@pain but email servers don't leak my emails to people i didn't send my emails to, lol

@u2764 @pain yes they do! Every server your email goes through keeps a copy for a little while, while they figure out a route for it. Probably longer. http://consumer.findlaw.com/online-scams/email-privacy-concerns.html

@LogicalDash @u2764 @pain thats actually a different issue. targeted attacks are rather hard with email, but broad attacks are what get you hit -- current mastodon is the opposite issue (along with twitter, to a lesser extent (only because vastly more volume so less singling out other than keyword search))

targeted attacks are easy here, and the broad attacks are somewhat easy. but the average user cant go snoop your email, they have to spin up a masto instance for that at best

@pain @u2764 @LogicalDash which is to say, an email server getting hit runs the chance of your emails getting hit/leaked, but requires a modicum of skill and modivation when its not directly at a person, and more if it is targeted

@LogicalDash @u2764 @pain like i get that people think email is insecure and rightly so, but you're looking at the wrong sort of privacy -- data privacy vs what i can only describe as conversation privacy

@nire is there an issue with direct messages that I didn't hear about? I've only heard complaints about followers-only being leaky, and followers-only posts are not exactly part of a conversation, more like posting to a mailing list...and those are leaky in similar ways, yeah?

@LogicalDash followers only should be essentially what it was before, just with federation to servers that honor it. send to followers, no ability to boost

@LogicalDash right now, since they refuse to enforce the 'only federates to instances that support it' bit, its nigh worthless, especially with how theres literally nothing indicating something is a mastodon instance without you signing up, if i wanted to spool up a fake page + instance i could, so that i could follow you and you wouldnt know unless you *gave me your email*

@LogicalDash because i gaurantee you mastodon.x.y is open for so many domains, and that splashpage isnt the hardest to copy

@LogicalDash the current privacy stuff is quite frankly a slap in the face to anyone who has been voicing these concerns for the past six months. People have started saying the hostility has died down, but that is only because *we have silenced more than half of those instances*

@nire I guess you mean we need a whitelist for the followers only bit

@LogicalDash no! its simpler than that.

theres talk of a version number of a sort that lets you tell not-masto things from masto, and you can just like, impliment that for certain queries. it increases overhead, sure, but its not hard to be like 'yo respond to everything w/ x silently with #v1.3.1, or something

and then just, only give things to those, or things that support $feature, when you know the other people refuse to even care

@nire how would that solve the case of single user domains spun up for eavesdropping purposes?

@LogicalDash it doesnt. it solves the problem of single user domains that dont support it being spun up just to boost anything marked private

@nire if you've already modified the software to boost things marked private, modifying it to lie about what it supports isn't much marginal effort

@LogicalDash except its way more activation energy and need than 'oh, heres a gnu social docker'

@LogicalDash its not that its modifying software to boost it, its that private things act as unlisted posts there