There's been some blowback regarding my private messages mini-tutorial. Some people take exception with me calling them private messages.

Yet several people have already asked me about how to send a "private message". They don't see documentation about a Twitter function they believe is essential.

What's more, "Conversations" does not convey the same thing as "Messages" on Twitter.

Should I lecture these people on E2EE or just tell them how to do the function that they want?


@atomicpoet Conversations intentionally does not convey the same thing as Messages on Twitter. Mastodon's post visibilities are not the same as, and not intended to be used as, DMs, and though our UI has gotten cozy with equivocating them over the years (due to optimizing for a local maxima of community feedback) I went over and made them clearly different just yesterday to better manage privacy expectations.

· · Web · 2 · 3 · 8

@Gargron I don't believe "Conversations" conveys what you think it does. In fact, the documentation of that feature is a recipe for disaster.

@atomicpoet Please elaborate, what does it convey in your opinion? What kind of disaster?

@Gargron I assume that feature is meant to be messages between two or more recipients directed to an address (@), not for public view.

If I'm wrong in the assumption, then that's a problem.

If I'm right, that's also a problem.

Here's the disaster in the making: you haven't conveyed a basic function clearly and efficiently. The result is that people think Twitter has "private messages" and Mastodon doesn't.

@Gargron Let me get to the core. What does the globe icon mean? To a lot of users, it could be confused with a generic "web" icon.

The @ symbol doesn't necessarily mean "only people mentioned" either. It could mean "email".

@Gargron See this menu? There isn't even context that it refers to sending and receiving messages. What does "visible" even mean? That someone can see my computer screen?

@Gargron Furthermore, I don't think anyone's going to say, "Hey, can you send me a People That I Only Mention message?"

Too many words, too unwieldy.

And Conversations is too fuzzy because in regular parlance, isn't that what you and I are already having right now?

@Gargron Finally, other apps on the Fediverse already use more readily recognizable terms anyway. Here's an example.

@atomicpoet @Gargron calling them direct messages still invokes a level of privacy that does not exist (and does not exist on twitter either for that matter)

@ariadne @Gargron Then how are you going to communicate the level of privacy in one or two words?

Hate to say it, but features can't sell themselves. You need something easily communicable that people can understand within 5 seconds. Otherwise you've lost the battle with usability.

@atomicpoet @Gargron my preferred way is to just not have this feature. if people want instant messaging, they can use a service which does it correctly.

@ariadne @Gargron If you remove the feature, you've removed something that a lot of users regard as basic functionality. And no, I don't believe, "Go use an instant messenger" alleviates the problem because users don't want to use separate apps for that function. They've been trained since MySpace to expect it.

@atomicpoet @Gargron

plenty of people used instant messengers during the myspace days, and still do. i'm not really convinced this is a vital feature.

@ariadne @Gargron That instant messenger was part of MySpace's UI. So, to a lot of people, it's just a "direct message".

@atomicpoet @Gargron

at least in my community, there seems to be consensus that the DM feature should be deleted. but, in fairness, my community skews towards security engineers.

@ariadne @Gargron Important question: why did you just refer to it as the DM feature?

@ariadne @atomicpoet @Gargron I still use instant messengers, but the only ones I actively use now are Discord and Telegram, and Discord is configured to only allow direct messages from friends and people who I share a server with. I almost never get DMs from anyone I don't expect to.

I already implicitly trust the staff of whichever instances I am using and communicating with, as without that trust, I should not really be sending any information out over such services.

Someone could be reading my direct messages on either of the above services, except for Telegram, and only if I'm using the E2EE functionality that doesn't seem to work on computers, only phones.

There is a level of trust needed to be using most any communications platform, lifted onto the people running whichever services you're using, and if you can't trust the service to be reliable and safe, then it's not really that useful.

I also remember where I was being an untrustworthy administrator of a web forum, where I was reading PMs of the forum by peeking at the database. Not really that great a look for me, but yeah, a truly determined database admin could breach the trust of their users if they really wanted to. Nothing to stop an instance admin from backdooring their instance somehow, either. It all comes down to whether you trust the people who run whatever, to do so benevolently.

@atomicpoet @ariadne With or without the rename, the feature has always been different enough from DMs that for some people, it was not good enough. Just two or three weeks ago I had an exchange with someone on Twitter who asked if "Mastodon still didn't have DMs", to which I elaborated on the visibility setting, to which they replied that it's not real DMs and not usable for them. So the way I see it, we lose little.

@ariadne @atomicpoet @Gargron
What about calling them "Quiet Messages" Since people are not mentioned aren't alerted to them.

@atomicpoet @Gargron For what little it's worth, I entirely agree that the current nomenclature is likely to be confusing and not particularly optimal - but is there a case to be made that actually, given some of the criticism (founded or otherwise) based on the whole "fedi admins can read your DMs" thing, that a separate E2E DM feature ought to exist - rather than changing or clarifying any of the existing naming? That may kill two birds with one stone, so to speak.

@atomicpoet I have performed these changes to distance our post visibility setting from the concept of DMs, which is a concept laden with certain privacy expectations. I don't think such expectations are necessarily fair -- forum PMs have always been accessible to sysadmins of the forum, and hell, I basically trust my e-mail provider not to read my e-mails -- but they seem to be there in 2022. Posts, on the other hand, appear to me devoid of such strong expectations.

@atomicpoet I see that post visibility setting as a way to do a little conversation sidebar, to have a quiter exchange without the public and the followers listening in on it, but it clearly is not similar to Twitter DMs and people should not be using it as such or god forbid sharing dangerous information over it. We've always displayed a warning about it, linking to the privacy policy, but I've made the warning even more explicit now.

@Gargron Here's a suggestion. Call the feature "personal message".

It's not public, not private—it's personal. As in intended only for people mentioned, but don't be sharing stuff that's confidential.

@atomicpoet In my view it might be too close to private. Both abbreviated to PM, often used interchangeably across platforms. As such I do not think it solves the underlying confusion problem. I think that perhaps it would be better if people thought Mastodon didn't have DMs, than people making shocked threads about how DMs in Mastodon are accessible by sysadmins.

@Gargron I think you've created a larger confusion problem now. You're documentation makes it look like "private messages" doesn't exist. But then... look at this! It's a feature similar to something found on Twitter!

Further, Twitter's DMs are accessible to Twitter moderators. That's not encrypted. Why is that feature not controversial to Twitter users?

@atomicpoet I have never personally believed that the arguments by the detractors hold a lot of water. Indeed, Twitter DMs are not any more private, and the "access controls" that people imagine at these companies are more or less assumptions. No reason why a company hosting Mastodon couldn't have the same access controls for employees!

And yet, unfortunately such arguments find a lot of resonance, and I have seen enough of them online to consider them a danger to the platform.

@atomicpoet I believe that people believing that Mastodon has no DMs would be less harmful than the alternative. Besides, in practice, the answer to "Can I share my Signal number with someone without the whole world seeing it?" is still yes, just using different semantics.

1. This is a problem virtually every social network has had since the '00s. It's never been something that's inhibited growth at Mastodon or Twitter or anywhere else. Not saying their approach is right, just that metrics say something else.

2. I suspect many users believe "private messages" is essential. Just in case I'm wrong with this suspicion, I've put up a poll to gauge opinion. (contd.)

@atomicpoet I said yes to the poll, but what would be even better than PMs would be a chat system based on another federated system like xmpp or matrix being integrated into mastodon.

3. I likewise suspect many people are going to refer to this feature as "private messages" or "direct messages" anyway, and they'll be upset they couldn't find documentation on how to use it.

4. Many of the people saying "admins can read your messages" are simply spreading FUD -- especially since they know Twitter can do the same -- and if you cede on this issue, they'll believe the FUD works.

Musk will add e2ee to DMs on twitter and then be like
nah-nah-nah nah-nah nah...

5. At the very least, I believe you should have documentation that's at least "related" to private/direct messaging simply so that users can understand where you're coming from as well as your concerns.

@atomicpoet I agree with this. I think they should be called DMs, but with a warning it's not E2EE, plus strong social norms against instance admins reading DMs, and the community should defederate from and shun any instance found to be doing this.

@Gargron @atomicpoet thank you for doing this, it has been one of my gripes about fediverse software as a security engineer

Sign in to participate in the conversation

The original server operated by the Mastodon gGmbH non-profit