ok look the "DMs are not secure" stuff is missing the point of DMs -- yes, they arent secure, but they are ~private to not-admins
'im not really ok with the entirety of ppl following/federated seeing this' is different from 'i need my messages secure forever'
and telling people 'just use signal/etc' for things they want people not to see but dont really care about it being secure is kind of shitty and missing the point
like the problem is not that DMs arent secure, the problem is that, and idk if this has changed recently, but if you DM someone not on a masto instance, it just shows up as a normal post to them, which they can boost/etc unknowingly. and yeah theres a warning, but like
idk DMs are a mess and a big part of it is just that misunderstanding btwn privacy and security being different user expectations i guess
it took forever to get people to impliment DMs in general in the first place because of this
@nire I would rather lean on the side what's safest for folks discussing something truly private elsewhere & not in DM. Users don't know all the admins on Mastodon. Users don't know that GNUSocial doesn't honor our private/DM toots. This is NOT like 1-server birbsite. When new ppl @ someone they may think it's all the same. That's my point; be SAFE & that's what u could help communicate in THE thread as opposed to it's "shitty."
@wxcafe
@boots
@nire these are good points. that said, there are times when you want private conversation to be secure, and it's important to know that dms aren't that -some people WOULD assume.
@Maenad sure but they arent secure in any of the things that dont already bill themselves as secure
@Maenad like -- yes, dont share things that would be incriminating/blackmail worthy if you dont want it to happen, but the threat model is basically 'a rogue admin has someone you want to talk to or impersonates something you want to talk to' and at that point they actually have to want to read your DMs
@Maenad but if you need secure stuff, as always, use secure things, though telegram basically cant be trusted and people keep recommending it so i honestly dont see the point for that one, but i digress, the problem is that the middle ground is 'i dont really want eavesdroppers but username exchange (or worse, phone number for signal) is not worth it (or its own threat)
@Maenad and honestly on the whole, when it comes right down to it people using their actual phone number for signal and exchanging it in a DM is the most catastrophic scenario if a focused person actually wanted to do something
@nire LIKE TWITTER
@boots right, but also twitter has less admins who are going to be specifically going through your tweets, so its kind of a moot point
@boots i really hate the 'its just like twitter' thing because volume of relevant things is much higher there than here -- reading your DMs as a twitter admin would be pretty tiring and hard to do on a visual scan
@boots but here if you really wanted to it wouldnt be that hard, especially if you made a domain hacking one to impersonate people
@nire hm
i didnt think about much of that
@boots basically twitter being able to read your DMs doesnt really matter because theres no possible personal interest in twitter reading your DMs, but everyone acts as if there is so says the threat pattern is the same
@boots and like i dont mean to scare anyone but at the very least some sort of way so they only work on masto would be cool
@boots bc right now on things that arent masto they just show up as regular messages
@nire i dont think there's an api to identify an instance as mastodon sadly
@boots there is tho, everyone just says there isnt. theres a version number thing somewhere
@InspectorCaracal @boots i mean the other thing is just to have some sort of indicator at the very least its a DM, even just doing the twitter route and putting DM at the beginning and stripping the rest
@boots @InspectorCaracal s o that if someone DMs you and you arent on masto, you at least know they DM'd you
@boots but you can also do it via encoding, etc, even if its not *strong* encoding, so at the very least the other software would have to implement decoders, and, by extension since its just as 'hard', actual DMs
like, privacy-from-observers and security are different things and i hate that people keep thinking people mean one when they def mean the other