#mastondon Friends!
Technical Discussion
156
Posts
65
Posters
36
Views
-
@evan @scottjenson
But if you forget to set it to PM, there are no stripes, which should be a jarring visual clue.I suppose adding a second compose button would make you choose sooner, but ultimately you have to always click on the right buttons in the right order.
They could change the default when you are viewing your PM list. That would make sense.
This is what I meant that there are lots of things to look at here. As Evan points out, let's make PMs actually something distinct and clearly not a message. Too many people either think something is a PM and it isn't or it is, and it shows up in your feed which makes people panic!
So many simple things to clean up here.
-
@scottjenson not at all critical.
Hint: you could re-run this as a poll, for the question.
@grahamperrin Oh I plan to! But it helps to have a conversation first so I know WHAT to put into the poll...
-
@scottjenson Hey Scott! I'm so glad you're tackling this issue. I have lots of trouble with DMs on Mastodon. I think you're addressing, these, but here goes:
The biggest one is how easily they're confused with regular messages. I routinely mess this up, and make private messages public, or vice versa.
The next is how hard it is to visualize threads - especially in the existing notification section. I often lose my place in complex discussions
@benpate Could not agree with you more! Do you have any ideas on how to improve threads? Any products that do it well for example? Branching threads are a bit like merging PRs, the dependency tree can get crazy complex!
-
@scottjenson encryption that still works if one of the parties changes fediverse servers seems like it maybe technically challenging
I also would note that a lot of my interactions on the Fediverse are not very “microblogging” focused. Ie this response isn’t a blog post.
I largely use DMs here for private but non sensitive content (like “hey your url is broken” or “you have a typo on that post”
@Rycaut Exactly. My hypothese is that most PMs are scoping outisde of the public discourse and are not in need to encryption. This doesn't mean it's not a good long term goal! Just saying lots of usage does not require it
-
@scottjenson I must request encryption, because even though I don't need it right now. ...
A - you never know when you might need it
B- if I did, I might feel really uncomfortable telling you the reason, so I'm gonna assume that I'm piping up for some of those folks.@morst No one is saying encryption is off the table. Just that I wanted to start with low hanging fruit (bucause the improvements are so much easier. Others are working on the encryption (it's a VERY hard problem)
-
System moved this topic from Uncategorized on
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson
Seems like another way to ask what you're getting at is "would you consider improvements to private mentions useless without encryption?"My answer to that would be no. There are plenty of other options for encrypted messaging.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Please make UX improvements first. Adding complex encryption won't make a difference when people accidentally send a public toot thinking it's private.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson encryption is not trivial. Focus on the basics and get them nice and convenient. Then try to solve the encryption puzzle :)
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson encryption not needed, I use a safe messenger if I need that. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think encryptef messages are important, but I also think that lower-hanging fruit (e.g. improved UX) should be done first
-
@jochenwolters That's a very clear explanation thank you. I don't think many apprecaite just how hard it is to add encryption properly and it's like going to take a while. As we already have PMs in the product and improving them would be very helpful, it seems like we shouldn't wait.
Part of why I'm asking is that here are MANY ways to use PMs, many of which do not require encryption at all. Of course it would be very nice to have. But I just want to call out, even with encryption, you likely want to be very careful using Mastodon for organizing as your profile and public posts would likely leak a tremendous amount of personal info.
Again, this doesn't mean we shouldn't do it, just that microblogging makes it hard to proprely protect your identity.
@scottjenson Thanks for the thoughtful response, Scott. I sincerely appreciate that! And I agree with everything you write.
Here's a little IxD detail in Mona 6 that's I find very useful. I hardly use the official Mastodon clients. So if they lack such a reminder, adding it should be a fairly minor effort with a huge upside in terms of setting the accurate security expectations with users.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson
I'm not here for encrypted messaging. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I hardly use DM, so wouldn't care if it wouldn't be encrypted.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
There’s a deadly footgun embedded in Mastodon’s “private mentions”—any account that is @ mentioned receives the message, even when they are not the intended recipient. For an example of how this plays out, check out the “Direct messaging does not work” section in this April 2025 blog post.
Referring to someone using @ mentions is part of the muscle memory of Mastodon users. (Convenience plays a major part, @ mentions provide autocomplete options once you type in a few characters.)
In the past, Eugen Rochko had defended this as behaviour that a user should expect. In other words, he considers this behaviour a sane default. Maybe. (A completely different UI paradigm only for “private mentions” will be tricky, it will go against user expectations—I understand that.)
But in that case, I think enabling end-to-end encryption for “private mentions” is kinda pointless.
-
There’s a deadly footgun embedded in Mastodon’s “private mentions”—any account that is @ mentioned receives the message, even when they are not the intended recipient. For an example of how this plays out, check out the “Direct messaging does not work” section in this April 2025 blog post.
Referring to someone using @ mentions is part of the muscle memory of Mastodon users. (Convenience plays a major part, @ mentions provide autocomplete options once you type in a few characters.)
In the past, Eugen Rochko had defended this as behaviour that a user should expect. In other words, he considers this behaviour a sane default. Maybe. (A completely different UI paradigm only for “private mentions” will be tricky, it will go against user expectations—I understand that.)
But in that case, I think enabling end-to-end encryption for “private mentions” is kinda pointless.
@dialecticalmusings Thank you. This has been mentioned by others as well. I can see how this behavior could be problematic.
-
@scottjenson Thanks for the thoughtful response, Scott. I sincerely appreciate that! And I agree with everything you write.
Here's a little IxD detail in Mona 6 that's I find very useful. I hardly use the official Mastodon clients. So if they lack such a reminder, adding it should be a fairly minor effort with a huge upside in terms of setting the accurate security expectations with users.
@jochenwolters Agreed! These are the type of fixes I'd like to consider IN ADDITION to continuing to work on backend encryption
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Any UX improvement would be great.
Maybe it is possible to integrate something like XMPP or MLS later for encrypted DMs? They could both federate too.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think all of these ideas stem from how, on every other platform, DMs are a fundamentally different "thing" than posts. I worry that a dedicated interface and separate notifications reinforce that expectation away from the technical reality. They make private mentions look more like DMs, but they still don't act like it. So then when those posts aren't encrypted, or you tag someone and they get a notification about it, you're even more surprised.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson A UI change first would go a long way in alerting you if you break your intended private mention by including more than 1 at sign or any hashtags. This can be a source of great angst.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think that every message not meant as a public broadcast should be end-to-end encrypted, regardless of the app or service that people use to send it. People shouldn’t have to worry if the information they’re exchanging is private and secure or not. It should be table-stakes these days, just like HTTPS is for websites. When you create a website, you don’t ask yourself if it’s sensitive enough to need it, it’s just common practice to generate an HTTPS certificate for everything.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Might bee a bug, I need to touch things regarding that
-
-
@julian @mario Yes, it supports both Add and Announce. However, wrapped activities are simply added to a conversation, there is no concept of "group" yet.
-
Is this what Mitra does now for 171b/1b12 cross-compatibility?
-
@julian I think Lemmy can keep sending Announce, but accept Add(Activity) as equivalent. FEP-171b implementers can do the reverse. That's easy and doesn't require any breaking changes. @nutomic @mario
Please don't use multi-typing :]
-
Hi #WAFRN @admin@app.wafrn.net
I see messages coming in, that provide in context just the following:
https://app.wafrn.net/contexts/litepub-0.1.jsonld
So i miss the following:
https://www.w3.org/ns/activitystreams
As an AS context is missing, i currently don't process such messages.
Is this by purpose?
-
@scottjenson In my opinion, encryption is moot as long as the behaviour of not having a distinction between “recipients” and “mentioned accounts” persists.
@gracjan
-
> @silverpill@mitra.social said:
>
> Alternatively, they can start using Add instead of Announce, like we do. @julian Does that sound feasible?I personally have no problem with it (after all, I advocated in OP to just send both activities)
But I know @nutomic@lemmy.ml will absolutely veto the discussion because it is a breaking change for the entire threadiverse, and he is not wrong.
There is a third option... and that is to send a single multi-typed activity 🤣 maybe this is the turning point for adoption of multi type activities! (Of course I'm only half joking because I'm sure that'll be ruled breaking and unfeasible too.)
