#mastondon Friends!
Uncategorized
105
Posts
41
Posters
10
Views
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Adding a vote for encryption first. For the simple reason that “personal message" is associated with a modicum of privacy. And the current Mastodon implementation does not provide much privacy at all for personal messages. As welcome as UX changes are, they would not change the underlying architectural issue, and might even increase the _appearance_ of those messages providing any actual meaningful privacy.
Let me know if you find that explanation needs more details. 😉
-
@scottjenson Interesting, seeing how other protocols got burned by adding encryption as an afterthought (XMPP, MAIL) I think we are still very very far away from having something comprehensive, reliable and usable. Unless that's a reality I'd shy away from promoting it unnecessarily loud. 🤷♂️
Encryption rocks though. I hope that FEP has lots of traction.
@mray But now you know why I'm asking. There is lots of energy around encryption but it's a very tricky thing to be done right. My point was simply that we start with some simple UX improvements and not wait for the encryption (given we already have private messages)
-
@scottjenson Adding a vote for encryption first. For the simple reason that “personal message" is associated with a modicum of privacy. And the current Mastodon implementation does not provide much privacy at all for personal messages. As welcome as UX changes are, they would not change the underlying architectural issue, and might even increase the _appearance_ of those messages providing any actual meaningful privacy.
Let me know if you find that explanation needs more details. 😉
@jochenwolters That's a very clear explanation thank you. I don't think many apprecaite just how hard it is to add encryption properly and it's like going to take a while. As we already have PMs in the product and improving them would be very helpful, it seems like we shouldn't wait.
Part of why I'm asking is that here are MANY ways to use PMs, many of which do not require encryption at all. Of course it would be very nice to have. But I just want to call out, even with encryption, you likely want to be very careful using Mastodon for organizing as your profile and public posts would likely leak a tremendous amount of personal info.
Again, this doesn't mean we shouldn't do it, just that microblogging makes it hard to proprely protect your identity.
-
@themipper @scottjenson we've been through this before. In the early days, Twitter DMs were specified by typing `d username` and then the text. As you may imagine, this led to several spectacular privacy fails.
IMO we know enough at this point to say private messages should be completely separate from the public timeline. They are different contexts that should be kept separate because the consequences of a mix up could be disastrous.
@jarango @themipper Now you know why I want to make these changes sooner rather than later!
-
@octothorpe Thank you! To be clear, I'm not against adding encryption to Mastodon but it would be rather different than what you get with Signal. Here is a simple example. Many people are quite public with their real name here on mastodon, that makes sense. But if you REALLY wanted to use an encrypted message you ikely wouldn't want to use your public name. So in many ways, encrypted messages by you very little (well,in some situations)
That's kind of my point, I don't think people really see the FULL JOURNEY necessary for encryption.
However, many have said "I just don't want to have to trust my admin. I just need it for privacy" and you know, that's a perfectly good reason and to be fair, has NOTHING to do with competing with Signal.
That's all I'm trying to do here, understand how and why it would be used.
@scottjenson I dig it. And yeah, the complications you implied are probably exactly the same I did (my post char limit is small)… which is why I shorthanded to ‘signal-like’.
But yeah, I get why folks may want it. I think it’s probably best to not encourage that behaviour in the app (because of how easily it could be accidentally borked, ex: public posting passwords). The notion being if you KNOW it’s not encrypted, you’re less likely to send sensitive material.
-
@mray But now you know why I'm asking. There is lots of energy around encryption but it's a very tricky thing to be done right. My point was simply that we start with some simple UX improvements and not wait for the encryption (given we already have private messages)
@scottjenson I'm pessimistic up to the point where you have to have to assume it will fail completely. Just as XMPP and MAIL failed.
The only encryption implementation with success were the approaches where the UX can be controlled centrally.
For MAIL there is #autocrypt now, it is astonishing how good it is – but email is still not encypted today.
XMPP/Jabber has OMEMO, but stillt struggles with client adoption and it isn't omnipresent.
Where it worked: #DeltaChat and #Signal both using a central library that can make sure encryption reliably lands at peoples fingertips.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson one huge problem with private mentions is that they actually aren't equivalent to DMs... because if you try to talk about another person and link to their profile, you effectively "mention" them and they can see the message. I don't know of any other DM that works this way and the UX is extremely confusing to users and just wrong IMO.
I think private mentions should be scrapped entirely and reworked as a different AP object type than Note so that they are treated differently.
-
@scottjenson I was actually just thinking about why private mentions are even needed when there are other options like email for private and sensitive discussions between folks. I guess I never truly understand why they are needed in a public social network in the first place? Just leftover from Twitter precedent?
Private replies can be nice if you have something to say in context which you don't want to share super broadly
-
@scottjenson one huge problem with private mentions is that they actually aren't equivalent to DMs... because if you try to talk about another person and link to their profile, you effectively "mention" them and they can see the message. I don't know of any other DM that works this way and the UX is extremely confusing to users and just wrong IMO.
I think private mentions should be scrapped entirely and reworked as a different AP object type than Note so that they are treated differently.
-
@scottjenson I'm pessimistic up to the point where you have to have to assume it will fail completely. Just as XMPP and MAIL failed.
The only encryption implementation with success were the approaches where the UX can be controlled centrally.
For MAIL there is #autocrypt now, it is astonishing how good it is – but email is still not encypted today.
XMPP/Jabber has OMEMO, but stillt struggles with client adoption and it isn't omnipresent.
Where it worked: #DeltaChat and #Signal both using a central library that can make sure encryption reliably lands at peoples fingertips.
@mray I so appreciate your concerns. It's actually why (personally, I'll add) I'm concerned why encryption may take a while (the Mastodon team is very thorough and would not release a rushed version of this) This is why my original post really had nothing to do with "should we add encryption" but was rather "while we're waiting can we at least make some improvements?"
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I am kind of surprised that no one has mentioned that "oh the admins of the servers shouldnt see my DMs!" Creates a moderation nightmare and a harassment loophole that really shouldnt be considered worth the hassle. I am on team "just use signal" because if you need to have a really private conversation with someone who didnt give you their private contact information, no you dont.
-
@mray But now you know why I'm asking. There is lots of energy around encryption but it's a very tricky thing to be done right. My point was simply that we start with some simple UX improvements and not wait for the encryption (given we already have private messages)
@scottjenson also dealing with encrypted chat inside the browser is extra spicy. I'd love to see people seriously tackling that, but I remain reserved. 😬
-
@phillycodehound @scottjenson I was going to say that I pretty much feel the same, but on the other hand, Bluesky *kind of* has this feature now already?
Maybe something like this would work here as well rather than built-in?
sort of-- bsky is just verifying/confirming a self-attested Germ identifier. and no android yet, so only half of bsky users in the US and far less outside US.
@stefan @phillycodehound @scottjenson -
sort of-- bsky is just verifying/confirming a self-attested Germ identifier. and no android yet, so only half of bsky users in the US and far less outside US.
@stefan @phillycodehound @scottjensonHuge fan of the Germ team btw, and of MLS generally, i think MLS is the only DMs AP should be using and having groupchats with bsky users in them is kinda easy once we get modern/MLS+MIMI groupchat going across AP implementations... @stefan @phillycodehound @scottjenson
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson imo that’s totally fine. Just need to make it known straight up that the messages are not encrypted, which is more or less just an alert that hard blocks interaction until acknowledgement…
-
@scottjenson @phillycodehound Maybe there are, but that's where everyone I would want to communicate with are.
sadly signal doesn't make integrating or verifying from within Masto or other AP implementation easy (or debatably even possible)
@asmaloney @scottjenson @phillycodehound -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
Signal makes it easy to create a revocable "message me" link. I have one in my profile. If anyone wants to send me an encrypted message they can click on it and send one pretty easily.
I think reply controls and UX improvements should come first, maybe with, as others suggested, a note that the message is not encrypted (yet)
-
@scottjenson I am kind of surprised that no one has mentioned that "oh the admins of the servers shouldnt see my DMs!" Creates a moderation nightmare and a harassment loophole that really shouldnt be considered worth the hassle. I am on team "just use signal" because if you need to have a really private conversation with someone who didnt give you their private contact information, no you dont.
@Montaagge There is a lot of traffic on this thread and that point has been made by the way. It's a reasonable request. I just appreciate that it's not a simple ask and I'm hoping we can tackle some UX improvements WHILE the background work is going on.
-
@scottjenson I think, given today's climate, encryption should be a priority over UX changes. My thought is not whether microblogging DMs should be encrypted or not, but simply if *any* kind of messaging exists that is not public, on any service, it should be encrypted. It's the sad world we live in now where services can't be trusted. Non-public messaging that isn't encrypted shouldn't exist. Should microblogging services be Signal? Not at all. But DMs already exist, so now it has to be dealt with. Simply telling users "it's not for private discussions" isn't enough.
in 2026, gabe is absolutely right. a few years ago, i would've been the first one debating this position... but it's 2026.
@gabek @scottjenson -
Signal makes it easy to create a revocable "message me" link. I have one in my profile. If anyone wants to send me an encrypted message they can click on it and send one pretty easily.
I think reply controls and UX improvements should come first, maybe with, as others suggested, a note that the message is not encrypted (yet)
@gbargoud makes sense, thank you
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@alice those reps really ruined it for my generation of doctors
-
@alilly @mcc @xgranade yeah, i guess the difference with the hangul thing is that it's a safe assumption no one is using thsoe characters to write their names in modern times, which is not the case for greek or cyrillic
-F
-
@mcc @Hearth @xgranade Yeah but that's much harder to do anything about, unless you want to ban modern speakers of languages written using Cyrillic from using names in their native language, which… don't do that.
-
@bri7
I loved Sim City 2000 and 3000.
You've reminded me that I should play them again.
-
@Hearth @xgranade @mcc … Damn, that might be a valid argument in favor of Han unification. How dare things I already made up my mind on have nuance I didn't consider?
-
@mcc @alilly @xgranade that makes sense! homoglyph attacks are still possible with e.g. replacing latin o with greek ο or cyrillic о, though?
...unless that's what section Q is talking about, i don't know exactly what it means
-F
-
-
@tylerlwsmith follow hashtags as well, you'll get way more pertinent content that way
