Post
Semi-periodic reminder that the DM feature here is utterly broken and should not be regarded as "private" in any meaningful sense. And its semantics seem designed to violate the principle of least surprise.
Example: ANYONE mentioned in a message, not just tagged at the start, is a recipient. So if you send someone a DM that says "That @mattblaze guy is an ignorant moron", I get a copy.
I was reminded of this behavior just now.
@mattblaze @mattblaze I send a DM in Mastodon about once every 6 months and I go into a cold sweat wondering if I’ve done it correctly
@mattblaze There are no DMs in Mastodon. The feature was renamed to "private mentions" and de-emphasised for exactly this reason
@tomw I fail to see how that helps clarify anything here.
@mattblaze There is no direct messages feature. Naming the feature differently was deliberate after several rounds of complaints including this @ mention issue and also lack of encryption
@mattblaze What platform exposes mention-only as DMs? Also is AP even meant to support that?
The one thing I like about DMs here is that they can be used to send a private reply to a post which can be useful in some specific circumstances.
Everything else about them is garbage and that's why I have a "contact me on signal" link on my profile since that's a lot clearer
@mattblaze It's bad design. Something most of those commenting don't seem to have considered: it doesn't matter how super-smart any of us imagine ourselves to be, because what if *another* mentioned user accidentally tags the subject of our "private" smack talk, and we (having done *everything correctly* ourselves!) still return later to find the subject is part of the discussion?
It's like thinking you can nail down Facebook privacy, despite having no control over what "friends" make public.
At least not ignorant then... 😬
@mattblaze at this point it would be easier to have a verifiable "message me" link to an alternative service (signal, Matrix) rather than add to the confusion of the existing "audience of x" Vs "audience of all" semantics.
@mattblaze
What Mastodon software has a DM feature? The app I use has a "only people mentioned" privacy setting, which logically should make it obvious that mentioning someone puts them in the "people mentioned" category.
That being said, "logically should be obvious" doesn't always mean that something is obvious to people in the real world.
But if any app calls that feature a DM rather than what it is, I would blame the app. Mastodon doesn't have a broken DM feature. Because it foesn't have DMs.
@leeloo So it's the USERS who are broken. Got it.
@mattblaze
If you only read half of what I said, sure, go with that.
@mattblaze I'm glad that the client I use (Ivory) does *not* pretend it is a DM. Such posts are regular posts, but limited to a scope of "Specific People". Makes it much more clear about what is going on.
I wish that Mastodon and Signal had some way to work together to solve E2EE DMs.
@mattblaze
I agree. The feature doesn't seem to have been implemented well.
I've always referred to this kind of mistake as violating the "principle of least astonishment" ( #POLA). Wikipedia mentions the term you used, too.
https://en.wikipedia.org/wiki/Principle_of_least_astonishment
@mattblaze And they're still not encrypted either, so a server administrator can read them. They are direct, but they're not private.
@LinuxAndYarn It's still better than having a system run by a nazi, but I feel like we could do better.
EXPECTED BEHAVIOR: I select someone to message, initiating a private communications channel between us.
ACTUAL BEHAVIOR: I make a regular toot that is only visible to people who are mentioned in the toot.
Like, I get how they implemented this, but the delta between what this is and what a reasonable person would expect it to be is so big you could sail the whole 7th fleet through it.
@mattblaze
Direct Message, not Private message.
Also gmail (sender or recipient) and any mail using the stock Android email (it's a terminal to a Google server) is all read by Google. Use K9 mail on Android.
Use specialist encrypted messaging apps (ideally on Linux, BSD etc. Not Android, iOS, Windows10/11 or MacOS) for privacy. Don't use Google or Browser DNS.
@raymaccarthy Not called "direct messages" on the web interface, though I'm not sure how that makes any difference.
This is about the semantics of who the recipients are, not about whether servers can read messages.
I'm not sure what "browser DNS" is or what it has to do with this,
@mattblaze
DNS just an afterthought. "Evil Corp" etc gathers metadata.
You are right, the GUI lists Private Mention, but I'd never assumed it was actually Private in sense of Viber, Signal, Telegram etc. More like IRC (still some servers exist).
It does have "Everyone mentioned in the Post"
Also somewhere else it mentioned no encryption.
So all options are simply different amounts of public..
@mattblaze Sending an email is also available, why should I send DM in a service though. Building new things as previous logic is doomed.
@mattblaze and that is also why it is called DM (direct message) and not PM (private message).
@schmitzel76
- Not on the web interface
- How is that different?
- Wouldn't it be better to make it work the way people expect?
@mattblaze I mostly use mastodon on my phone using Tusky. I just looked how it's mentioned there, which makes it even more confusing. It is shown as "privé berichten" (privé is Dutch for private) while in English it is shown as "direct message".
The distinction isn't always very clear. A private message is a direct message, but a direct message does not have to be private.
Making it actually private over federation might be tricky, as that would involve some public/private key encryption.
This is pretty clear, Not sure how I would change expectations with better verbiage.
They are labeled private mentions all over and personally have not seen "direct message"
mentions is the common vernacular and implies mentioning them will alert them even privately.
"If you want to talk smack, drop the @" seems like an odd user prompt, but I'm open.
@schmitzel76
- Not on the web interface
- How is that different?
- Wouldn't it be better to make it work the way people expect?
@mattblaze we're working on end-to-end encrypted messaging for ActivityPub at the W3C.
@evan That's important, but doesn't address the usability issues.
@mattblaze totally agree that DMs here must never be considered private in any way.
That said… you would think it would be logical for people that if you mention an account, it is likely to be included!
I've wondered if I want to mention someone without triggering a notification which of these is the "best" option.
.@user@example.org
https://example.org/@user
user at example.org
I recommend writing names in the format User, to make clear it's someone's name. If you need to specify the server/instance, write User at Example.Org.
Trying to use the dot-prefix runs the risk that if you miss typing the dot, or accidentally put a space after it (hello, auto-correct!), then you'll still trigger a notification. Avoiding the 'message this person' format altogether is the safest way.
@mattblaze to be fair, given that you are always mentioning the recipients for them to receive it, I hardly find it surprising that mentioning somebody else also allows said person to read the message. I mean, you can't add anybody to the discussion in any other way 🤷
@DJGummikuh To be "fair" to who? The software? I don't really care about the software's feelings.
@mattblaze @DJGummikuh it's not unfair because people think the software should work like other similar software. It's unfair because there is an underlying desire which those platforms created the DM feature to fulfil, to be able to communicate something privately with confidence. They are being given something that *looks* like it fulfils that need, but will directly undermine their desired goal without warning. That's an unforgivably abysmal state for a feature to be in.
@mattblaze fair to the people who designed it that way. It *feels* consistent, at least to me
@DJGummikuh I'm sorry if I've hurt anyone's feelings, but they really designed a piece of shit here.
@mattblaze my understanding is that's not a faikure at the protocol level but at the client or server level.
Still, yes, DM are are direct message, not private message.
@gkrnours No one should use it. It's dangerously mis-implemented.
@mattblaze
I (thankfully) learned this lesson the easy way 3 years ago when I was trying to privately tell someone (Rebecca Tushnet, I think) that they should *follow* you
@mattblaze Fun! Did someone just literally do that (call you out in a DM for someone else)?
Don't worry, I won't publicly embarrass the person who sent the DM that mentioned me.
I'll just remember who sent it.
Now we get the fanboys explaining how this is the users' fault.
My responses roughly evenly split between
"The way it works is completely obvious, quit complaining you ungrateful bastard"
and
"Holy crap! I had no idea it did that! Yikes!"
@mattblaze I’m in the “I know how it works and I think it’s unsafe and must be fixed” camp
Appreciate your advocacy on this front
@mattblaze the mastodon DM surprise @ is not even so much a foot gun as a foot cannon, because it’s using people’s actual real interpersonal relationships and matters stated in confidence as the ammo.
@0xabad1dea Understanding that that software behavior can have real-world consequences for real people seems obvious, but evidently isn't.
@0xabad1dea @mattblaze Now I think we need a standard to define the impact levels of foot ordinance. Im thinking (from least to most impactful)
foot gun
foot cannon
foot missle
foot nuke
foot lego peice
"If normal people don't get tripped up by it, what use are my 1337 skilz?" is not a good design principle.
I suspect the Venn diagram of people who think the Mastodon messaging semantics are fine and people who want me to install Linux looks a lot like a circle.
@mattblaze This is hysterical!!!! Which distro?
@mattblaze to be fair this describes my responses to nearly everything on work calls
@mattblaze Blaming people is by far the easiest way to rationalize never changing or improving anything.
@mattblaze that is a horrible design flaw, period.
My pet peeve is that DMs are hardly distinguishable from normal posts, so I’m always afraid my “DMs” are accidentally public posts.
@mattblaze I read that as femboys lol
@mattblaze `what_year_is_it.gif`
@mattblaze Revenge is a dish best served cold.
@mattblaze
You seem awfully confident that it was an accident 😂
A space for Bonfire maintainers and contributors to communicate
