I don't expect it to stay closed source. But there are significant differences to Mastodon. Just to give one example: Mastodon server admins actually can read your private messages. Also Blue Sky's approach to data portability and how to implement filtering/indexing is more developed. It might be personal preference, but I prefer AT Protocol's approach where the servers have less powers, and the users have more power. A lot of little design decisions add up to a qualitative difference.
Microblogging shouldn't have private messages. Let people have a profile and a link to an email address or similar and be done with it.
I'm not sure why a service designed to publicize things so that everyone can see them ALSO chooses to take on "private messages." I get that's how the big money incumbents see it, but I feel like less would be more here.
I'm fine getting private messages on platforms but I do not want to put out my email for the general public to contact me. That information is also far more dangerous to put out than just messaging me on a platform. Yes you could just create an email for that purpose but I feel most people won't do that.
I would imagine Twitter server admins can also read your private messages if they really wanted to since Twitter doesn't use E2E encryption. Am I unaware of something/Is there a reason to believe differently?
The remaining Twitter engineers break the API every 2 days and are slowly dismantling a functional UI into an incoherent mess that doesn't load most of the time.
I have absolutely no confidence in any e2ee implementation that would be served from twitter.com and trusting Elon or anyone that still claims to speak for Twitter on any security guarantees it offers would be foolish.
They also recently broke the API for their "circle tweets" which is supposed to let you create private tweets that only go out to a subset to your followers, and stay private to everyone else, but of course that ended up not working anymore and they ended up in your profile.
I'm not sure how they actually go about doing that though. Unless of course you enter your key and decrypt client side, which I suspect the majority of users won't like.
There is nothing stopping this from being implemented in ActivityPub too, and in fact there are already pub/pri keys there to do this. However you still need to trust that the instance you are on and the one your are communicating with play by the rules.
With Twitter, I can at least assume the admins don't give a fuck about the average user. On Mastodon, an admin will be serving far fewer users and might actually be motivated to snoop on someone they know.
