#mastondon Friends!
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think it would be fine, but I guess you'd still need to solve some design and architectural questions up front if you *know* you're going to do encryption in the end.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson it probably should, lord knows what people would send; passwords, identity materials, tokens, etc.
im okay with it as a future thing if there is sufficient warning about what it means for it to not be encrypted. Maybe an option to.
-
@scottjenson I'm a fan of prioritizing the DM experience first.
wrt encryption, part of the challenge is how to interpret "private." Instead of the, "Who can see this?" default posture of Mastodon, this starts to ask something like, "Who cannot see this (beyond the addressed person/people)?"
@earth2marsh I'm not sure I follow, can you explain this default posture a bit more and what you'd like to see a bit more?
-
@scottjenson I was actually just thinking about why private mentions are even needed when there are other options like email for private and sensitive discussions between folks. I guess I never truly understand why they are needed in a public social network in the first place? Just leftover from Twitter precedent?
@blainsmith @scottjenson Most probably. There’s been an effort from sites (now apps) back from the portals days to integrate several services into one, and create a walled garden to retain users. First it was AOL, then Yahoo, then Facebook and Twitter. In modern days, they copy features to achieve the same thing, like short videos/stories (Vine, Snapchat, TikTok, but also YouTube and Instagram). It’s not needed. Do one thing, do it well. Happy users.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson it's great that you've shared this question. It's a good example of feature prioritization tradeoffs.
For me, encrypted DMs wouldn't matter in Mastodon. As a rule, I don't share things here privately that I wouldn't want to be made public.
... and that's mainly because (as you point out) DMs appear in the public timeline. It's such a confusing UI choice that I'm VERY careful about what I write in DMs here.
-
@scottjenson I think it would be fine, but I guess you'd still need to solve some design and architectural questions up front if you *know* you're going to do encryption in the end.
@neal yes! Good point. We already do PMs however so we'd start with fixing these
-
@blainsmith @scottjenson Most probably. There’s been an effort from sites (now apps) back from the portals days to integrate several services into one, and create a walled garden to retain users. First it was AOL, then Yahoo, then Facebook and Twitter. In modern days, they copy features to achieve the same thing, like short videos/stories (Vine, Snapchat, TikTok, but also YouTube and Instagram). It’s not needed. Do one thing, do it well. Happy users.
@dmian @scottjenson Yes, and this is only top of mind because now Spotify just added DMs. It's just a path to exactly what you explained. AP and Mastodon should stick to just micro blogging and leave private conversations to other options.
Instead, I'd prefer Mastodon add more options to the "Links" section instead of just 4 so I can offer folks a few ways to get in touch with me privately.
-
@scottjenson it's great that you've shared this question. It's a good example of feature prioritization tradeoffs.
For me, encrypted DMs wouldn't matter in Mastodon. As a rule, I don't share things here privately that I wouldn't want to be made public.
... and that's mainly because (as you point out) DMs appear in the public timeline. It's such a confusing UI choice that I'm VERY careful about what I write in DMs here.
@jarango exactly! For me PMs are a convenience. I don't personally need it. But there are folks working on it in a FEP but my understanding is that it is fediverse wide not just Mastodon (as it should be!)
Given how hard it'll be to do this I'll like to clean things up and not wait for the more secure option (especially if most use cases don't require it)
-
@blainsmith @scottjenson Most probably. There’s been an effort from sites (now apps) back from the portals days to integrate several services into one, and create a walled garden to retain users. First it was AOL, then Yahoo, then Facebook and Twitter. In modern days, they copy features to achieve the same thing, like short videos/stories (Vine, Snapchat, TikTok, but also YouTube and Instagram). It’s not needed. Do one thing, do it well. Happy users.
@blainsmith @scottjenson I feel similarly about comments. Not everything merits having comments. They were added to every service back in the day, but there should be a specific place for conversations, or it becomes degraded. Reactions (thumbs up/up vote, thumbs down/down vote, or more recently emojis) are ok, and sufficient in some cases. There are many patterns that were created solely to attract or retain users. We need to rethink many things…
-
@jarango exactly! For me PMs are a convenience. I don't personally need it. But there are folks working on it in a FEP but my understanding is that it is fediverse wide not just Mastodon (as it should be!)
Given how hard it'll be to do this I'll like to clean things up and not wait for the more secure option (especially if most use cases don't require it)
@scottjenson here's another way to put it: for me, unless DMs are shown separately from the public timeline, the fact they're encrypted wouldn't make a difference. The dedicated DM space is the critical feature, encryption can follow.
-
@scottjenson here's another way to put it: for me, unless DMs are shown separately from the public timeline, the fact they're encrypted wouldn't make a difference. The dedicated DM space is the critical feature, encryption can follow.
@jarango My thinking exactly. My concern is that there are some peolple that really want it and I'm trying to suss out how important it is to them (and why) What I'm getting so far from this thread is quite the opposite.
-
@scottjenson I think just knowing that the DMs are not encrypted is enough IMHO. If you want something encrypted use Signal.
@phillycodehound @scottjenson I tend to agree with you. Not every platform really needs encryption, and given that Signal is already the gold standard for private messaging, going over there makes sense to me.
-
@jarango My thinking exactly. My concern is that there are some peolple that really want it and I'm trying to suss out how important it is to them (and why) What I'm getting so far from this thread is quite the opposite.
@scottjenson I can imagine encryption would be a very important feature for lots of folks drawn to the Fediverse.
-
@scottjenson I think just knowing that the DMs are not encrypted is enough IMHO. If you want something encrypted use Signal.
@phillycodehound @scottjenson Agree that Signal would cover it for most people, but some (like me) can't get a Signal account because we don't own a cellphone...
(I'm not saying that the numbers are large enough to justify adding it here, just pointing out that not everyone can use Signal even if we want to.)
-
@phillycodehound @scottjenson I was going to say that I pretty much feel the same, but on the other hand, Bluesky *kind of* has this feature now already?
A startup called Germ becomes the first private messenger that launches directly from Bluesky's app | TechCrunch
Social network Bluesky now offers private messaging by integrating the startup Germ's E2E encrypted messenger natively in its app.
TechCrunch (techcrunch.com)
Maybe something like this would work here as well rather than built-in?
@stefan
That's interesting! But it kind of begs the question how you're using encrypted communication. I get that you can launch this Germ app from within Bluesky as a convenience, that's cool, but if you're REALLY using encrypted communication, you're not going to be using it exclusively from Bluesky.Others have said it but I'm thinking the venn diagram of people that need encrypted messaging (which is huge and valid) is quite distinct from people that need private mentions on a microblogging platform.
-
@phillycodehound @scottjenson Agree that Signal would cover it for most people, but some (like me) can't get a Signal account because we don't own a cellphone...
(I'm not saying that the numbers are large enough to justify adding it here, just pointing out that not everyone can use Signal even if we want to.)
@asmaloney @phillycodehound Fair enough, but there are other encrypted messaging apps other than Signal yes?
-
@asmaloney @phillycodehound Fair enough, but there are other encrypted messaging apps other than Signal yes?
@scottjenson @phillycodehound Maybe there are, but that's where everyone I would want to communicate with are.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Encryption would be very good for private mentions. The point of “private” is that it is private. If someone is notifying of a security related issue for example - no one else should see it. Not only is it against the description of the feature; it’s an actual problem because the feature implies a trust that should not be given.
Don’t assume people can connect on other services. Fix the problem. DMs and private *mean* private to people. Regardless of the tech.
-
@scottjenson I can imagine encryption would be a very important feature for lots of folks drawn to the Fediverse.
@jarango bingo, now you know what I'm kind of making a strong point to get a feeling about how strongly people actually feel about this.
My point is that encrypted communication is very valuable, but it's usage is quite distinct from microblogging. I'm trying to understand who needs it WITHIN Mastodon (vs just switching to an app that specializes in and likely will do a better job if I'm honest)
-
@phillycodehound @scottjenson I tend to agree with you. Not every platform really needs encryption, and given that Signal is already the gold standard for private messaging, going over there makes sense to me.
@crackhappy @phillycodehound Kind of where I'm coming from. I'm making this point a bit "in the open" not to say any decision is made, but to see if I'm missing something important.
