#mastondon Friends!
-
@scottjenson I am kind of surprised that no one has mentioned that "oh the admins of the servers shouldnt see my DMs!" Creates a moderation nightmare and a harassment loophole that really shouldnt be considered worth the hassle. I am on team "just use signal" because if you need to have a really private conversation with someone who didnt give you their private contact information, no you dont.
@Montaagge There is a lot of traffic on this thread and that point has been made by the way. It's a reasonable request. I just appreciate that it's not a simple ask and I'm hoping we can tackle some UX improvements WHILE the background work is going on.
-
@scottjenson I think, given today's climate, encryption should be a priority over UX changes. My thought is not whether microblogging DMs should be encrypted or not, but simply if *any* kind of messaging exists that is not public, on any service, it should be encrypted. It's the sad world we live in now where services can't be trusted. Non-public messaging that isn't encrypted shouldn't exist. Should microblogging services be Signal? Not at all. But DMs already exist, so now it has to be dealt with. Simply telling users "it's not for private discussions" isn't enough.
in 2026, gabe is absolutely right. a few years ago, i would've been the first one debating this position... but it's 2026.
@gabek @scottjenson -
Signal makes it easy to create a revocable "message me" link. I have one in my profile. If anyone wants to send me an encrypted message they can click on it and send one pretty easily.
I think reply controls and UX improvements should come first, maybe with, as others suggested, a note that the message is not encrypted (yet)
@gbargoud makes sense, thank you
-
Because "private" means "private", on whatever platform.
Platforms have different purposes. I'm not seeking for a Signal replacement, I just want the promise of "private" conversations to be kept. Like I'd expect it from any other platform that is speaking of "private" messages.
Like I expect every car to have functional safety belts.
More pointedly, I would accept DMs from (and periodically check my inbox for) Mastodon but i would not give my unique and precious signal identifier to all of mastodon and all who crawl it @katzenberger @scottjenson
-
in 2026, gabe is absolutely right. a few years ago, i would've been the first one debating this position... but it's 2026.
@gabek @scottjenson@by_caballero @gabek We've publicly announced we're working on encryption. It's a TON of backend work. It can proceed in parallel with UX work. It's not one vs the other. Especially as the UX work is FAR less than the encryption work
-
More pointedly, I would accept DMs from (and periodically check my inbox for) Mastodon but i would not give my unique and precious signal identifier to all of mastodon and all who crawl it @katzenberger @scottjenson
@by_caballero @katzenberger This is something that I have to admit a blindspot. There appear to be so many nuanced layers to "sending and encrypted message". For example, some just want to keep the admin from seeing stuff (that seems like the lowest level)
But at the highest level is for example protext organizing. I can't imagine ANYONE wanting to do that from a Mastodon account only because your profile and public posts likely leak a tremendous amount of personal info.
If you had a LOCKED DOWN account, sure it could work. My point is that I'm trying to understand these very different usages as we could naively asume we're good at one when we aren't. For example, I strongly feel that Signal very much still has a role here even if we do implement it correctly.
-
@by_caballero @katzenberger This is something that I have to admit a blindspot. There appear to be so many nuanced layers to "sending and encrypted message". For example, some just want to keep the admin from seeing stuff (that seems like the lowest level)
But at the highest level is for example protext organizing. I can't imagine ANYONE wanting to do that from a Mastodon account only because your profile and public posts likely leak a tremendous amount of personal info.
If you had a LOCKED DOWN account, sure it could work. My point is that I'm trying to understand these very different usages as we could naively asume we're good at one when we aren't. For example, I strongly feel that Signal very much still has a role here even if we do implement it correctly.
You know who's thought a lot about secure messaging? SWF's @mallory .
See also:
https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/ -
You know who's thought a lot about secure messaging? SWF's @mallory .
See also:
https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/@by_caballero @mallory @katzenberger Thanks for the intro!
-
@gbargoud makes sense, thank you
As an aside, I'm surprised there isn't an instance at a link like staff.joinmastodon.org with an official account for each member of the core mastodon team.
I had to check your profile to see that you were someone asking for feedback who could do something about it rather than someone who was asking out of curiosity
-
@mray I so appreciate your concerns. It's actually why (personally, I'll add) I'm concerned why encryption may take a while (the Mastodon team is very thorough and would not release a rushed version of this) This is why my original post really had nothing to do with "should we add encryption" but was rather "while we're waiting can we at least make some improvements?"
@scottjenson I don't see much wiggle-room for improvement if it is not clear how it works under the hood.
Ideally encryption feels almost imperceptible, and needs a mere indication on the side, but I guess the UX work won't be to GET THERE – but is to make the emerging pain points more bearable.
I think the UX you would want to improve is connected more with the FEP itself than any UI concerns. Depending on what they come up with you'll be free to do what you want – or deal with strange constraints. (Key handling seems to be the arch enemy of UX in encryption if you ask me :P)
-
@by_caballero @gabek We've publicly announced we're working on encryption. It's a TON of backend work. It can proceed in parallel with UX work. It's not one vs the other. Especially as the UX work is FAR less than the encryption work
@scottjenson @by_caballero Oh I'm aware. Encrypted messages will have to be supported by more than just Mastodon, so we're all in for that ride. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think any service with an implication of privacy should be encrypted, but that encryption needs to be done right. And the UI needs to convey the level of encryption clearly so people don't make incorrect assumptions about the security of their communications.
So I'm okay with the UX coming first, if it's designed with future encrypted messaging in mind.
I get DMs are not the focus of the app, so probably not a big priority, but they are still useful and important to many users.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I know @soatok is working on E2E DMs for the fediverse.
But I already kinda use the existing DM feature but it is very clunky depending on the client you use. Having some sort of prominent tab that has it's own set of notification so I don't miss it in the flood of "normal" notifications would already go a long way.
-
@scottjenson I think any service with an implication of privacy should be encrypted, but that encryption needs to be done right. And the UI needs to convey the level of encryption clearly so people don't make incorrect assumptions about the security of their communications.
So I'm okay with the UX coming first, if it's designed with future encrypted messaging in mind.
I get DMs are not the focus of the app, so probably not a big priority, but they are still useful and important to many users.
@aaron Completely agree and why I'm asking. We can do both: improve the backend (adding encrypting) AND improve the UX. This is especially true as the frontend improvements are far easier to implement so people can benefit from this WHILE working on the backend.
-
@scottjenson I don't see much wiggle-room for improvement if it is not clear how it works under the hood.
Ideally encryption feels almost imperceptible, and needs a mere indication on the side, but I guess the UX work won't be to GET THERE – but is to make the emerging pain points more bearable.
I think the UX you would want to improve is connected more with the FEP itself than any UI concerns. Depending on what they come up with you'll be free to do what you want – or deal with strange constraints. (Key handling seems to be the arch enemy of UX in encryption if you ask me :P)
@mray Well first of all we have a shipping product (warts and all) and improving it is important to do even outside of encryption (I mean I hear your point but I'm saying we'll improve the UX independently as, honestly, it's got lots of issues that need fixing.)
But I agree with you empathically that proper key management is a horribly difficult thing to get right and almost always makes the UX very challenging to "be seemless"
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson My take is encryption is important, but not important enough that you shouldn't make UX improvements before having it
I particularly would like to see the list of mentions decoupled from the list of recipients, though I wonder if that might cause problems with replies from some software... but still
-
@scottjenson My take is encryption is important, but not important enough that you shouldn't make UX improvements before having it
I particularly would like to see the list of mentions decoupled from the list of recipients, though I wonder if that might cause problems with replies from some software... but still
@jfred You're not the only person asking for this. It's a resonable suggestion (but I can't comment on the implementation complexity)
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I must request encryption, because even though I don't need it right now. ...
A - you never know when you might need it
B- if I did, I might feel really uncomfortable telling you the reason, so I'm gonna assume that I'm piping up for some of those folks. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Thanks for asking! I'm a big fan of Encrypting All The Things, but my impression here is that the dangers of PMs on Mastodon have more to do with the potentially confusing UX, so I think addressing the UX issues would help the most in the short term.
Ultimately, I want users to be able to assume "private" means encrypted, so I'm very glad that's part of the plan. Yes, people can use Signal, but there's still a need to privately transmit one's Signal username at a minimum. Also, private threads can stem from public threads, so it's natural to have some facility for privacy here. Finally, I'm a huge Signal fan, but its centralization means a single point of failure, and makes it a huge target for authoritarian state actors, and I worry about it going down or being compromised.
I would like to see more visual distinction between public and private posts, like different coloring, so fewer people confuse them.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson encryption that still works if one of the parties changes fediverse servers seems like it maybe technically challenging
I also would note that a lot of my interactions on the Fediverse are not very “microblogging” focused. Ie this response isn’t a blog post.
I largely use DMs here for private but non sensitive content (like “hey your url is broken” or “you have a typo on that post”
