I'm going to take a look at the propagation code for DMs to get a better idea of the possible attack vectors. I suspect there is a bunch of confusion and misinformation out there.

I've seen heaps of commentary elsewhere that comes from "this thing behaves differently to what I'm used to, so it's bad" which is normal, but unhelpful.
It's like saying Tumblr is bad because it isn't email.

@trentyarwood I had trouble getting to sleep last night because my brain loves thinking about all things Mastodon, apparently.

@robcorr @jpwarren I’m working on a taxonomy atm and yes, classification is very subjective

@jpwarren I think the big issue is trusting the admins of other instances. So maybe limiting DMs to local users? Or warning people if they DM outside their instance?

@robcorr @jpwarren i just feel that...people don’t worry about the admins of other people’s email servers when they send email, do they? You just send the email. At some point you have to trust the syadmin, or encrypt if you don’t I guess.

@ozjimbob @jpwarren yeah I’m not bothered personally, but it’s the one thing I have seen a fair bit of grumbling about.

@robcorr @ozjimbob It's probably worth understanding, *especially* if you have particular needs (vulnerable group, etc.) but that's not unique to here.

@robcorr @jpwarren yeah I’ve seen the grumbling too, I’m surprised people seem to trust Twitter staff not to read their DMs if they have these concerns

@ozjimbob @jpwarren I think with Twitter people assume that it’s huge enough and internally hierarchical enough that it’s going to be an algorithm rather than a nosy human who reads your DMs. It’s the federation of hobbyists that causes different concerns on Mastodon.

@robcorr @ozjimbob And for many people :birdsite: or :facey: is all they've known. They weren't there for Usenet or IRC so they aren't familiar with how things have been done before.

@ozjimbob @robcorr @jpwarren TLS support between email servers has improved recently, but all email for a very long time went out unencrypted, and the people complaining that DMs are readable by other instance mods were/are not worried about it at all

@merospit @ozjimbob @jpwarren To be fair, there is a lot more understanding now of the harm that can be done through lack of privacy/security. People are more anxious about this stuff now, and not without reason.

@ozjimbob @robcorr @jpwarren but since 90% of people use gmail, most folks only need to trust google's internal controls are good. unfortunately fully private DMs are impossible if you want a portable web UI (since the server needs to be able to decrypt to display the message). unfortunate, and seriously non-trivial to fix.

@ozjimbob @robcorr @jpwarren (well, trust google's internal controls are good, and trust google itself. same as trusting twitter's controls/twitter to not read your DMs)

@rfc6919 @robcorr @jpwarren well, if I understand it correctly, Keybase.io has pretty much solved client-side web UI encryption. Wish more things just plugged into it.

@ozjimbob they rely on standalone clients to validate the server is behaving correctly (keybase.io/docs/server_securit -> "We fully understand that users of the Keybase Web client don't get these guarantees"). haven't looked into how new web client enrolment works, I should do so.

@robcorr Cross-instance comms is important, so making it per-instance only probably isn't the right call.

@robcorr But I suspect they're not re-propagating. Like, if I DM you on your remote instance, why would it send the DM to other instances later?
It seems more like an authentication issue: Am I DM-ing the real you?

@robcorr Same issue :birdsite: has with people using similar handles to push crypto-scams, etc., really.

@jpwarren @robcorr I'm currently working on a comment here - but this is relevant to the conversation. github.com/tootsuite/mastodon/

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!