For those using Private message on Lemmy, there is a major vulnerability. It seems that this instance still runs 18.5

I know that our beloved admins are volunteers and busy, so I don’t blame them for not updating, but while waiting for the update be aware that your PM are as public as your comments

  • InEnduringGrowStrong@sh.itjust.works@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    I can confirm that DMs are not encrypted and are stored in clear text and therefore could technically be read by admins with database access.
    While we are not actively looking or browsing through DMs, I’d still recommend not sharing anything sensitive through lemmy DMs and instead use something like Matrix or Signal.