Someone told me they are public some months ago? Like if someone wanted to look up your lemmy DMs they could.
Comment on Xitter Pause Encrypted DMs.
sparky@lemmy.federate.cc 5 days agoAs it happens, you shouldn’t trust Lemmy DMs either, as they’re not encrypted and can be read by instance administrators. So don’t use them to say anything that you wouldn’t be okay making public.
NotMyOldRedditName@lemmy.world 5 days ago
Robust_Mirror@aussie.zone 5 days ago
There was an exploit in version 0.17.0 through 0.19.0 (fixed in 0.19.1) that, from what I understand, allowed people to view DMs of anyone by reporting them, but as you can’t know the ID of a given DM you’re not part of, they couldn’t really target a specific user, but rather would just send reports to a range of potential IDs and see what comes back.
ferrule@sh.itjust.works 5 days ago
this should be the default stance when using any built in encryption. always separate the mode of encryption from the mode of transmission.