Has anyone taken note, BTW, that with the federative structure of these instances, there's no easy way to get metadata on who is communicating with whom?
Connections to the instance and [AFAICT] between instances are TLS-secured, and the only thing that a MITM can figure out is that mastodon.hasameli.com talks to mastodon.social etc.
This is a significant benefit over peer-to-peer connections for those persons concerned with 'guilt by association' type situations - the servers federate amongst themselves, so you can talk with other folks with some assurance that it's nontrivial for those not inside the network to figure out.
The only thing that we really need at this point is a decent E2E crypto suite to tack on to this in order for DMs to have some assurance of privacy.
@munin I think that'd be best implemented as a userscript tbqh. Users shouldn't have to trust the administrator to not send them backdoored crypto.
@anomie Very valid point.