ok look the "DMs are not secure" stuff is missing the point of DMs -- yes, they arent secure, but they are ~private to not-admins
like, privacy-from-observers and security are different things and i hate that people keep thinking people mean one when they def mean the other
'im not really ok with the entirety of ppl following/federated seeing this' is different from 'i need my messages secure forever'
and telling people 'just use signal/etc' for things they want people not to see but dont really care about it being secure is kind of shitty and missing the point
@nire these are good points. that said, there are times when you want private conversation to be secure, and it's important to know that dms aren't that -some people WOULD assume.
@Maenad sure but they arent secure in any of the things that dont already bill themselves as secure
@Maenad like -- yes, dont share things that would be incriminating/blackmail worthy if you dont want it to happen, but the threat model is basically 'a rogue admin has someone you want to talk to or impersonates something you want to talk to' and at that point they actually have to want to read your DMs
@Maenad and honestly on the whole, when it comes right down to it people using their actual phone number for signal and exchanging it in a DM is the most catastrophic scenario if a focused person actually wanted to do something
@Maenad but if you need secure stuff, as always, use secure things, though telegram basically cant be trusted and people keep recommending it so i honestly dont see the point for that one, but i digress, the problem is that the middle ground is 'i dont really want eavesdroppers but username exchange (or worse, phone number for signal) is not worth it (or its own threat)