I’m still waiting to see how DMs evolve in the fediverse before deciding what to do with Micro.blog, but one thing I’m sure of: we’re not going to have messaging that isn’t encrypted. Private replies to Mastodon users (which works now) will remain as a legacy feature, mostly hidden away.
I always grind the ax that I really want #Mastodon / #Fediverse users to be informed about how insecure this whole system is from its foundation.
DMs is a big element of that.
You mention messaging that isn’t encrypted, but in this system the security goes the other way: not only is it unencrypted but it’s basically just another public post with the suggested audience of a single person.
I really hope users realize that DMs have zero guarantee of privacy.
@shepgo Hmm. I do worry about CSAM. But I don’t think people expect that any server operator can read their private messages. If they can’t be encrypted, I would rather not have DMs at all.
@volkris Yes. It’s too much to expect most mainstream users to understand some of the ActivityPub implementation details, in my opinion.
@manton You can easily prepend “evolve” with the letter “d” 😉 After the UK, every government will be insisting on “prescanned privacy”, in which DMs have to be reported if they contain certain unwanted content, or are by certain individuals. If it’s the law, there’s nothing that you can do about it.
@renevanbelzen I hope there will be some good conventions for how to detect this. Every major platform has to deal with it and has built up some experience.
Absolutely, I don’t expect anyone to understand ActivityPub :)
But I DO think UI designers, folks at the Mastodon level, need to make sure users know that anything they send over DM carries no privacy guarantee.
They do make some efforts in the interface to convey that, but I don’t think they do enough, considering how often I interact with users who don’t aren’t aware of this factor.
@manton personally I’d rather just see this work with good hooks to email addresses. I don’t see the value in DM’s on a given platform beyond marketing and profiling users. Could also be connected with iMessage, but email is more neutral.
@jthingelstad the only use case I see for keeping “DM”s is to share iMessage or signal handles with a “known” person (since there are ways to be reasonably sure the message is coming from the account in question); anything beyond that should be on a messaging platform, not a blogging platform.
@manton not to bang the drum too loud on this but it is another example of language games being used to deceive.
“By ‘private’ we mean ‘not private’.”
What could private mean if not invisible and inaccessible to any entity apart from the sender and the specified trusted target recipients?
It is often so hard to see how ludicrously flippant and self-serving these language games are because they are so pervasive and so laborious to unwind. I almost nodded off writing this reply…