Matt BlazeMay 4, 2023

Spam (like the torrent of cryptoscamspam lots of people got this morning) has been very rare for me here (and dealt with quickly), but I've noticed that almost all of the spam I've gotten has been via Mastodon's DM feature.

I really wish there was a way to turn DMs off or at least restrict them to people I follow. Control over incoming DMs was a thing Twitter did better than here.

Show threadMatt BlazeMay 4, 2023
Please stop telling me about the "block DMs from people you don't follow" checkbox. I know about that. It doesn't work properly. It results in people THINKING they've sent you a message that you never actually see.
Show threadMatt BlazeMay 4, 2023
Because this is Mastodon, I'm now getting people lecturing me on why this obviously broken behavior is "correct".
Show threadMatt BlazeMay 4, 2023

Another way DMs are hopelessly broken: if your handle is mentioned anywhere in a DM, you get a copy.

Yes, I understand why (technically) it might work that way. That doesn't mean it's not broken.

DMs here are a dumpster fire of buggy behavior and non-intuitive semantics.

Show threadMatt BlazeMay 4, 2023
Yeah, I should "just go back to Twitter if I hate so much here". Eyeroll.
Show threadMatt BlazeMay 4, 2023
Just to be clear, in case it isn't obvious: If I say "I don't want this feature to work this way", I don't mean YOU shouldn't want it. But please don't tell me that because you like it, I should too.
Show threadMatt BlazeMay 4, 2023
DM behavior is a big deal, because people, for better or worse, often use DMs for both private things (that should stay confidential) and important things (that they expect to be seen by the recipient). The way Mastodon mishandles and obfuscates the semantics of both is a big source of potential harm to users.
Show threadMatt BlazeMay 5, 2023

Broadly, one of the reasons Mastodon DMs are such a mess, I think, is that mixing a private messaging function with a broadcast medium tends to end badly. My students and I explored this mismatch a bit a while back.

https://www.mattblaze.org/papers/spw2011-mab.pdf

Show threadMatt BlazeMay 5, 2023
Mastodon, like email and encrypted two-way radio, is based (approximately) on a "throw the message out there and hope for the best" delivery model. But the reliable protocols we use for secure and one-on-one communication are based on multi-round-trip handshakes and negotiation before and during message exchanges. Shoehorning DMs into the same mechanism to broadcast out toots is an inherent impedance mismatch.
Show threadMatt BlazeMay 5, 2023
Anyway, security is hard. Reliable messaging is hard. Usability is hard. All three at once is really, really, really extra hard.
Show threadAndrew Aylett

Everything is also extra hard because we have to start where we are, rather than being able to build something new that works “correctly” (whatever we might decide is correct).

Concretely, I’m fairly sure that it’s easier to start with an e2ee system and add more public features than to start with a public system and try to lock it down. UX aside there’s little difference between a Matrix room with only one person authorised to post to it, and that person’s activitypub feed. Adapting a client to preset the “right” UX would be relatively easy.

Pretty much anything is easy relative to getting everyone to adopt a new social medium though.

May 5, 2023 at 2:43pmWeb