You must log in or register to comment.
They are not. Your server admin and the admins of the server you send the message to could read the message, because its not encrypted.
IMO it should be some sort of private key to negotiate keys, but each message (or at least set of messages) encrypted with its own key that you can safely share with the server owners to report spam/bad actors.
Yeah, I’ve got a proposal that’s being worked on: https://github.com/soatok/mastodon-e2ee-specification
