Matt BlazeMay 4, 2023

Spam (like the torrent of cryptoscamspam lots of people got this morning) has been very rare for me here (and dealt with quickly), but I've noticed that almost all of the spam I've gotten has been via Mastodon's DM feature.

I really wish there was a way to turn DMs off or at least restrict them to people I follow. Control over incoming DMs was a thing Twitter did better than here.

Show threadMatt BlazeMay 4, 2023
Please stop telling me about the "block DMs from people you don't follow" checkbox. I know about that. It doesn't work properly. It results in people THINKING they've sent you a message that you never actually see.
Show threadMatt BlazeMay 4, 2023
Because this is Mastodon, I'm now getting people lecturing me on why this obviously broken behavior is "correct".
Show threadMatt BlazeMay 4, 2023

Another way DMs are hopelessly broken: if your handle is mentioned anywhere in a DM, you get a copy.

Yes, I understand why (technically) it might work that way. That doesn't mean it's not broken.

DMs here are a dumpster fire of buggy behavior and non-intuitive semantics.

Show threadMatt BlazeMay 4, 2023
Yeah, I should "just go back to Twitter if I hate so much here". Eyeroll.
Show threadMatt BlazeMay 4, 2023
Just to be clear, in case it isn't obvious: If I say "I don't want this feature to work this way", I don't mean YOU shouldn't want it. But please don't tell me that because you like it, I should too.
Show threadMatt BlazeMay 4, 2023
DM behavior is a big deal, because people, for better or worse, often use DMs for both private things (that should stay confidential) and important things (that they expect to be seen by the recipient). The way Mastodon mishandles and obfuscates the semantics of both is a big source of potential harm to users.
Show threadMatt BlazeMay 5, 2023

Broadly, one of the reasons Mastodon DMs are such a mess, I think, is that mixing a private messaging function with a broadcast medium tends to end badly. My students and I explored this mismatch a bit a while back.

https://www.mattblaze.org/papers/spw2011-mab.pdf

TedMay 9, 2023
Show threadMatt Blaze
Mastodon, like email and encrypted two-way radio, is based (approximately) on a "throw the message out there and hope for the best" delivery model. But the reliable protocols we use for secure and one-on-one communication are based on multi-round-trip handshakes and negotiation before and during message exchanges. Shoehorning DMs into the same mechanism to broadcast out toots is an inherent impedance mismatch.
May 5, 2023 at 1:36amWeb
Show threadMatt BlazeMay 5, 2023
Anyway, security is hard. Reliable messaging is hard. Usability is hard. All three at once is really, really, really extra hard.
Show threadmiketcopeMay 5, 2023
@mattblaze serious question. Do you think it would be a better product decision not to have DMs at all if they can’t be done well? I think that’s where I’m at, but I don’t really value DMs that much as a feature so I’d probably feel differently if I did.
Show threadMatt BlazeMay 5, 2023
@copito I think it's pretty hopeless without a substantial redesign.
Show threadOliverUvMay 7, 2023

@copito @mattblaze I feel there should be some way for people who meet on here to be able to swap contact info for actually secure/reliable comms, but the problem is that doing that is the same problem as having reliable/secure comms.

The mentioned users only feature seems an ok solution for letting me tell someone my signal/etc without blasting it out for every scraper to see, but it isn't secure

Show threadAndrew AylettMay 5, 2023

Everything is also extra hard because we have to start where we are, rather than being able to build something new that works “correctly” (whatever we might decide is correct).

Concretely, I’m fairly sure that it’s easier to start with an e2ee system and add more public features than to start with a public system and try to lock it down. UX aside there’s little difference between a Matrix room with only one person authorised to post to it, and that person’s activitypub feed. Adapting a client to preset the “right” UX would be relatively easy.

Pretty much anything is easy relative to getting everyone to adopt a new social medium though.

Show threadAtzMay 5, 2023
@mattblaze
Key management is a bitch...
Show threadgudenauMay 5, 2023
@mattblaze I understand your points here, I'll admit that it took a moment for me to understand how all of this stuff works. Over the years the DM system has changed a bit too, hopefully one day DMs will be setup in a more collaborative system with better security.
Show threadRob ShearerMay 7, 2023
@mattblaze The fact that the first three statements are true doesn’t justify using the last to let Mastodon off the hook (which may be an unintentional implication, but it’s there). Secure, reliable, understandable messaging is a (vvv hard) *solved* problem. You wouldn’t end the revelation that some service was using rot13 instead of modern cryptography by saying “encryption is an incredibly difficult problem!!!”
Show threadMatt BlazeMay 7, 2023
@rvcx I obviously wasn’t clear if you conclude that I’m letting Mastodon off the hook”. My apologies.
Show threadMark MadsenMay 5, 2023
@mattblaze the way I explain it is - writing an email is like sending a postcard (anyone handling the postcard can read it) but a Mastodon DM is more like putting a message on a lawn sign or a billboard (anyone walking by can read it.)
Show threadI-baLLMay 5, 2023
@idyll @mattblaze mastodon DMs are exactly like postcards too though. I don't understand how they would be like billboards because people walking by can't read it. You can only see if it you've admin rights to the instance or if your mastodon address is added via an @ mention
Show threadRaphael Mimoun רפאל מימוןMay 5, 2023
@mattblaze end-to-end encrypted DMs are on the roadmap so the decoupling is on its way
Show thread🍌 Tim MahoneyMay 5, 2023

@mattblaze

Sometimes it’s really tempting to try to shoehorn one technology into doing something else. If it almost fits, then forcing it to work is fun and satisfying.

Sometimes it’s not the right thing to do.

Show threadAdam DavisMay 5, 2023
@_tim______ @mattblaze
I agree. Software developers are taught to abstract away differences so they can write less code. The less code you have, the easier it is to modify in the future. Of course, if you use this technique when it's not appropriate then you end up "shoehorning" new features into processes that don't really fit.
Show threadJoshkaMay 5, 2023
@mattblaze the real answer seems like it is to not implement DMs in the mastodon protocol, and instead federate to other prebuilt protocols (signal, WhatsApp, telegram etc.) spend the engineering time working on secure discovery protocols rather than building yet another messaging system.
Show threadAlan JenkinsMay 5, 2023

@mattblaze
a model which has problems in general for a federated forum, I think!

There's a notable suggestion to add a handshake for replies. It doesn't address letting federated users see in advance that their reply will be blocked, but it could let you see your reply has been denied or is waiting approval.
https://queer.af/@erincandescent/110271938380622364

Erin 💽 (@[email protected])

New blog post: **[Right of Reply](https://blog.erinshepherd.net/2023/04/right-of-reply/)**, or: *who should be able to reply to your posts on a social network, and how do we technically enforce that?*

queer.af
Show threadmaswanMay 7, 2023
@mattblaze
I've tried hard to argue to just bundle an xmpp server with mastodon and use that for DMs through the same UI. Given the size of the software stack, it wouldn't make a dent in how hard it is to run.
Show threadSchwernMay 7, 2023

@mattblaze And yet, what's the alternative? How would you privately contact people you only know on Mastodon?

"You don't" is not an answer. Mastodon exists to be used, elegance is optional.