#mastondon Friends!
Technical Discussion
119
Posts
43
Posters
10
Views
-
@jarango My thinking exactly. My concern is that there are some peolple that really want it and I'm trying to suss out how important it is to them (and why) What I'm getting so far from this thread is quite the opposite.
@scottjenson I can imagine encryption would be a very important feature for lots of folks drawn to the Fediverse.
-
@scottjenson I think just knowing that the DMs are not encrypted is enough IMHO. If you want something encrypted use Signal.
@phillycodehound @scottjenson Agree that Signal would cover it for most people, but some (like me) can't get a Signal account because we don't own a cellphone...
(I'm not saying that the numbers are large enough to justify adding it here, just pointing out that not everyone can use Signal even if we want to.)
-
@phillycodehound @scottjenson I was going to say that I pretty much feel the same, but on the other hand, Bluesky *kind of* has this feature now already?
Maybe something like this would work here as well rather than built-in?
@stefan
That's interesting! But it kind of begs the question how you're using encrypted communication. I get that you can launch this Germ app from within Bluesky as a convenience, that's cool, but if you're REALLY using encrypted communication, you're not going to be using it exclusively from Bluesky.Others have said it but I'm thinking the venn diagram of people that need encrypted messaging (which is huge and valid) is quite distinct from people that need private mentions on a microblogging platform.
-
@phillycodehound @scottjenson Agree that Signal would cover it for most people, but some (like me) can't get a Signal account because we don't own a cellphone...
(I'm not saying that the numbers are large enough to justify adding it here, just pointing out that not everyone can use Signal even if we want to.)
@asmaloney @phillycodehound Fair enough, but there are other encrypted messaging apps other than Signal yes?
-
@asmaloney @phillycodehound Fair enough, but there are other encrypted messaging apps other than Signal yes?
@scottjenson @phillycodehound Maybe there are, but that's where everyone I would want to communicate with are.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Encryption would be very good for private mentions. The point of “private” is that it is private. If someone is notifying of a security related issue for example - no one else should see it. Not only is it against the description of the feature; it’s an actual problem because the feature implies a trust that should not be given.
Don’t assume people can connect on other services. Fix the problem. DMs and private *mean* private to people. Regardless of the tech.
-
@scottjenson I can imagine encryption would be a very important feature for lots of folks drawn to the Fediverse.
@jarango bingo, now you know what I'm kind of making a strong point to get a feeling about how strongly people actually feel about this.
My point is that encrypted communication is very valuable, but it's usage is quite distinct from microblogging. I'm trying to understand who needs it WITHIN Mastodon (vs just switching to an app that specializes in and likely will do a better job if I'm honest)
-
@phillycodehound @scottjenson I tend to agree with you. Not every platform really needs encryption, and given that Signal is already the gold standard for private messaging, going over there makes sense to me.
@crackhappy @phillycodehound Kind of where I'm coming from. I'm making this point a bit "in the open" not to say any decision is made, but to see if I'm missing something important.
-
@scottjenson Encryption would be very good for private mentions. The point of “private” is that it is private. If someone is notifying of a security related issue for example - no one else should see it. Not only is it against the description of the feature; it’s an actual problem because the feature implies a trust that should not be given.
Don’t assume people can connect on other services. Fix the problem. DMs and private *mean* private to people. Regardless of the tech.
@mattwilcox all fair points!
-
@mattwilcox all fair points!
@mattwilcox My issue is simple: Should Mastodon replace Signal? Given how good it is, I'm trying to understand it's place in the world vs ours?
-
@neal yes! Good point. We already do PMs however so we'd start with fixing these
@scottjenson One thing that probably needs to go away is the ability to accidentally drag someone into a conversation by mentioning them. That flexibility is *dangerous* for private messages.
-
@scottjenson One thing that probably needs to go away is the ability to accidentally drag someone into a conversation by mentioning them. That flexibility is *dangerous* for private messages.
@neal OOOOOh, that's a cool point! Thank you. What are you suggesting, that PMs are ONLY 1:1?
-
@mattwilcox My issue is simple: Should Mastodon replace Signal? Given how good it is, I'm trying to understand it's place in the world vs ours?
@scottjenson No. But if you offer “DMs” or “private mentions” you have to fulfil on that. You can not palm it off to other services. Nor do you need to replace other services. You just have to deliver on the implicit promise.
I think it’s unfair to assume users will know or find out that “here” DM/private acts differently to every other service using those terms.
So either fix that; or rebrand those things.
-
@jarango bingo, now you know what I'm kind of making a strong point to get a feeling about how strongly people actually feel about this.
My point is that encrypted communication is very valuable, but it's usage is quite distinct from microblogging. I'm trying to understand who needs it WITHIN Mastodon (vs just switching to an app that specializes in and likely will do a better job if I'm honest)
@scottjenson as often happens in UX, it comes down to ontology.
Is this a place for publishing or communicating? Are DMs in service primarily to facilitating the former or exclusively for the latter?
Someone has to decide. I can't imagine that's easy in a volunteer-driven org.
-
@neal OOOOOh, that's a cool point! Thank you. What are you suggesting, that PMs are ONLY 1:1?
@scottjenson I think that PMs should lock to who they are initiated with. That means the people tagged for that conversation when the PM is initialized are the only people who can be in the conversation. Further mentions *must not* expand the group.
I don't know if that means you should break the ability to do a private reply to a public message, but UX wise it might make sense to do so.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
Yes, I need it.
Because I do not trust you, the admin.
I also don't trust those who will seize servers. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson broadly, encryption for DMs on a social network isn't something I'd expect.
Would any of the proposed changes to DMs trigger age-verification requirements in the UK, Australia, etc?
-
@scottjenson broadly, encryption for DMs on a social network isn't something I'd expect.
Would any of the proposed changes to DMs trigger age-verification requirements in the UK, Australia, etc?
@mia Honestly I hadn't even thought of that, thank you for bringing it up!
-
Yes, I need it.
Because I do not trust you, the admin.
I also don't trust those who will seize servers.@katzenberger Fair enough, but can you tell me when you'd use it on Mastodon vs when you'd use it for Signal? I'm trying to understand if Mastodon, by implementing this is likely to replace Signal usage for many people? I don't think it will so I'm trying to understand WHY you'd need it in Mastodon when you just use an app that specializes in this.
-
@scottjenson as often happens in UX, it comes down to ontology.
Is this a place for publishing or communicating? Are DMs in service primarily to facilitating the former or exclusively for the latter?
Someone has to decide. I can't imagine that's easy in a volunteer-driven org.
@jarango :-) Now you know what we're moving towards this more pubic way of discussing things. It's not enough to make a decision, we have to bring the community along with us.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@morst No one is saying encryption is off the table. Just that I wanted to start with low hanging fruit (bucause the improvements are so much easier. Others are working on the encryption (it's a VERY hard problem)
-
@Rycaut Exactly. My hypothese is that most PMs are scoping outisde of the public discourse and are not in need to encryption. This doesn't mean it's not a good long term goal! Just saying lots of usage does not require it
-
@benpate Could not agree with you more! Do you have any ideas on how to improve threads? Any products that do it well for example? Branching threads are a bit like merging PRs, the dependency tree can get crazy complex!
-
@grahamperrin Oh I plan to! But it helps to have a conversation first so I know WHAT to put into the poll...
-
This is what I meant that there are lots of things to look at here. As Evan points out, let's make PMs actually something distinct and clearly not a message. Too many people either think something is a PM and it isn't or it is, and it shows up in your feed which makes people panic!
So many simple things to clean up here.
-
I think it's discussed here:
https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
-
#TedUnangst seems to be off the Fediverse (and maybe the web) but linking this here for posterity: https://github.com/timkuijsten/honk/blob/fork/encrypt.go
-
@scottjenson without encryption, what is the point of calling it a "private mention" ?
