Goddamn "private mention" is hard to use safely.

adamshostack@infosec.exchange

Goddamn "private mention" is hard to use safely.

mattblaze@federate.social

@adamshostack now you will be lectured about how it’s completely fine, and any mishaps are the users’ fault.

risottobias@toot.risottobias.org

@mattblaze @adamshostack 😭 damn this stings

adamshostack@infosec.exchange

@mattblaze

----- Begin PGP Encrypted Message -----

The magic words are "users fault"

paul_ipv6@infosec.exchange

@mattblaze @adamshostack

pretty sure "blame the user" is the first, last, and only resort of those who can't be bothered to talk to users or worry about UI/UX design.

if they are getting paid for it, they might alternate "blame the user" with "works fine on my machine".

huitema@social.secret-wg.org

@adamshostack @mattblaze A quick search shows at least one project attempting to extend Activity Pub and offer MLS protected messages. But the link is for a project description, not the actual code. I have no idea how far along they are developing this.

https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/

adamshostack@infosec.exchange

@huitema @mattblaze That doesn't actually solve the problem, which is that I was responding to a private message, and ... something in the UI made my post a public one. I discovered that when someone not mentioned fave'd it.

I assume the same UI would have ^&*() me either way.

adamshostack@infosec.exchange

@huitema @mattblaze In precisely the same way that its UI decided that me banging on the keyboard for swear characters was a superscript!

paul_ipv6@infosec.exchange

@adamshostack @huitema @mattblaze

yeah... private mention definitely violates the principle of least astonishment really hard.

briankrebs@infosec.exchange

@adamshostack hard agree. to the point where that's why i don't use it. also, sometimes hard to tell when someone has sent you a private message, especially when there are multiple people on the private message.

scuttlebutt@farticle.cloud

@briankrebs @adamshostack It's more like a stage whisper, into a mic, with a pinky promise to not let anyone overhear, in front of an audience of thousands.

_dm@infosec.exchange

@adamshostack @mattblaze In the past month, I discovered I:

a) Had accidentally published API keys on a public github repo for months
b) Had misconfigured MTA-STS on one of my email domains even though I co-authored the spec

My conclusion is that users* are in fact idiots and everything is their fault.

* "User" here being, of course, me. :(

grwster@mastodon.social

@adamshostack if it’s not a criminally negligent feature it’s damn close

catsalad@infosec.exchange

@adamshostack Yeah, @alice and I found that out lol

spiegelmama@infosec.exchange

@catsalad @adamshostack @alice Ooh, la...

adamshostack@infosec.exchange

@static in what way is it an elegant solution?

munin@infosec.exchange

@adamshostack @alice

I don't use it for anything nontrivial; any conversations with anything I'm not OK ending up in public go to Signal.

Not only does this create an actually end-to-end assured container, but it changes the context from Masto's assumed-public to Signal's assumed-private, thus allowing for a separation of content cognitively as well as logistically.

linuxandyarn@hachyderm.io

@adamshostack It should be called "tiny email (which sysadmins can also read)"

alice@lgbtqia.space

@spiegelmama @catsalad twice 😅

But as long as we're talking privately, I had this weird dream about you Cat—in it we...

@adamshostack

munin@infosec.exchange

@adamshostack @alice

This is also why I have a signal username in my profile; I expect to be contacted for anything actually sensitive on that channel.