I think they are leaving out something quite important in this blog post - nobody is using their real names here.
It's very different from Meta or Google or whatever big tech company people have accounts on, where they know your real name and many more details, such as phone number and address.
I don't see the privacy danger in someone sweeping up what we are talking about here, since we are pseudo anonymous. Am I missing something?
Whats the value of random aliases discussing something and why is that a privacy issue?
This is sadly a text written with much confidence about something they understand very little about. Especially the part about the GDPR is IANAL completely wrong.
Yes, DMs over AP are not secure. That's why there is the big banner above it in nearly every AP implementation. The rest is pretty much FUD.
if I sent you a private message, is that viewable in plain text by not just the instance owner we’re both on
Yes.
other federated instances too?
Not by design, but instances can misbehave.
private messaging over AP
Private is misleading here: for messaging to be private, no third party should be able to read the messages. In practice, this usually requires end-to-end encryption.