Librem Social Privacy Concern


#1

Has Purism access to all the Librem Social user data or is the data full encrypted?


#2

librem.one

Policy
No Ads
No Tracking
We respect you
Just private secure messaging, end-to-end encrypted communications, and public social; as it should be.


#3

What data are you talking about? if you toot smoething it’s public, obviously.


#4

Indeed. I somehow missed the joke in the question :grin:


#5

Maybe not be so dismissive? Op asked

Has Purism access to all the Librem Social user data or is the data full encrypted?

vs.

Policy

No Tracking
We respect you

Purism has access to all posts, unless posts are encrypted client-side using keys unavailable to server admins. Librem Social is Mastodon, and my understanding is there is no such encryption, not even for PM’s.

So Librem Social users will just have to trust Purism staff to never access any data - and hope that neither the Mastodon database nor any backup is ever hacked, leaked or seized. And if posts are federated, that trust has to extend to every instance that gets a copy.

But maybe I’m mistaken. Do you know for sure that such encryption is in place?


#6

There’s sort of the same issue with Matrix (Librem Chat). Chat history is replicated between home servers. I think that pure-Matrix messages might be end-to-end encrypted, with no way for server admins to read their contents.

However, Matrix also very ambitiously tries to bridge various IM islands. Chats, where at least one party uses some unencrypted IM, will of course be sent unencrypted to the (outside only?) world.

And then we have other IM systems that are in fact encrypted, but using different methods. So messages can be almost e2e encrypted, except they need to be re-encrypted along the route. I think that happens on the home server, meaning anyone with access to the server database (or a backup) will be able to read those messages.

But there are many details that I have not fully understood about Matrix operation. Maybe @matthew from the Matrix team can clear things up?


#7

Let me re-quote myself:

Just private secure messaging, end-to-end encrypted communications

That’s Librem Chat and Librem Mail
(opt-in, but there’s always an indicator whether it is encrypted)

public social

That’s Librem Social. It is, by definition, public. Like this Forum.
Private messages via mastodon are disabled, as Librem Chat serves for that.

as it should be.


#8

So we agree that the answer is “yes, Purism has full access and no, it’s not encrypted”? And we agree that this holds not only for public posts, but also for any private messages sent using Mastodon/Librem Social?

Because that’s what the op asked about, and I think it’s a valid question. Anyone could be lead to believe that private messages would be encrypted. Especially since it seems Purism removed the local and federated timelines, so the visible messages could look like a private conversation among friends.

Let me quote yourself, too:

In this case, my impression is that you sneered at an honest question while providing an answer that was not entirely helpful to the op.

This surprised me, because I have great respect for the quality and sheer number of replies you provide to this forum otherwise. I assume you just happened to act a little too fast this time.


#9

No, because

and the OP asked very general, not about private messaging.
The OP did not clarify, as rinokeros asked, what they mean with “data”, so it’s a bit speculative, but it seemed a bit like asking if Twitter knows the contents of my tweets.

So the main point is, Librem Social is not meant for private conversations.
And that is exactly as advertised.

What is more concerning, IMO, is that (seemingly) encryption in Librem Chat is not on by default.
I’m very new to Matrix myself, so I assume this needs to evolve.
But, in contrast to Librem Social, this is not as advertised.
At least, the app makes you aware very prominently that you’re about to send something unencrypted.


#10

Matrix is working on it so e2ee can be enabled by default. At the moment it doen’st work on all clients. Here is an interesting talk from the project lead about matrix in general, the implementation for the french government and what’s to be expected for 2019: https://fosdem.org/2019/schedule/event/matrix_french_state/


#11

Aparently, I’m getting old… :pensive: I watched it when it was new. It’s really interesting!


#12

Yes, it would have been easier if op had clarified what data he was referring to. But it’s clear that he wanted to know if Purism has access to the data on Librem Social. They do.

Now, I still think it’s possible for someone to understand that tooting something public means it’s, well, public - and still think toots to followers-only is more private, maybe even encrypted.

It could be that we never get to know if the op was thinking along those lines, but other people finding this thread might. In which case a straight “no encryption” answer would be helpful.

My apologies, I didn’t notice that sentence. (Also, I can’t find any official mention of this removal.)

So, wondering how Librem Social deals with incoming PMs from other Mastodon instances or other apps, I found this:


Problem fixed server-side, one way or other…


#13

It’s also in “What’s new” in the Play Store

AFAIK, PMs across instances is not possible anyway. I might be wrong.


#14

Ah. Unfortunately, I don’t use G services, not even for official news from Purism :wink:

At least it has been possible. What gargron seems to have done, in the commit I linked, is to make the server endpoint a dead end. Whether that is the endpoint where other servers connect or where apps connect I don’t know. (Mastodon has different protocols for s2s and c2s, IIRC.) Reading the code is a possibility, but…

Wonder how other Mastodon instances react, when Purism Social refuses PMs. If they were already built to handle that situation and have a means to notify the sender, or not.


#15

I don’t really know facebook and twitter in detail. I don’t use them. But I think a replacement for facebook with data I share with friends and family without sharing the data with facebook would be more important than something like twitter. Whats even the different when I put my public data on twitter or librem social? It’s public obviously :upside_down_face:


#16

I had a similar thought. I rather expected “Librem Social” to be Diaspora or Friendica or somethingl like that.
I would have called the Mastodon instance “Librem Echo” or “Librem Shout”.
Or, in accordance with the Librem Social Icon: “Librem Megaphone”

Yet, there are advantages over twitter (but I agree, Facebook needs to be replaced more badly).
No tracking, no (targetted) ads are the obvious ones.
Less obvious is the “no manipulation, no please-don’t-leave-yet-I-have-so-many-more-tweets-to-show-you” trait.


#17

Facebook cannot be replaced just like phone numbers and SMS cannot be totally replaced.
You can still use anything you like, the problem is going to be when you want to connect to “normal”
people who don’t have anything else. This is why Facebook became too big to fail, we do whatever we
want kind of cancer.


#18

Yet, there are advantages over twitter (but I agree, Facebook needs to be replaced more badly).
No tracking, no (targetted) ads are the obvious ones.
Less obvious is the “no manipulation, no please-don’t-leave-yet-I-have-so-many-more-tweets-to-show-you” trait.

I, agree. The manipulation is a very big problem in technology. Technology should be an assistant not a drug dealer.


#19

I know a lot of people who would be happy to have a real alternative which you can trust and who would use two services. They use facebook now only passive to consume. They no longer contribute any content. Facebook will not there be forever or maybe will be like SMS is today. Its there but you send a message not with SMS you use matrix (or this other cancer which belongs to facebook).


#20

All I know is that Facebook/Whatsapp are not going to disappear in the near future. 99% of people don’t
care about privacy because of the “I have nothing to hide” ideology.
So you end up with 2 kinds of people in your contact list - the ones who use Signal/Wire and are both
privacy and Opsec aware, and the rest who use Whatsapp/Messenger and don’t care much about
metadata sharing. The encryption in Whatsapp is actually very solid (it uses the Axolotl framework from
Signal, which is audited and reviewed).
I don’t see any one of my contacts switching to Matrix just because it’s not audited, got hacked recently,
and just there is no sense in an exotic new tool when you have Signal for 1% and Whatsapp for 99%.
They both have better security than Matrix.