A Mastodon server’s posts and user data are stored in its database. Only the server owner and their hosting provider have access to the database.
Mastodon is not end-to-end encryped (E2EE). Some work has been done ⧉ on building an E2EE messaging system into Mastodon, but it isn’t finished yet.
By the way, E2EE sounds complicated and technical, but it is a really simple concept: it just means a message can only be seen by the person who sent it and the person who received it.
What does this mean? Can my server’s admin read my DMs?
In theory, the owner of your server could read your DMs in the server’s database. However, it’s not as simple as that in practice.
An admin would need a certain level of technical skill, as there is no way to view DMs in Mastodon’s admin interface (unless it’s been reported, see below). The server owner would have to manually look through their server’s database directly to read a DM, and bypass Mastodon’s admin interface completely. It’s not something they could do casually.
What about reported DMs? Who can see those?
If the person receiving your DM decides to report it, it will become visible in Mastodon’s web interface to the admins and moderators on their server. If they choose the option to forward the report to your server too, it will be visible to the admins and moderators on your server as well.
Is this normal?
Social networks typically don’t encrypt messages by default. For example, on Twitter/X all DMs and posts are visible to moderators. For this reason, it’s a bad idea to use social networks for sending sensitive information. Mastodon actually shows a warning about this when people are writing DMs.
Sensitive stuff should always be sent by encrypted messengers instead, see below for a suggestion on what to use.
Can everyone see my DMs on Mastodon?
No, they would need direct access to your server’s database, which is restricted to the server owner and their hosting provider.
What should I use if I want to send sensitive information?
If you want to send something sensitive, the best option is to use a dedicated messaging platform that uses end-to-end encryption by default.
There’s a very popular encrypted messaging system called XMPP (also known as Jabber). XMPP is structured like Mastodon, with lots of connected servers, but it is designed entirely for private messaging and calling. There’s a website to help non-technical people sign up on existing servers at JoinJabber.org ⧉ and there’s a managed hosting service to help non-technical people set up their own server at Snikket.org ⧉.
Is XMPP compatible with Mastodon? Is it part of the Fediverse?
No. XMPP is designed entirely for messaging, calling and real time chatting. It isn’t intended as a social network, and doesn’t use Fediverse protocols like ActivityPub. However, the server structure of XMPP is very similar to Mastodon and has the same advantages, which is why it’s recommended on this website.
Some Fediverse server admins also run XMPP servers too. If you’re happy with how your Fediverse server is run, it might be worth asking your server admin if they have an XMPP server too.
How do I make sure XMPP is encrypted?
Modern XMPP apps use a standard called OMEMO for end-to-end encryption. As long as everyone taking part in a conversation has the OMEMO feature switched on, then the conversation will be encrypted. If you’re unsure, you should be able to find OMEMO in your XMPP app’s settings page, and you can check which XMPP apps have OMEMO-compatibility at the Are we OMEMO yet? ⧉ website.
XMPP? Jabber? Which is it?
XMPP and Jabber are the same thing. “Jabber” was the original name, but unfortunately a commercial company bought the trademark for it. A new name was required and it was decided to use “XMPP” officially, though unofficially many people still call it Jabber as it’s easier to remember.
Who controls XMPP?
No one controls it, it’s decentralised and federated. The XMPP network is made up of many indpendent servers that talk to each other.
XMPP is a free open standard maintained by the non-profit XMPP Standards Foundation ⧉. Anyone can use the XMPP standard on their server or app, and each server and app is totally independent.