Recent searches
Search options
Administered by:
Periodic reminder that the "Direct Message" / "Private Mention" function here is dangerously broken with confusing semantics.
- Anyone mentioned *anywhere* in the body of a PM gets a copy.
- "Disabling" PMs in your profile merely means YOU never see messages sent to you; senders can still send them, with no error indication.
- Nothing is encrypted, which means administrators on any instance that processes a message can see them.
I strongly recommend using something else for private messages.
@mattblaze agreed. I don’t understand why this pseudo-DM feature was even implemented in the first place. It poses serious safety and security concerns, which means if you don’t do it right, you shouldn’t do it at all. Love the mastodon devs but this isn’t okay!
@benjamincodes @mattblaze There is no "Direct Message" feature in Mastodon. You have the option to post something with the privacy level set to "Only mentioned people". That seems pretty straight forward. You mention people, they can see the toot. It doesn't claim to be a secure, end-to-end encrypted messaging system. In fact, Mastodon specifically warns you of this when you change the privacy setting to "Only mentioned people". The feature is just for when you want to limit who you're interacting with when posting, perhaps to continue a conversation without public visibility.
@jimvernon @benjamincodes Not everyone is as smart, well-informed, or attractive as you are, and may not find it to be as "straight forward" as you do.
@mattblaze @benjamincodes I'm not trying to offend. I just don't understand where the confusion comes from. The UI says what it's going to do and it says it in three words: "Only mentioned people". There doesn't seem to be a lot there to get confused about, so I'm wondering what I'm missing that's confusing some people. I assume the Mastodon devs would be wondering the same thing if they saw your post.
@jimvernon @benjamincodes Look up "principle of least surprise". It's an important usability and safety design paradigm that the PM function here quite clearly violates.
Yes, it's possible for smart people like you to understand the semantics of PMs if they study the code or documentation carefully. That doesn't make it a safe or usable design.
@mattblaze @benjamincodes Are you using the official Mastodon client or a third party one? I'm seeing that two of the third party clients I have installed say "Direct" instead of "Only mentioned people" like the official client says. That does seem like it would confuse people.
@jimvernon @benjamincodes It's possible that I'm just not very smart. But I suspect the people who responded with "thanks for the warning - I had no idea" can't *all* be as dumb as I am.
@jimvernon @benjamincodes Frankly, it looks to me like the semantics of PMs were based on "what's easy to implement with the current architecture" rather than "what do people want/expect".
@mattblaze @jimvernon @benjamincodes It's the revenge of the return of Twitter DMs.
@pawsplay @mattblaze @jimvernon @benjamincodes
DMs on Twitter, it's still the Twitter API, are a whole different animal to tweets, their structure is entirely different with a different API.
The API to use it was called the Activity API, ironically enough, as it was an event API.
@mattblaze
that's probably not too far from the truth. The ActivityPub protocol actually allows *actual* private messages, since it has To, Cc etc fields fully decoupled from the body content, but Mastodon doesn't implement that (they are filled from a combination of @ references in the text and the so-called privacy setting), so rather than adding the needed UI and API to specify destination separately it's all conflated.
@mattblaze @jimvernon @benjamincodes it does feel very much that way. I know QT got a lot of discussion in late 2022, and the lack of proper PMs is a sleeper problem. it’s on the roadmap in the “exploring” stage (MAS-38), but it seems like it’s slow going because of difficulties in implementation.
@jimvernon @mattblaze @benjamincodes
Funny thing is that most Mastodon pros tell people to not use the official client because the alternatives are better.
Honestly, your reply is indicative of the reason why Mastodon isn’t working out for the general public.
It’s designed with a very specific group in mind.
@jimvernon @mattblaze @benjamincodes
So I understand the mechanics, but I also get why people are confused, because this is how I get to the feature on Tusky:
@mattblaze @jimvernon @benjamincodes you could save a lot of words with this argument by just saying “don’t use mastodon for private discussions”, which, of course, should extend to *any and all social networks*
Every time I see this argument it starts with the straw-man of Twitter DMs and pastes it on top of Mastodon, without acknowledging any of the efforts already made to mitigate the problem. So then every thread devolves into the same discussion where the straw-man is picked apart.
@raineer @jimvernon @benjamincodes Yes, I think the PM mechanism is dangerous and poorly understood. I don't understand why people take it personally when I warn people away from it, as I did here. Perhaps it would be more productive to make it work the way people expect it to.
@mattblaze @raineer @jimvernon @benjamincodes Even your calling it PM and possibly their choice of 'private' in the first place sows confusion; it's neither a PM as elsewhere, *personal*, nor is it very private in many of the ways people expect of the word. Safety would have been giving it a very different name - and having the masto fanboys explain to everyone 'oh masto doesn't have PMs but it has this, it's a little bit like PMs sometimes, except...'
@mattblaze @jimvernon @benjamincodes I think the confusion comes from the idea that in a single post there are two groups of mentioned people: the people that are already mentioned by default when you click the reply button, and the usernames you type yourself. It's not unambiguously clear that the button text refers to both groups, it's possible to interpret in a way that it refers only to the first group.
@jimvernon @mattblaze @benjamincodes
> I just don't understand where the confusion comes from
The confusion comes from imposing a very different paradigm from the private messaging almost every user coming expects. Are you being deliberately obtuse?
@jimvernon @mattblaze @benjamincodes
If people are confused by the wording then the wording is confusing (even if it is not to you, actually it is not confusing to me either but ....).
@mattblaze @jimvernon @benjamincodes it’s totally not straightforward though. At least the UI renamed them to “direct mentions”, but since this is a fairly unique feature on social media, it still leaves one scratching their head as to what it even does
@jimvernon @benjamincodes @mattblaze With a privacy setting to "Only mentioned people" there might be an expectation that there is privacy with "Only mentioned people". This is not the case.
@davep @benjamincodes @mattblaze How is it not the case?
I'm not counting that the server admins can potentially see the posts, as that's pretty much the case on every social media system unless they specifically mention things being end to end encrypted (which also generally requires jumping through a few hoops on the user's end of things).
@jimvernon @benjamincodes @mattblaze People have an expectation of privacy in the age of the double ratchet. This is simply not the case, and tagging someone who you may be talking about brings them into the conversation. It's rubbish.
@davep @jimvernon @benjamincodes @mattblaze Yes, because they're mentioned? Like that's how mentions work, you tag them, they're mentioned, meaning that the setting "mentioned people only" includes people who are, in fact, mentioned.
@craftycat @jimvernon @benjamincodes @mattblaze
The point is that people mainly used to E2EE messengers may not know this.
@davep @jimvernon @benjamincodes @mattblaze it specifically states this though. "Only mentioned people" isn't really that ambigous. This is also not a messenger and doesn't claim to be. Social media should never be assumed to be private by anyone.
@craftycat @jimvernon @benjamincodes @mattblaze
"Social media should never be assumed to be private by anyone."
Should being the operative word. A lot of people don't know this, despite how many times you repeat it.
@davep @jimvernon @benjamincodes @mattblaze Right, and that's not Mastodon's fault, nor does it show a flaw in how Mastodon works. If people are too lazy to read the literal option they're clicking on, that really has to fall under personal stupidity.
@jimvernon I don't know what UI you are using, but on the WebUI there is definitely an option to send a "Direct Message", see this screenshot. If no other social media ever existed, "Direct Message" would maybe not mean "Private Message", but today for most people the words "Direct Message" imply some additional privacy, at least that a random admin would not read them.
@louismarelle It occurred to me later on in the conversation that people are probably not seeing the same thing I'm seeing (different clients, different versions). Here's what it looks like when I go your profile and hit that button:
@jimvernon @benjamincodes @mattblaze keep in mind the mastodon web interface is not the sole UX users interact with. In the app I use, this process is initiated with “Message” and that takes me to a modal where the dropdown says “Private”. I would not describe it as obvious how visible the message is.
@tlitf @benjamincodes @mattblaze Yep...the official apps and the version installed on the instance I'm on don't say anything about "direct" or "message" or "direct message". It occurred to me later on in the conversation that people were probably using other clients and seeing different things than I was.