Scott JensonFeb 19

#mastondon Friends!

There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)

But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)

If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.

Show threadmrayFeb 19

@scottjenson Don't really need encryption just for the DM edge-case. I only need to know where/for who exactly my message will pop up automatically, though.

Suggesting "encryption" exists in mastodon, how can one make sure it is interoperable with ActivityPub AND nobody gets it wrong and falsely assumes encryption is omnipresent, when it is absolutely not.

Show threadScott JensonFeb 19
@mray Encryption is being explored by a FEP
Show threadmrayFeb 19

@scottjenson Interesting, seeing how other protocols got burned by adding encryption as an afterthought (XMPP, MAIL) I think we are still very very far away from having something comprehensive, reliable and usable. Unless that's a reality I'd shy away from promoting it unnecessarily loud. 🤷‍♂️

Encryption rocks though. I hope that FEP has lots of traction.

Show threadScott JensonFeb 19
@mray But now you know why I'm asking. There is lots of energy around encryption but it's a very tricky thing to be done right. My point was simply that we start with some simple UX improvements and not wait for the encryption (given we already have private messages)
Show threadmray

@scottjenson I'm pessimistic up to the point where you have to have to assume it will fail completely. Just as XMPP and MAIL failed.

The only encryption implementation with success were the approaches where the UX can be controlled centrally.

For MAIL there is #autocrypt now, it is astonishing how good it is – but email is still not encypted today.

XMPP/Jabber has OMEMO, but stillt struggles with client adoption and it isn't omnipresent.

Where it worked: #DeltaChat and #Signal both using a central library that can make sure encryption reliably lands at peoples fingertips.

Feb 19 at 11:15pmWeb
Show threadScott JensonFeb 19
@mray I so appreciate your concerns. It's actually why (personally, I'll add) I'm concerned why encryption may take a while (the Mastodon team is very thorough and would not release a rushed version of this) This is why my original post really had nothing to do with "should we add encryption" but was rather "while we're waiting can we at least make some improvements?"
Show threadmrayFeb 19

@scottjenson I don't see much wiggle-room for improvement if it is not clear how it works under the hood.

Ideally encryption feels almost imperceptible, and needs a mere indication on the side, but I guess the UX work won't be to GET THERE – but is to make the emerging pain points more bearable. 😂

I think the UX you would want to improve is connected more with the FEP itself than any UI concerns. Depending on what they come up with you'll be free to do what you want – or deal with strange constraints. (Key handling seems to be the arch enemy of UX in encryption if you ask me :P)

Show threadScott JensonFeb 20

@mray Well first of all we have a shipping product (warts and all) and improving it is important to do even outside of encryption (I mean I hear your point but I'm saying we'll improve the UX independently as, honestly, it's got lots of issues that need fixing.)

But I agree with you empathically that proper key management is a horribly difficult thing to get right and almost always makes the UX very challenging to "be seemless"