@morst No one is saying encryption is off the table. Just that I wanted to start with low hanging fruit (bucause the improvements are so much easier. Others are working on the encryption (it's a VERY hard problem)

@Rycaut Exactly. My hypothese is that most PMs are scoping outisde of the public discourse and are not in need to encryption. This doesn't mean it's not a good long term goal! Just saying lots of usage does not require it

@benpate Could not agree with you more! Do you have any ideas on how to improve threads? Any products that do it well for example? Branching threads are a bit like merging PRs, the dependency tree can get crazy complex!

@grahamperrin Oh I plan to! But it helps to have a conversation first so I know WHAT to put into the poll...

@virtuous_sloth @evan

This is what I meant that there are lots of things to look at here. As Evan points out, let's make PMs actually something distinct and clearly not a message. Too many people either think something is a PM and it isn't or it is, and it shows up in your feed which makes people panic!

So many simple things to clean up here.

@benpate @mray

I think it's discussed here:
https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/

@jfred You're not the only person asking for this. It's a resonable suggestion (but I can't comment on the implementation complexity)

@mray Well first of all we have a shipping product (warts and all) and improving it is important to do even outside of encryption (I mean I hear your point but I'm saying we'll improve the UX independently as, honestly, it's got lots of issues that need fixing.)

But I agree with you empathically that proper key management is a horribly difficult thing to get right and almost always makes the UX very challenging to "be seemless"

@aaron Completely agree and why I'm asking. We can do both: improve the backend (adding encrypting) AND improve the UX. This is especially true as the frontend improvements are far easier to implement so people can benefit from this WHILE working on the backend.

@by_caballero @mallory @katzenberger Thanks for the intro!

@by_caballero @katzenberger This is something that I have to admit a blindspot. There appear to be so many nuanced layers to "sending and encrypted message". For example, some just want to keep the admin from seeing stuff (that seems like the lowest level)

But at the highest level is for example protext organizing. I can't imagine ANYONE wanting to do that from a Mastodon account only because your profile and public posts likely leak a tremendous amount of personal info.

If you had a LOCKED DOWN account, sure it could work. My point is that I'm trying to understand these very different usages as we could naively asume we're good at one when we aren't. For example, I strongly feel that Signal very much still has a role here even if we do implement it correctly.

@by_caballero @gabek We've publicly announced we're working on encryption. It's a TON of backend work. It can proceed in parallel with UX work. It's not one vs the other. Especially as the UX work is FAR less than the encryption work

@gbargoud makes sense, thank you

@Montaagge There is a lot of traffic on this thread and that point has been made by the way. It's a reasonable request. I just appreciate that it's not a simple ask and I'm hoping we can tackle some UX improvements WHILE the background work is going on.

@mray I so appreciate your concerns. It's actually why (personally, I'll add) I'm concerned why encryption may take a while (the Mastodon team is very thorough and would not release a rushed version of this) This is why my original post really had nothing to do with "should we add encryption" but was rather "while we're waiting can we at least make some improvements?"

@jarango @themipper Now you know why I want to make these changes sooner rather than later!

@jochenwolters That's a very clear explanation thank you. I don't think many apprecaite just how hard it is to add encryption properly and it's like going to take a while. As we already have PMs in the product and improving them would be very helpful, it seems like we shouldn't wait.

Part of why I'm asking is that here are MANY ways to use PMs, many of which do not require encryption at all. Of course it would be very nice to have. But I just want to call out, even with encryption, you likely want to be very careful using Mastodon for organizing as your profile and public posts would likely leak a tremendous amount of personal info.

Again, this doesn't mean we shouldn't do it, just that microblogging makes it hard to proprely protect your identity.

@mray But now you know why I'm asking. There is lots of energy around encryption but it's a very tricky thing to be done right. My point was simply that we start with some simple UX improvements and not wait for the encryption (given we already have private messages)

@octothorpe Thank you! To be clear, I'm not against adding encryption to Mastodon but it would be rather different than what you get with Signal. Here is a simple example. Many people are quite public with their real name here on mastodon, that makes sense. But if you REALLY wanted to use an encrypted message you ikely wouldn't want to use your public name. So in many ways, encrypted messages by you very little (well,in some situations)

That's kind of my point, I don't think people really see the FULL JOURNEY necessary for encryption.

However, many have said "I just don't want to have to trust my admin. I just need it for privacy" and you know, that's a perfectly good reason and to be fair, has NOTHING to do with competing with Signal.

That's all I'm trying to do here, understand how and why it would be used.

@mray Encryption is being explored by a FEP