No. Mastodon isn’t E2EE. Some work has been done ⧉ on building an encrypted messaging system into Mastodon, but it isn’t finished yet.
What does this mean? Can my server’s admin read my DMs?
In theory, the owner of your server could read at your DMs in the server’s database. However, it’s not as simple as that in practice.
An admin would need a certain level of technical skill, as there is no way to view DMs in Mastodon’s admin interface. The server owner would have to manually look through their server’s database directly to read a DM, and bypass Mastodon’s admin interface completely. It’s not something they could do casually.
Is this normal?
Social networks typically don’t encrypt messages by default. For example, on Twitter/X all DMs and posts are visible to moderators.
Can everyone see my DMs on Mastodon?
No, they would need direct access to your server’s database, which is restricted to the server owner and their hosting provider.
What should I use if I want to send sensitive information?
If you want to send something sensitive, the best option is to use a dedicated messaging system with end-to-end encryption.
There’s a very popular encrypted messaging system called XMPP (also known as Jabber). XMPP is structured like Mastodon, with lots of connected servers, but it is designed entirely for private messaging and calling. There’s a website to help non-technical people sign up on existing servers at JoinJabber.org ⧉ and there’s a managed hosting service to help non-technical people set up their own server at Snikket.org ⧉.
Is XMPP compatible with Mastodon? Is it part of the Fediverse?
No. XMPP is designed entirely for messaging, calling and real time chatting. It isn’t intended as a social network, and doesn’t use Fediverse protocols like ActivityPub. However, the server structure of XMPP is very similar to Mastodon and has the same advantages, which is why it’s recommended on this website.
Some Fediverse server admins also run XMPP servers too. If you’re happy with how your Fediverse server is run, it might be worth asking your server admin if they have an XMPP server too.
How do I make sure XMPP is encrypted?
Modern XMPP apps use a standard called OMEMO for end-to-end encryption. As long as everyone taking part in a conversation has the OMEMO feature switched on, then the conversation will be encrypted. If you’re unsure, you should be able to find OMEMO in your XMPP app’s settings page, and you can check which XMPP apps have OMEMO-compatibility at the Are we OMEMO yet? ⧉ website.
XMPP? Jabber? Which is it?
XMPP and Jabber are the same thing. “Jabber” was the original name, but unfortunately a commercial company bought the trademark for it. A new name was required and it was decided to use “XMPP” officially, though unofficially many people still call it Jabber as it’s easier to remember.
Who controls XMPP?
No one controls it, it’s decentralised and federated. The XMPP network is made up of many indpendent servers that talk to each other.
XMPP is a free open standard maintained by the non-profit XMPP Standards Foundation ⧉. Anyone can use the XMPP standard on their server or app, and each server and app is totally independent.