Had a lot of conversations about privacy and security on the fedivers recently, its an interesting subject that is central to meany people that I tend to leave to one side. Lets take a few moments to look at this.
Mastodon has only a figleaf of hard encrypted security with normal TLS used by meany sites. It is a #openweb app with no internal encryption for any part of its messaging or content. It makes a big play in announcements about security and privacy but if you think of this as hard coded in any way into the system you have been told a “white lie”.
What mastodon has (like all good #openweb apps) is good social security built on intelligent layers of trust and good moderation tools for both users, mods and admins. This soft security is actually mostly real were the hard-security is in the end brittle theatre as the networks and devices it runs on are inherently insecure.
In this we find the opposite of what most people push in technology, real security comes from social trust, with simple strong KISS tools to build this trust. The current #mainstreaming of trust nobody is a dangerous and stupid idea.