Recent searches
Search options
Administered by:
Periodic reminder that the "Direct Message" / "Private Mention" function here is dangerously broken with confusing semantics.
- Anyone mentioned *anywhere* in the body of a PM gets a copy.
- "Disabling" PMs in your profile merely means YOU never see messages sent to you; senders can still send them, with no error indication.
- Nothing is encrypted, which means administrators on any instance that processes a message can see them.
I strongly recommend using something else for private messages.
@mattblaze agreed. I don’t understand why this pseudo-DM feature was even implemented in the first place. It poses serious safety and security concerns, which means if you don’t do it right, you shouldn’t do it at all. Love the mastodon devs but this isn’t okay!
@benjamincodes @mattblaze There is no "Direct Message" feature in Mastodon. You have the option to post something with the privacy level set to "Only mentioned people". That seems pretty straight forward. You mention people, they can see the toot. It doesn't claim to be a secure, end-to-end encrypted messaging system. In fact, Mastodon specifically warns you of this when you change the privacy setting to "Only mentioned people". The feature is just for when you want to limit who you're interacting with when posting, perhaps to continue a conversation without public visibility.
@jimvernon @benjamincodes @mattblaze keep in mind the mastodon web interface is not the sole UX users interact with. In the app I use, this process is initiated with “Message” and that takes me to a modal where the dropdown says “Private”. I would not describe it as obvious how visible the message is.
@tlitf @benjamincodes @mattblaze Yep...the official apps and the version installed on the instance I'm on don't say anything about "direct" or "message" or "direct message". It occurred to me later on in the conversation that people were probably using other clients and seeing different things than I was.