@mattblaze agreed. I don’t understand why this pseudo-DM feature was even implemented in the first place. It poses serious safety and security concerns, which means if you don’t do it right, you shouldn’t do it at all. Love the mastodon devs but this isn’t okay!

@benjamincodes @mattblaze There is no "Direct Message" feature in Mastodon. You have the option to post something with the privacy level set to "Only mentioned people". That seems pretty straight forward. You mention people, they can see the toot. It doesn't claim to be a secure, end-to-end encrypted messaging system. In fact, Mastodon specifically warns you of this when you change the privacy setting to "Only mentioned people". The feature is just for when you want to limit who you're interacting with when posting, perhaps to continue a conversation without public visibility.

@jimvernon I don't know what UI you are using, but on the WebUI there is definitely an option to send a "Direct Message", see this screenshot. If no other social media ever existed, "Direct Message" would maybe not mean "Private Message", but today for most people the words "Direct Message" imply some additional privacy, at least that a random admin would not read them.