Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
Then the instance admin holds the private key and can still decrypt.
If you cared that much about privacy in DMs, we should have a “profile page”. Post a PGP public key there. Then you can send PGP encrypted messages to anyone who you have a public key for.
Aye, my proposal was a trade off between privacy and convenience for non technical users ( it’s only as bad as a non federated social media site).
The best balance here would be a client on the user device that manages the keys for you, and an API in lemmy for accepting and sending encrypted messages.
As a side note, I thing PGP is more or less superseded by AGE