#mastondon Friends!
-
@scottjenson Encryption would be very good for private mentions. The point of “private” is that it is private. If someone is notifying of a security related issue for example - no one else should see it. Not only is it against the description of the feature; it’s an actual problem because the feature implies a trust that should not be given.
Don’t assume people can connect on other services. Fix the problem. DMs and private *mean* private to people. Regardless of the tech.
@mattwilcox all fair points!
-
@mattwilcox all fair points!
@mattwilcox My issue is simple: Should Mastodon replace Signal? Given how good it is, I'm trying to understand it's place in the world vs ours?
-
@neal yes! Good point. We already do PMs however so we'd start with fixing these
@scottjenson One thing that probably needs to go away is the ability to accidentally drag someone into a conversation by mentioning them. That flexibility is *dangerous* for private messages.
-
@scottjenson One thing that probably needs to go away is the ability to accidentally drag someone into a conversation by mentioning them. That flexibility is *dangerous* for private messages.
@neal OOOOOh, that's a cool point! Thank you. What are you suggesting, that PMs are ONLY 1:1?
-
@mattwilcox My issue is simple: Should Mastodon replace Signal? Given how good it is, I'm trying to understand it's place in the world vs ours?
@scottjenson No. But if you offer “DMs” or “private mentions” you have to fulfil on that. You can not palm it off to other services. Nor do you need to replace other services. You just have to deliver on the implicit promise.
I think it’s unfair to assume users will know or find out that “here” DM/private acts differently to every other service using those terms.
So either fix that; or rebrand those things.
-
@jarango bingo, now you know what I'm kind of making a strong point to get a feeling about how strongly people actually feel about this.
My point is that encrypted communication is very valuable, but it's usage is quite distinct from microblogging. I'm trying to understand who needs it WITHIN Mastodon (vs just switching to an app that specializes in and likely will do a better job if I'm honest)
@scottjenson as often happens in UX, it comes down to ontology.
Is this a place for publishing or communicating? Are DMs in service primarily to facilitating the former or exclusively for the latter?
Someone has to decide. I can't imagine that's easy in a volunteer-driven org.
-
@neal OOOOOh, that's a cool point! Thank you. What are you suggesting, that PMs are ONLY 1:1?
@scottjenson I think that PMs should lock to who they are initiated with. That means the people tagged for that conversation when the PM is initialized are the only people who can be in the conversation. Further mentions *must not* expand the group.
I don't know if that means you should break the ability to do a private reply to a public message, but UX wise it might make sense to do so.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
Yes, I need it.
Because I do not trust you, the admin.
I also don't trust those who will seize servers. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson broadly, encryption for DMs on a social network isn't something I'd expect.
Would any of the proposed changes to DMs trigger age-verification requirements in the UK, Australia, etc?
-
@scottjenson broadly, encryption for DMs on a social network isn't something I'd expect.
Would any of the proposed changes to DMs trigger age-verification requirements in the UK, Australia, etc?
@mia Honestly I hadn't even thought of that, thank you for bringing it up!
-
Yes, I need it.
Because I do not trust you, the admin.
I also don't trust those who will seize servers.@katzenberger Fair enough, but can you tell me when you'd use it on Mastodon vs when you'd use it for Signal? I'm trying to understand if Mastodon, by implementing this is likely to replace Signal usage for many people? I don't think it will so I'm trying to understand WHY you'd need it in Mastodon when you just use an app that specializes in this.
-
@scottjenson as often happens in UX, it comes down to ontology.
Is this a place for publishing or communicating? Are DMs in service primarily to facilitating the former or exclusively for the latter?
Someone has to decide. I can't imagine that's easy in a volunteer-driven org.
@jarango
Now you know what we're moving towards this more pubic way of discussing things. It's not enough to make a decision, we have to bring the community along with us. -
@scottjenson I think that PMs should lock to who they are initiated with. That means the people tagged for that conversation when the PM is initialized are the only people who can be in the conversation. Further mentions *must not* expand the group.
I don't know if that means you should break the ability to do a private reply to a public message, but UX wise it might make sense to do so.
@neal I will be thinking ALOT about this comment. Thank you for explaining it. Very much appreciated.
-
@jarango bingo, now you know what I'm kind of making a strong point to get a feeling about how strongly people actually feel about this.
My point is that encrypted communication is very valuable, but it's usage is quite distinct from microblogging. I'm trying to understand who needs it WITHIN Mastodon (vs just switching to an app that specializes in and likely will do a better job if I'm honest)
@scottjenson @jarango it feels like there is an overlap between microblogging and private messages.
Sometimes the microblog topic opens up a conversation that you would like to follow up in private.
At the moment you need to switch service which adds friction.
But I get your point in not wanting to build another messaging app when there are good ones like Jami.net, Signal, XMPP, etc.
Have you thought about linking messaging accounts to reduce friction?
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
As long as there's a "hey, this isn't encrypted!" Kind of Disclaimer, I'm fine. If we wanted encryption, there's other apps or services. But, I don't want people to mistakingly share sensitive info on this platform.
That said, encryption in the future would be amazing, but I prefer other improvements not be blocked by that for the moment.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson some of these are in the Mastodon roadmap!
https://blog.joinmastodon.org/2026/02/our-technical-direction/
-
@katzenberger Fair enough, but can you tell me when you'd use it on Mastodon vs when you'd use it for Signal? I'm trying to understand if Mastodon, by implementing this is likely to replace Signal usage for many people? I don't think it will so I'm trying to understand WHY you'd need it in Mastodon when you just use an app that specializes in this.
Because "private" means "private", on whatever platform.
Platforms have different purposes. I'm not seeking for a Signal replacement, I just want the promise of "private" conversations to be kept. Like I'd expect it from any other platform that is speaking of "private" messages.
Like I expect every car to have functional safety belts.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think, given today's climate, encryption should be a priority over UX changes. My thought is not whether microblogging DMs should be encrypted or not, but simply if *any* kind of messaging exists that is not public, on any service, it should be encrypted. It's the sad world we live in now where services can't be trusted. Non-public messaging that isn't encrypted shouldn't exist. Should microblogging services be Signal? Not at all. But DMs already exist, so now it has to be dealt with. Simply telling users "it's not for private discussions" isn't enough. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson My take (which seems to fly in the face of the zeitgeist) is that Mastodon is not meant foremost as a private messaging app. It is at its core, an *open, social* microposting platform. There are apps that are radically better suited for private and safe comms, and I am a huge proponent of letting things be true to themselves. When you try to shoehorn stuff into a system not intended to do that stuff, it ends poorly.
So, sure, DMs out of the timeline, but no Signal-like hardening.
-
@scottjenson some of these are in the Mastodon roadmap!
https://blog.joinmastodon.org/2026/02/our-technical-direction/
@mapache Yes, I know!
I'm not saying no I'm exploring when (as encryption will take longer than UX improvements
