ok look the "DMs are not secure" stuff is missing the point of DMs -- yes, they arent secure, but they are ~private to not-admins
@nire LIKE TWITTER
@boots right, but also twitter has less admins who are going to be specifically going through your tweets, so its kind of a moot point
@boots i really hate the 'its just like twitter' thing because volume of relevant things is much higher there than here -- reading your DMs as a twitter admin would be pretty tiring and hard to do on a visual scan
@nire hm
i didnt think about much of that
@boots basically twitter being able to read your DMs doesnt really matter because theres no possible personal interest in twitter reading your DMs, but everyone acts as if there is so says the threat pattern is the same
@boots and like i dont mean to scare anyone but at the very least some sort of way so they only work on masto would be cool
@boots bc right now on things that arent masto they just show up as regular messages
@nire i dont think there's an api to identify an instance as mastodon sadly
@boots there is tho, everyone just says there isnt. theres a version number thing somewhere
@InspectorCaracal @boots i mean the other thing is just to have some sort of indicator at the very least its a DM, even just doing the twitter route and putting DM at the beginning and stripping the rest
@boots @InspectorCaracal s o that if someone DMs you and you arent on masto, you at least know they DM'd you
@boots but you can also do it via encoding, etc, even if its not *strong* encoding, so at the very least the other software would have to implement decoders, and, by extension since its just as 'hard', actual DMs
@boots but here if you really wanted to it wouldnt be that hard, especially if you made a domain hacking one to impersonate people