ok look the "DMs are not secure" stuff is missing the point of DMs -- yes, they arent secure, but they are ~private to not-admins
@nire LIKE TWITTER
@boots right, but also twitter has less admins who are going to be specifically going through your tweets, so its kind of a moot point
@boots i really hate the 'its just like twitter' thing because volume of relevant things is much higher there than here -- reading your DMs as a twitter admin would be pretty tiring and hard to do on a visual scan
@boots but here if you really wanted to it wouldnt be that hard, especially if you made a domain hacking one to impersonate people
@nire hm
i didnt think about much of that
@boots basically twitter being able to read your DMs doesnt really matter because theres no possible personal interest in twitter reading your DMs, but everyone acts as if there is so says the threat pattern is the same
@boots and like i dont mean to scare anyone but at the very least some sort of way so they only work on masto would be cool
@nire i dont think there's an api to identify an instance as mastodon sadly
@boots there is tho, everyone just says there isnt. theres a version number thing somewhere
@boots but you can also do it via encoding, etc, even if its not *strong* encoding, so at the very least the other software would have to implement decoders, and, by extension since its just as 'hard', actual DMs