Question about private toots


#1

Hi,

Say I run my own Mastodon server, on which I have an account, and I have a follower spensa@malicious.org on another server.
Say I post a toot with permission level “Followers-only”, and spensa@malicious.org receives it.

Will the operator or the malisious.org server be able to see the toot?


#2

Yes but only if admin look into database i think :thinking:


#3

Yes, because toots are sent to all of your followers, this requires that (in the absence of e2e encryption) the server your followers are on receives the posts you make.


#4

What things are encrypted in database? Just wanted to know


#5

I’m not sure what you mean by “encrypted in the database”. Passwords are stored as a one-way hash, which isn’t really encryption but is kind of similar if you squint. Nothing else is stored encrypted in the database, since it would be pointless without major, major architectural changes and UX headaches (since otherwise the server would also need the key to “decrypt” it, so you don’t gain anything except obfuscation)


#6

Yes, I kind of wanted to know about password So anyone that have access to database cant see the password. am i right?


#7

Correct, although that’s only really meaningful in the sense of someone who has read access to the database but not write access to the source code (as they could add, say, a keylogger to the login screen).


#10

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.