Did you know that Mastodon "private" messages aren't private? Aside from not being end-to-end encrypted (and thus readable by instance administrators), they CC anyone @-mentioned ANYWHERE in the body of the message (not just those listed at the start).

Also, if you "turn off" private messages, anyone can still send them to you. They're just silently ignored by your client, without warning to the sender.

Basically, Mastodon private messages are a dumpster fire. 

 I think it’s pretty common knowledge they’re DMs not PMs. Certainly that information is shared regularly. 

No worse and probably better than X or Meta. It’s less likely being read by nefarious agencies.

Folks needing e2e should use the appropriate tools.