Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: Obligatory RIP my inbox.
Then the instance admin holds the private key and can still decrypt.
If you cared that much about privacy in DMs, we should have a “profile page”. Post a PGP public key there. Then you can send PGP encrypted messages to anyone who you have a public key for.
Aye, my proposal was a trade off between privacy and convenience for non technical users ( it’s only as bad as a non federated social media site).
The best balance here would be a client on the user device that manages the keys for you, and an API in lemmy for accepting and sending encrypted messages.
As a side note, I thing PGP is more or less superseded by AGE