#mastondon Friends!
-
@scottjenson Hi Scott, I believe the option is complex, honestly.
Encryption is tricky but I also think it provides layers on top of the communication that might make it feel larger than a quick "dm"? I can't speak to others obviously but Mastodon should consider what solutions you are providing and if they make sense for the platform.
Encryption is useful, but does it make sense for Mastodon? Is that the direction the social media tool is moving? Encryption-focused 1:1 communication?
@jackryder all fair questions! All I can say is that there are many within the community that are quite adamant that DMs must be encrypted. The most common reason is that they don't want admins to spy on their posts.
My concern is just that setting up E2EE is rarely a simple process. I expect it to be a ux challenge to make it easy.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Encription should be an option, not a must.
Not everything should be hidden, and by reducing the cpu time you'll reduce the carbon footprint, too.(I'm talking about end-to-end encryption here, not about user's AAA or inter-server comms).
Personally, I hate this modern trend of hosting public blogs via HTTPS. Not everything should be encrypted!
-
@jackryder all fair questions! All I can say is that there are many within the community that are quite adamant that DMs must be encrypted. The most common reason is that they don't want admins to spy on their posts.
My concern is just that setting up E2EE is rarely a simple process. I expect it to be a ux challenge to make it easy.
@scottjenson I appreciate the response and transparency.
I believe I understand the fear for concern and secrecy. I don't believe there will be a simple & straight forward solution. As you said, "just setting up..." is often a lot trickier than we anticipate.
I'm not familiar enough with the stack to know what would need to change. I imagine there are quite a few underlying systems that would need at least partial rework and that alone would cause for a trickle down effect on literally everything. Ouch. I wouldn't envy sitting in on those prioritization calls.
Personally, though I don't mean to sound diminishing to the population I would do exactly what it looks like you guys are doing. Checking the temperature and prioritizing the needs. Kind of glad to see people actually asking.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson
Signal is my go-to when I feel there's a need for #Encryption. If it was available in Mastodon for private messages, I'd probably use it.I don't think the Fediverse is on the radar of the current administration here in the US yet, but they might be someday. What happens when law enforcement types show up at a Masto admin's doorstep? Do they give up all the data willingly? Even without a subpoena or judge's order?
-
@scottjenson
Signal is my go-to when I feel there's a need for #Encryption. If it was available in Mastodon for private messages, I'd probably use it.I don't think the Fediverse is on the radar of the current administration here in the US yet, but they might be someday. What happens when law enforcement types show up at a Masto admin's doorstep? Do they give up all the data willingly? Even without a subpoena or judge's order?
@scottjenson
It would be nice to know my private conversations really are private, regardless of the legality of a search.Until then, all my Private Mention conversations here are benign, boring stuff kept away from the public eye. Knowing it's not truly private, I carefully consider what information I share.
*My apologies if my responses have done nothing more than regurgitate common knowledge. Hopefully this is the type of input you're seeking.
-
@scottjenson @benpate is there a reason private messages need to support threading? Most DMs on other platforms are flattened to a single thread for simplicity.
If threading is still necessary, iOS’s design for replies to specific messages in iMessage feels easy to follow for me
Hey Jesse ~ great point. It would probably depend on how people use it. And private/direct messages are probably different from comment threads on public posts.
For public messages (like this one) it feels like people have the expectation of real threads.
For private messages, I agree with you & have been considering iMessage's method: showing everything chronologically, with 1) a note if something is a direct reply and 2) the ability to "zoom" in on replies.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson count me in "use secure messengers for private communication". I know people will keep trying to use social media for it no matter what, but in my mind it's a misuse, and shouldn't be a priority for fixing. (I didn't do any research, just speaking from vibes!)
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I'm excited that you're asking this question!
My preference is for usability improvements first. Other platforms already do encrypted private messages, and adding it won't make Mastodon easier to use. I think that's the core problem for the platform: removing barriers to sticking around without taking the cop-out of just copying what people are familiar with on other platforms.
My primary use of private messages is to ask people for email or Signal addresses when I only know how to contact them on Mastodon.
Secondary would occasionally be a “You OK?” message in reply to someone's post.
Apart from those, I think of Mastodon as a public space. Private communication isn't what it's for, and the UI shouldn't centre it.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
I'm probably just one more vote on a "me too" pile, but it's not critical to me that social timeline 1:1 messaging be *encrypted*. It's important that I (the generic user) *understand* whether it is or isn't and behave accordingly.
If you have to pick a focus, I do strongly prefer that 1:1 or 1:few comms have a distinct workflow apart from regular/public timeline appearances, though. It makes mishaps less likely, like forgetting or mis-clicking "private" in that dropdown.
-
For sure. Mainly I'm thinking about "Pretty Good Obfuscation" than a good solution. Something better than in the clear.
Really, delivery isn't guaranteed, so there are already potential issues about tampering that encryption won't necessarily fix, just maybe make abusing it harder.@knapjack I understand where you are coming from. I might have agreed a few years ago. But encrypted messages need to be rock solid. Recently many governments the world over have shown they are more than willing to use the courts to subvert encrypted communications. Including forcing service providers like your friendly Masto admin to both hand over data and backdoor encryption.
-
@knapjack I understand where you are coming from. I might have agreed a few years ago. But encrypted messages need to be rock solid. Recently many governments the world over have shown they are more than willing to use the courts to subvert encrypted communications. Including forcing service providers like your friendly Masto admin to both hand over data and backdoor encryption.
I hear you.
I guess for me, I'm not going to use social media for that kind of thing, but I've exchanged snail mail addresses with online acquaintances and not sure if I would ever do that via the Fediverse with the current implementations.
I can also see that in my head, my implementation would never have the private key server-side on a shared server, which would make it useless via the web. Honk and snac have spoiled me. But I could see having a private key in one of the mobile clients and never on a server.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson In my opinion, encryption is moot as long as the behaviour of not having a distinction between “recipients” and “mentioned accounts” persists.
@gracjan -
R AodeRelay shared this topicR ActivityRelay shared this topic
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
I use Mastodon DMs.
I want encryption, but there is something higher priority for me —
Being able to see ALL the DMs for a single user (that I have talked to) in a single place. Rather than having them scattered all over the place.
I get that these scattered DMs are the result of separate conversational threads, but — I would still like to see them all (from a single user) in one place.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
imo social media and social networking are different things. mastodon is the former and doesn't need privacy. it's public and about going viral. encryption is needed for the latter. direct messaging and groups. #ActivityPub vs #matrix.
