I’ve noticed a few mistaken assumptions circulating on social media lately, so I thought it was worth clarifying a few things around privacy and surveillance.
Much of this depends on the idea of a threat model: a term that refers to the potential risks you face based on who you think might try to access your information and why.
Making a social media profile private does not make it safe from surveillance.
While it may make you safe from harassment by preventing drive-by comments from outside attackers, its content is still accessible by the platform owner.
For centralized services like Threads and X, this is hopefully obvious: the platform owner can see your content. However, it’s also true on other platforms. For example, the owner of your Mastodon instance could theoretically view your non-public posts.
If your main concern is harassment, setting your account to private can be a helpful step. If your threat model is a state actor or other large entity accessing your information and using it to incriminate you in some way, it does not prevent that from happening if the social media platform co-operates. For example, if X was compelled (or chose to) provide information about users posting about receiving reproductive healthcare, it could do that regardless of an account’s privacy settings. Threads or a Mastodon instance could similarly be subpoenaed for the same information.
Remember, even with privacy settings in place, your data belongs to the platform owner, not you. This is a critical point to understand in any digital space, regardless of ownership or whether it is centralized or decentralized. Even if a platform is decentralized, privacy still depends on who runs your instance, their stance on co-operating with outside requests for information, and the legal demands of the region they reside in.
If a platform chooses to co-operate, a warrant is not necessarily required for this information, and you may never find out that it has happened.
Decentralized/federated social networks are not free from surveillance.
These platforms are based on permissionless protocols, which allow anyone to join the network and interact without needing special permissions from anyone. This is great for accessibility but can also make it easier for bad actors to watch public posts.
In some ways, that makes them easier to surveil than centralized services. For an actor to surveil X or Threads, they would need to work with the platform owner. For an actor to do the same thing with Mastodon or Bluesky, they simply need to implement the protocol and go looking.
This is where making your account private can help, as long as the platform owner is not directly co-operating. (As described above, if a platform owner does co-operate, all data stored with them is potentially accessible.) If your account is public, your information can be freely indexed with no limitations.
Social media is not suitable for sensitive conversations.
As we’ve seen, privacy settings are helpful but limited. Given the limitations of privacy settings on social media, for truly sensitive conversations, it’s wise to switch to encrypted channels. You should also be mindful of what you share on any social platform, even with privacy settings enabled.
I always recommend Signal for sensitive conversations, and suggest using it to replace DMs entirely. You’re much more likely to use it for a sensitive conversation if you’re already using it for everyconversation. Unlike the alternatives, it’s open source and auditable, not owned by a large corporation, end-to-end encrypted, works on every platform, and is very easy to use.
You should also consider using Block Party, which is the most user-friendly tool I’ve seen for locking down your social media privacy settings.
In the end, privacy settings can only go so far. Using a platform like Signal can make a meaningful difference in safeguarding your most sensitive information. It’s a free, simple choice. But even more than that, it’s worth remembering: the point of social media is that someone is always watching. Act accordingly.
Share this post
