#mastondon Friends!
-
@gbargoud makes sense, thank you
As an aside, I'm surprised there isn't an instance at a link like staff.joinmastodon.org with an official account for each member of the core mastodon team.
I had to check your profile to see that you were someone asking for feedback who could do something about it rather than someone who was asking out of curiosity
-
@mray I so appreciate your concerns. It's actually why (personally, I'll add) I'm concerned why encryption may take a while (the Mastodon team is very thorough and would not release a rushed version of this) This is why my original post really had nothing to do with "should we add encryption" but was rather "while we're waiting can we at least make some improvements?"
@scottjenson I don't see much wiggle-room for improvement if it is not clear how it works under the hood.
Ideally encryption feels almost imperceptible, and needs a mere indication on the side, but I guess the UX work won't be to GET THERE – but is to make the emerging pain points more bearable.
I think the UX you would want to improve is connected more with the FEP itself than any UI concerns. Depending on what they come up with you'll be free to do what you want – or deal with strange constraints. (Key handling seems to be the arch enemy of UX in encryption if you ask me :P)
-
@by_caballero @gabek We've publicly announced we're working on encryption. It's a TON of backend work. It can proceed in parallel with UX work. It's not one vs the other. Especially as the UX work is FAR less than the encryption work
@scottjenson @by_caballero Oh I'm aware. Encrypted messages will have to be supported by more than just Mastodon, so we're all in for that ride. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think any service with an implication of privacy should be encrypted, but that encryption needs to be done right. And the UI needs to convey the level of encryption clearly so people don't make incorrect assumptions about the security of their communications.
So I'm okay with the UX coming first, if it's designed with future encrypted messaging in mind.
I get DMs are not the focus of the app, so probably not a big priority, but they are still useful and important to many users.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I know @soatok is working on E2E DMs for the fediverse.
But I already kinda use the existing DM feature but it is very clunky depending on the client you use. Having some sort of prominent tab that has it's own set of notification so I don't miss it in the flood of "normal" notifications would already go a long way.
-
@scottjenson I think any service with an implication of privacy should be encrypted, but that encryption needs to be done right. And the UI needs to convey the level of encryption clearly so people don't make incorrect assumptions about the security of their communications.
So I'm okay with the UX coming first, if it's designed with future encrypted messaging in mind.
I get DMs are not the focus of the app, so probably not a big priority, but they are still useful and important to many users.
@aaron Completely agree and why I'm asking. We can do both: improve the backend (adding encrypting) AND improve the UX. This is especially true as the frontend improvements are far easier to implement so people can benefit from this WHILE working on the backend.
-
@scottjenson I don't see much wiggle-room for improvement if it is not clear how it works under the hood.
Ideally encryption feels almost imperceptible, and needs a mere indication on the side, but I guess the UX work won't be to GET THERE – but is to make the emerging pain points more bearable.
I think the UX you would want to improve is connected more with the FEP itself than any UI concerns. Depending on what they come up with you'll be free to do what you want – or deal with strange constraints. (Key handling seems to be the arch enemy of UX in encryption if you ask me :P)
@mray Well first of all we have a shipping product (warts and all) and improving it is important to do even outside of encryption (I mean I hear your point but I'm saying we'll improve the UX independently as, honestly, it's got lots of issues that need fixing.)
But I agree with you empathically that proper key management is a horribly difficult thing to get right and almost always makes the UX very challenging to "be seemless"
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson My take is encryption is important, but not important enough that you shouldn't make UX improvements before having it
I particularly would like to see the list of mentions decoupled from the list of recipients, though I wonder if that might cause problems with replies from some software... but still
-
@scottjenson My take is encryption is important, but not important enough that you shouldn't make UX improvements before having it
I particularly would like to see the list of mentions decoupled from the list of recipients, though I wonder if that might cause problems with replies from some software... but still
@jfred You're not the only person asking for this. It's a resonable suggestion (but I can't comment on the implementation complexity)
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I must request encryption, because even though I don't need it right now. ...
A - you never know when you might need it
B- if I did, I might feel really uncomfortable telling you the reason, so I'm gonna assume that I'm piping up for some of those folks. -
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Thanks for asking! I'm a big fan of Encrypting All The Things, but my impression here is that the dangers of PMs on Mastodon have more to do with the potentially confusing UX, so I think addressing the UX issues would help the most in the short term.
Ultimately, I want users to be able to assume "private" means encrypted, so I'm very glad that's part of the plan. Yes, people can use Signal, but there's still a need to privately transmit one's Signal username at a minimum. Also, private threads can stem from public threads, so it's natural to have some facility for privacy here. Finally, I'm a huge Signal fan, but its centralization means a single point of failure, and makes it a huge target for authoritarian state actors, and I worry about it going down or being compromised.
I would like to see more visual distinction between public and private posts, like different coloring, so fewer people confuse them.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson encryption that still works if one of the parties changes fediverse servers seems like it maybe technically challenging
I also would note that a lot of my interactions on the Fediverse are not very “microblogging” focused. Ie this response isn’t a blog post.
I largely use DMs here for private but non sensitive content (like “hey your url is broken” or “you have a typo on that post”
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I think making UX improvements to DMs is a great idea.
One of the biggest privacy problems with Mastodon DMs now is that people accidentally make them public.
Separating the private mention UI from the public posting UI will probably avoid a huge percentage of those user errors.
It'd be a big win for privacy.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson Hey Scott! I'm so glad you're tackling this issue. I have lots of trouble with DMs on Mastodon. I think you're addressing, these, but here goes:
The biggest one is how easily they're confused with regular messages. I routinely mess this up, and make private messages public, or vice versa.
The next is how hard it is to visualize threads - especially in the existing notification section. I often lose my place in complex discussions
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson And on encryption, I think you could probably launch with UX improvements only, and leave encryption as a "fast follow". E2EE might not be *critical* but it's a *super-nice-to-have* ~ especially on today's internet.
The fact that we call them "direct messages" isn't enough; people have a natural expectation of privacy when they send DMs, and the Fediverse doesn't really honor that right now.
The more systems we can make "secure by default" the better.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson I rarely use them due to the UX fears, encryption would be a cherry on top
-
@scottjenson And on encryption, I think you could probably launch with UX improvements only, and leave encryption as a "fast follow". E2EE might not be *critical* but it's a *super-nice-to-have* ~ especially on today's internet.
The fact that we call them "direct messages" isn't enough; people have a natural expectation of privacy when they send DMs, and the Fediverse doesn't really honor that right now.
The more systems we can make "secure by default" the better.
And.. you probably know, but just in case:
We have a solid spec for E2EE on the Fediverse now (https://swicg.github.io/activitypub-e2ee/mls) with #Emissary and #Bonfire launching later this year.
As you'd expect with end-to-end-encryption, *most* of the work is on the browser/client. The AP server changes are minimal: a new KeyPackage object to store, a new collection, & other small stuff.
When we have working JS code, it'll be AGPL, and you could use it as a baseline for Mastodon
-
@scottjenson I think making UX improvements to DMs is a great idea.
One of the biggest privacy problems with Mastodon DMs now is that people accidentally make them public.
Separating the private mention UI from the public posting UI will probably avoid a huge percentage of those user errors.
It'd be a big win for privacy.
@evan the already improved UX looks good, to me.
When drafting a reply to a public toot, the word 'Public' is prominent (first screenshot).
When drafting a mention, the separation is clear (second shot).
Without being blasé about privacy: if a person accidentally publishes in either of those contexts, it's human error.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
@scottjenson not at all critical.
Hint: you could re-run this as a poll, for the question.
-
#mastondon Friends!
There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)
If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.
I think some people were using PMs for potentially sensitive info (addresses, Venmo, etc.), and having them slightly more secure puts people at ease.
What about standard public-key stuff, dropping a short public key in a metadata field, keeping the private key on the endpoint or in the client?
