Conversation

Notices

1. Embed this notice
   Matt Blaze (mattblaze@federate.social)'s status on Monday, 10-Nov-2025 03:25:34 JST Matt Blaze

   • Matt Blaze

   Semi-periodic reminder that the DM feature here is utterly broken and should not be regarded as "private" in any meaningful sense. And its semantics seem designed to violate the principle of least surprise.

   Example: ANYONE mentioned in a message, not just tagged at the start, is a recipient. So if you send someone a DM that says "That @mattblaze guy is an ignorant moron", I get a copy.

   I was reminded of this behavior just now.

   • Rich Felker repeated this.
   • Embed this notice
     Kim Scheinberg (kims@mas.to)'s status on Monday, 10-Nov-2025 03:25:33 JST Kim Scheinberg

     in reply to

     @mattblaze
     I (thankfully) learned this lesson the easy way 3 years ago when I was trying to privately tell someone (Rebecca Tushnet, I think) that they should *follow* you

   • Embed this notice
     Evan Prodromou (evan@cosocial.ca)'s status on Monday, 10-Nov-2025 04:15:54 JST Evan Prodromou

     in reply to

     @mattblaze we're working on end-to-end encrypted messaging for ActivityPub at the W3C.

   • Embed this notice
     Steve's Place (steter@mastodon.stevesworld.co)'s status on Monday, 10-Nov-2025 05:58:44 JST Steve's Place

     in reply to

     • ⠠⠵ avuko

     @avuko @mattblaze That's what they are. They're meant to alert someone, and should be called that - Toot Alerts. They are not private - they are toots directed to the recipient with a patina of privacy.

     Nothing here is truly private. If it's not encrypted, and resides in databases - 2 at least for every cross-server toot - in unencrypted form, it's public to at least every system administrator with access to the database(s), whether they are involved with the Fediverse or not.

     Then there is the issue of a follower noticing a "private" thread and jumping in.

     People who want privacy are best served by Signal at the moment.

   • Embed this notice
     ⠠⠵ avuko (avuko@infosec.exchange)'s status on Monday, 10-Nov-2025 05:58:45 JST ⠠⠵ avuko

     in reply to

     @mattblaze that is a horrible design flaw, period.

     My pet peeve is that DMs are hardly distinguishable from normal posts, so I’m always afraid my “DMs” are accidentally public posts.

   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Monday, 10-Nov-2025 05:58:46 JST Matt Blaze

     in reply to

     Now we get the fanboys explaining how this is the users' fault.

   • Embed this notice
     Matt Blaze (mattblaze@federate.social)'s status on Monday, 10-Nov-2025 05:58:47 JST Matt Blaze

     in reply to

     Don't worry, I won't publicly embarrass the person who sent the DM that mentioned me.

     I'll just remember who sent it.

   • Embed this notice
     ⠠⠵ avuko (avuko@infosec.exchange)'s status on Monday, 10-Nov-2025 06:06:40 JST ⠠⠵ avuko

     in reply to

     • Steve's Place

     @steter @mattblaze I am hoping nobody expects true privacy.

     And especially not on any other social media platform.

     But a Direct Message should, as we have come to expect, always and only be directed at ONE person.

     So you can gossip, which has been an essential element of human interaction since long before there were likes and boosts, or even gasp ActivityPub. ;)

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Thursday, 13-Nov-2025 22:42:44 JST Rich Felker

     in reply to

     @mattblaze This could really be fixed on the client/webui side by refusing to send a "DM" with any @'s not at the beginning of it, or putting up a warning prompt listing who the recipients are before sending. There's no excuse for Mastodon leaving it so utterly counterintuitive and dangerous as it is now.