has anyone informed the #switter crowd yet that #dms are in fact public and rely on other servers respecting their status as #dm? This is a scandal of epic proportions waiting to happen. It will be extremely bad press for mastodon/#fediverse and I'd hate to see that. While this is something that will only be fixed in the long term, informing users should start now. Misleading #UI language also really doesn't help.. @Gargron @noelle @HerraBRE @lain
could you elaborate a bit?
@rra Well, the point of deleting it was explicitly not to elaborate.
Basically I was pointing out that the admins are the weakest link and I don't know what process led to *this* particular set of people stepping forward.
But I had done zero homework, when I looked into it, albeit very, very briefly, I saw no red flags.
They appear to be known within that community, the community can decide whether they are to be trusted.
@HerraBRE Thanks. I had missed your initial comment before you deleted it. Thats why.
DMs are safe in any compliant activitypub implementation (to field goes straight to the specified inboxes, not the shared inbox).
You're thinking of the unlisted and followers-only extensions.
Admins don't need to modify Mastodon or Pleroma they can view everything regardless.
@kaniini @lain @HerraBRE @Gargron However this does mean a non-compliant implementation can get access to these DMs? Or is it just the instance admin of a compliant implementation? Also good point on DM vs Private Message, but I think the use expectation is probably still based around the idea it is a private conversation..
a non-compliant implementation would be so fundamentally broken that it wouldn't properly federate
AP is dependent on each actor having distinguished inbox endpoints. delivery of a message targeted directly at an actor to the shared inbox would be an amazing protocol violation
in any case, your DMs won't leak out to third parties -- only the admin of the server(s) can see them besides you
Right, which is what you argued in your blog post. I think trust in your instance admin in one thing, but trust in the whole federation and technical spec is another..
Noรซlle the 8-Bit๐ณ๏ธโ๐๐
@rra @Gargron Important to note that as soon as you put someone else's username in the box, there's a prominent "this may not be private" message that pops up. That said, I've had zero interaction with Switter and I'm not sure it would be meaningful for me to speak to their moderators, especially since they've grown so big so quickly.
@hinterwaeldler @rra @Gargron @noelle @lain One key difference is that becoming an admin who has potential access to other peoples' "private" comms in the Fediverse is really quite easy.
Getting hired by Twitter (or Facebook) and given a role where you have that kind of access is a much more involved and difficult process.
Also, some features (CW for example) that work well on Mastodon suddenly stop working when the toots appear in other apps.
Peoples' expectations may be miscalibrated.
@rra @Gargron @noelle @lain Meta: I deleted my previous toot because I did some minimal homework and felt it didn't apply. Didn't want to give the impression of throwing shade.