world 3 weeks ago
Robust_Mirror@aussie.zone 3 weeks ago
There was an exploit in version 0.17.0 through 0.19.0 (fixed in 0.19.1) that, from what I understand, allowed people to view DMs of anyone by reporting them, but as you can’t know the ID of a given DM you’re not part of, they couldn’t really target a specific user, but rather would just send reports to a range of potential IDs and see what comes back.
ferrule@sh.itjust.works 3 weeks ago
this should be the default stance when using any built in encryption. always separate the mode of encryption from the mode of transmission.