I just closed my Instagram account and was about to start uploading my photos to a private account on Pixelfed.
I was just wandering if the images I upload are stored encrypted or if everything is stored as is on the server.
I couldn’t see any mention of it, so I assume an instance owner could just go through everyone’s photos on the server even if they’re marked as private.
I tried looking through the source code to see if I could answer the question myself, but nothing is jumping out at me.
So hopefully someone with more knowledge than me can answer this question for me, thanks!
No ActivityPub-based services are really private. There is no mechanism for end-to-end encryption, access-listed posts, or even true DMs. ActivityPub is intended as a microblogging-style publishing service with interaction built in, with privacy not being in the spec’s scope.
Maybe some day they’ll retrofit privacy to the protocol, but that would involve reengineering it to handle key management and end-to-end encryption, which would be a hard problem.