Direct messages (DMs) on #Mastodon / #ActivityPub / the #fediverse are not end-to-end encrypted (#e2ee) and you should never include sensitive/private information in them.
Until they are e2ee, this is all we should be telling people. Anything else is irresponsible and could cause vulnerable people harm.
Specifically, it doesn’t matter:
- if your instance admin is ethical or not
- whether Elon Musk can read DMs easier on Twitter
- etc.
It’s not end-to-end encrypted. It’s not private. End of.