Reminder about Mastodon "private" messages. Aside from not being end-end-encrypted (and so visible to instance administrators), they CC anyone @-mentioned ANYWHERE in the body of the message (not just those listed at the start).
They are now called "private mentions" rather than "private messages", but if you don't fully understand the semantics, this behavior may be unexpected and/or cause unpleasant side effects.
Also, if you "turn off" private messages, anyone can still send them to you. They're just silently ignored by your client, without warning to the sender.
Basically, private messages here remain a trainwreck. Use something else if you want to send someone a message privately.
@mattblaze Yes. I once accidentally tagged someone who was harassing me, in a DM to my mods about the harassment. The private messages showing up in the same feed as non-private ones has also made my hair stand on end more than once.
@inquiline It makes complaining about harassment from specific accounts fraught with peril. I wonder though if you block the problematic person prior to complaining or suggesting to the mods that they should be banned from the instance --Are they still notified?
How it works is so unclear.
@inquiline@mattblaze At least they're now highlighted in Mastodon 4.20. Still, I see the potential for confusion.
Perhaps we see more movement in libraries for secured private communication via ActivityPub with @dansup starting to work on his chat client "Sup". If there happens to be some simple lib for private messaging via ActivityPub the chance of John Mastodon (and therefore a huge chunk of the Fedi) to adopt it would be way higher.
@mattblaze It’s insane. People get so upset at any criticism pointed at Mastodon. It’s childish and gross.
But, I’m glad to see them expose themselves so I can block and mute.
@jpaskaruk You’re right. The PM mechanism is an absolute steaming pile of shit, and my holding back in that description was a disservice to those who might unwittingly be harmed by its unclear, counterintuitive semantics. I apologize, and will use appropriately stronger language to describe it in the future.
@mattblaze ...or... more accurately you're just a bit of a prick that likes to tell people how they are thinking and then don't like it when you are called out. I think you'd probably get on better over on Twitter/X - they like that sort of bullshit there.
I had such an unpleasant encounter recently, when I passed on what had been news to me then, that harassment may occur on Mastodon too — unnoticed by most when a direct "@" mention is hidden behind "visible to followers only".
When I suggested the feature to be modified or removed, I got a rude direct message.
To which I politely replied that I had just switched my "@-back" to "publicly visible". Which lead to an aggressive reply, deleted by author seconds later. Quiet since. 😌
@mattblaze It's funny, I'm okay without a DM/private message function, I've shifted that elsewhere, but at the same time I think its perfectly okay to be like "Hey, just FYI this shit doesn't work how you think it should" and for people to want something that works functionally like it probably should.
@lilstevie@mattblaze But that also means that you have to share other ways to privately contact you via a message format which is not private. I can see how some people might be uncomfortable doing that. Having an e2ee encrypted private message format on fedi, that also seamlessly works with mastodon would be nice.
@rlcw@mattblaze yes, it’s a bit easier for me because I’m lilstevie/littlesteve on practically everything so it’s definitely from a place of privilege of being able to be like “just message me on $x service” with my very public username. That is why I did say at the end that it should probably just work like people expect.
Seriously, I think John Mastodon has sufficiently thick skin that he can handle people criticizing or warning about misfeatures and unexpectedly dangerous behavior. He does not need you to defend his honor.
@mattblaze
Per https://www.britannica.com/animal/mammoth-extinct-mammal , "Many mammoths had a woolly, yellowish brown undercoat about 2.5 cm (1 inch) thick beneath a coarser outer covering of dark brown hair up to 50 cm (20 inches) long. Under the extremely thick skin was a layer of insulating fat at times 8 cm (3 inches) thick."
So yeah, probably fine against the slings and arrows of outrageous tooting.
Perhaps if I had the long experience with the Internet that others here apparently do, I'd find Mastodon Private Message semantics more intuitive and sensible. But please forgive me - I'm a relative newcomer, having gotten online only a bit before the migration from net 10 and HOSTS.TXT.
My replies to this thread consist of a set of people saying“Thanks, I didn’t understand that” and another set of people saying “Why did you post this? Everyone understands that already”.
Wait? What?? A masto-n00b seeing "Private Mentions" would assume that those mentions were private based on, you know, the words used.
Now is this a mistranslation (to English) of a different concept, one that makes it clear that said mentions are not at all private but that are at least hard to find? I don't know.
But Private Mentions aren't private in the sense one might assume & that needs to be broadcast regularly.
@VE2UWY I'm honestly baffled about the level of hostility I get in response to mentioning this. Maybe I come across as an arrogant prick. OK. Fine. I'm an arrogant prick. But Mastodon private messages are still dangerously misleading and are presented in a way almost guaranteed to cause harm to users.
@mattblaze@VE2UWY it took me a while to understand that they weren't private, but after a year of proper activity here I still don't understand who can and can't see them, and I'm sure the word 'private' is getting in the way of this.
It's the label, not the function. You think it's one thing (based, again, on the name) but you actually get something else. That's a problem in my view. But if you understand that and act accordingly, you'll be fine. Problem is ... from the name ... well .. Yeah.
Someone smarter than me once said "almost guaranteed to cause harm to users" ... and that's a problem.
> I'm honestly baffled about the level of hostility I get in response to mentioning this
There's a non-trivial chance you're getting pushback from those who were involved in the design and implementation of "private mentions". It's a shitty kludge by design, but they don't want to hear it, take it as a personal attack, and definitely don't want to burn the cycles to do a real PM system. So, shoot the messenger.
BTW, thanks for pointing out the flaws. I've used it only once, was able to figure out via trial and error that it must be the PM-substitute. But I was unaware of its laughable level of privacy protections.
@mattblaze@VE2UWY personally, it looks to me like the feature is misnamed. There's simply nothing private about "private" messages on Mastodon. They may only be directed toward one person, but they sure ain't private in any meaningful sense of the word.
@sspopovich@mattblaze@VE2UWY Rename it and you'll turn the bug into a feature. Problem solved. Of course, the utility of this feature completely evades me, so I'm at a complete loss as to what the name should be. "Not-Really-Private Mentions" may be honest, but a feature?
I think what might be missing is that you have not really proffered a proposed patch to deal with this direct message delerium.
Free Software people get very annoyed when users show up demanding things after doing exactly zero contribution to the project.
And if you're just showing up to say you don't like something, you're more or less a waste of time, by Free Software reckoning. They are very busy holding up the fucking sky for us all.
@mattblaze yeah, Mastodon "private mentions" semantics suck. They only "make sense" from a mathematical-philosophical purist standpoint, when viewed as the product "naturally" arising from smashing together lower-order primitives. It's more something that just "happens to exist" rather than something purpose-built - and it shows. And unfortunately for everyone, it does not match how humans expect to hold private conversations at all.
There's a confirmation bias epidemic on Mastodon that pros on Twitter don't have time for & Mastodon won't be a Twitter alternative🔴https://rb.gy/1j0qe
@mattblaze No, it's only slightly more transparent, intuitive, and infused with basic common sense than the American healthcare system. Better organization, documentation, and coherent rollout though.
@sgeo When the ARPAnet moved to IPv4, which supports 32 bit addresses (written in the form "1.2.3.4"), all the original ARPANet host were given addresses that started "10.x.x.x". When the ARPAnet moved to the modern commercial internet, the 10.x.x.x addresses had to be changed.
@mattblaze@sgeo More precisely: the original Internet was based on the ARPANET core: everything had to connect in some way to Net 10. When the modern model, of multiple ISPs, developed, the original core became less important and was eventually turned off.
@SteveBellovin@mattblaze@sgeo Somewhere deep in my photo archives I have a photo of myself and Mike St. Johns, then listed owner of net 10, sailing on the Monterey bay.
@SteveBellovin@mattblaze@sgeo And also there was no hierarchical addressing: ARPANET had a two-level structure (hosts and IMPs) and all IMPs had to know how to route to all other IMPs. Luckily there couldn't be more than , 255 of them so routing tables could be really small. (And the embedding of ARPANET and MILnet addresses into IPv4 was weird: net.host.0.imp, so the second octet of four was the least significant, because no IMP would ever have anything like 255 host interfaces.)
@wollman@mattblaze@sgeo Back then, I wasn't looking at network protocols. But many sites had published guest accounts, and I discovered that if I logged into a guest account on a site in the UK I could then connect to MEDLINE in the US for free. Of course, the character echo delay—four hops to a satellite in geosynchronous orbit for the echo—made for an unpleasant typing experience…
@SteveBellovin@mattblaze@sgeo For some, pre-DNS HOSTS.TXT will be the real head-scratcher -- a single file containing the address of every machine on the Internet, down to peoples' desktop machines, maintained centrally and distributed by FTP from a central host, SRI-NIC, which was thus a single point of failure for the entire internet.
(Though some techies will be perplexed at publicly routeable net 10 addresses within HOSTS.TXT -- those addresses are now designated "local use only".)
I just assume everything here is completely out in the open for anyone to see if they really want and the post privacy settings are more guidelines than rules. It's not like using "chmod 760" or 644 on a message, exactly.
@mattblaze Yeah, it's just bizarre. Why take a feature that is well understood and very known to users, and turn it into some warped pretzel of WTF? All I can think is that maybe there's some trademark or patent issues around the notions of private message or direct message.
@artemesia As best as I can tell, the confusing semantics around private messages have their root in a design decision to have shoehorn all message types into a single "published" form, with flags that govern how the receiving instance handles them. It makes sense right up to the point where you think about the privacy semantics of DMs vs public posts.
@mattblaze@artemesia Almost every wart of Mastodon that I've seen can be explained as the thing that's easy to implement and simple given the protocol, rather than what's useful and unsurprising to users.
Lol. I missed HOSTS.TXT by several years ... and am fine with that.
On the "Private Mentions" (as they seem to be called in 4.2.0) ... I think if people just remember that they are not in any way private, they can figure out the rest. 🙂
@20002ist@darryl_ramm@mattblaze I had one summer, circa 1974 or 1975, using the NCP ARPANET, to connect to a Multics system a Rome Air Development Center as part of a research project. The finale of the project was the prof and the student team visiting RADC, where we got to see BUFFs—B-52s—parked by the road.
@20002ist@darryl_ramm@mattblaze The other fun thing about that project was that Fred Brooks added me to it because it was running late near the deadline, so I got to say, "Dr. Brook—are you adding manpower to a late project?” He laughed…
@Blob_Calder@darryl_ramm@mattblaze@SteveBellovin It wasn’t hard. I’d just moved back to the US from Ireland & landed a job at Apollo Computers, where my unit included Ken Arnold and Eric Eldred, among other memorable people. Discovering USENET—and all the interesting and/or deeply weird people using it—was integral to my stint there, which lasted only one year.
@20002ist@Blob_Calder@darryl_ramm@mattblaze Ah, Apollo. I almost got a lot of experience with their systems, but due to details of the Bell Labs hiring process that I did not understand and the whims of my boss three levels up I ended up working on other stuff. Probably just as well—that's when I really got into the nitty gritty of TCP/IP, which has served me in better stead.
@mattblaze I know you're catching crap from the usual suspects but this really is worth pointing out from time to time. It's not broken, it works as designed, but clients calling it "private" has always been reckless and stupid. Users, especially new ones, should be made aware.
@ekes@rory@MichaelBishop No. Other systems do not work this way, and many users to do not expect it to work the way it does here. Mentioning someone in the body of a message causing them to get a copy is unexpected, dangerous behavior.
Twitter, Reddit can read your DMs/PMs, any forum admin can read them. Facebook can read everything and they only recently introduced an E2EE feature, but only for their Chat app. Google anyway. And so on.
What are those major platforms you're referring to?
If you're specifically talking about who receives a message based on the form, that's a subjective design decision one may debate, but I haven't seen a lot of people criticizing that part.
@mattblaze honestly they should just remove the feature until they can give it the attention it deserves. "Mastodon does not have private messages" would be a far situation than what exists now.
@mattblaze Right, “silent ignore / no warning” is a terrible misfeature. A thing I’ve seen recently is people posting their PM acceptance setting in their profile, so that someone attempting to send a PM has a possibility of seeing that it won’t be read. Potentially a small workaround until this can get fixed.
@mattblaze Yeah, as a new user, Mastodon isn't at all what I thought it would be. Let's be honest - they don't want to turn on private messages, a feature of the 1980s internet.
@mattblaze I agree that messages are not private, but I think it's necessary to qualify to whom they're not private. A comparison to Twitter is reasonable. DMs on Twitter will be visible to the entire staff of Twitter - their moderators, staff, and possibly any subpoena-holder in any country Twitter has a presence. Difficult to enumerate!
On Mastodon, that pool is the server owner, the moderators on that server, and subpoena-holders in that country.
Wouldn't removing the @ from @Ralph be enough to stop the cross pollenization? Perhaps we need an, "Are you sure you want to ping ralph" message when the @-mention is embedded in the text. (just a thought)
I don't know, but this seems like a thing where secure private messaging was seen as outside the scope of a public sharing mechanism, and I would argue, and an entire profession of *nix admins would tell you, that that is good systems architecture.
The actual problem is that people are used to capitalized sites and software that treat them like children on an amusement park ride, but bottom line, you're right, nothing here is private and everyone should be 100% clear on that.
@mattblaze I would say that they are kind of like those bathroom privacy locks that you can open from the outside with a coin or hex key. Obscured from casual observation, but doesn’t provide any real security.
I am reminded of Pine posting your private email to Usenet if you forgot to delete the Newsgroups header and Mark Crispin flaming anyone who dared to suggest this wasn't perfect and ideal behavior.
@mattblaze So if you actually want a private message, not something “top secret” but a private chat, start a new post, tag recipient & switch to private?
@mattblaze honestly I kinda like how they work in some ways - but also it is not how I would expect such a system to work at first glance (the mentioning someone just includes them in the message part feels open to so many errors) and it is very very surreal to me that people try and defend it like its expected behaviour, so yeah I try and mention this whole weirdness to people new to the fedi.
@mattblaze Dear god, they renamed it to something even more misleading? Labeling it “private messages” was bad because the messages weren’t necessarily private. But “private mentions” is awful, because mentioning someone is exactly the thing that isn’t private and gets the message leaked to them.
@mattblaze Thank you for the reminder. As more people join from x over these months, one of the things I often see asked is "where are DMs" or something similar.
I had not realised that 'disabling' direct mentions from people you don't follow did not prevent the other party sending them. Thanks.
@mattblaze this reminds me of a conversation i had about FRS/GMRS 2-way radios with a friend that just got theirs. They have "privacy codes" but what they really do is filter out, on your radio only, someone talking that does not include the code. Anyone can still hear you talking if they have no privacy codes set.
If you want secure/private conversations. use Matrix, Signal or some other End-To-End encrypted communications app.
@mattblaze A safe and secure messenger is a whole project which needs full-time attention. The Mastodon devs can barely keep up with the social media features
The naming and massive footguns need to be fixed, but there’s no chance we’re going to get Instant Messaging product out of Mastodon that everyone is happy with, so they shouldn’t waste time on it
It just needs the minimum possible to exchange contact details and they need to make sure nobody has higher expectations
@mattblaze Not to defend (Masto PM sucks) but I wouldn't use social media to send private either way. The absolute best way to communicate privately is via the Matrix protocol.
@mattblaze sometimes features just need to be force choked out of existence. It’s a hard lesson for software engineers but an important one. There are others in the private messaging space. Let them handle it.
Add comment