What you should not forget is that: public posts are public, private posts may still be public if sent to dishonest servers, DMs are not protected by encryption and rely on both involved instance's honesty.
If you allow everyone to follow you your data may get mined just as on the commercial platforms.
If you have a commercial bot (in disguise) in your followers, it will see and mine those toots.
Just being a federation is no silver bullet to the privacy issue. But ou aren't the product anymore.

@ckeen

Among the many good reasons to use mastodon for public discourse and something secure for those privacy things

@RussSharek @kmj @ckeen

It was suggested ages ago that Mastodon just be bundled with an xmpp server to handle DM and private multiuser chats in a combined interface. This is a solved problem; Mastodon is trying to reinvent the wheel.

@frankiesaxx @ckeen @RussSharek

after month of testing and running an und own matrix instance for me riot/matrix is the way to go for secure e2e encrypted 1:1 and group chat.

@kmj
And of course anyone is free to fork it and rework the privacy/DM handling. Let the best software win. (I suspect anything that handled DMs like private chat rooms would be a contender, that's the feature I miss most from Twitter.)
@RussSharek @ckeen

@frankiesaxx @ckeen @RussSharek actually i only have mastodon and riot as apps on my phone. riot on my desktop and notebook too. no other messenger or social app installed. i can live quit well having these two separated. as in commercial world, twitter/fb is ok for users