Laura Deeds - CS prof ++
Eugen RochkoPoll following recent discussions about DM privacy on Mastodon: Should the Mastodon webapp compose screen warn that DMs are stored on the server (accessible by admins)? https://www.strawpoll.me/15387726
Sonata Green@Gargron The warning message could include a phrase like "Like most social media platforms [including <list of examples>]..." to reduce the scaring-off effect.
Ankə 🌱@Gargron If there's actually a not-vanishingly-tiny percentage of people surprised by that, it should be pointed out, I guess.
qwertystop@Gargron Yes, but make sure it's clear that everything else does that too and there's no way around it.
Cai@Gargron Just a text link to "what privacy means with masto" page and describe intricate and usually uninteresting details there?
Hikerus
Juanjo Salvador@Gargron is possible to encrypt them?
@Gargron that scares me a lot
but why not? with a warning message should be OK
DavidTo do that you'd need a private key that is local to your client (i.e. not stored on your local instance) and you would have to authorize new devices you want to post from in a fashion that they get this key without the server handling it. It also prevents you from recovering your account if you lose the key.
Services such as Signal and Keybase do this, and as such are better suited for truely private communication.
Frankie Saxx@Gargron
I don't see why not. Plus is it educates ppl who maybe never thought about it and it's such a small thing to do tjat encourages people to think about who has access to the things they post. I guess minus it might be interface clutter? Maybe "Yes, with a 'don't show this again' option"
I don't see why not. Plus is it educates ppl who maybe never thought about it and it's such a small thing to do tjat encourages people to think about who has access to the things they post. I guess minus it might be interface clutter? Maybe "Yes, with a 'don't show this again' option"
@Gargron
My official answer is idc :)
My official answer is idc :)
You Deserve Love@Gargron I don't know if that's necessary on the compose screen. I definitely think it should be transparent though, maybe in an FAQ or readily-availible post on privacy?
æon 
Barbara@Gargron Hi Eugen, although it is common use by all the same sort of platforms. A one time 'cookie notice' that informs new users, or an addition in the TOS will put the users above the party (in this case Mastodon) and give open information about the flaws that other platforms have and not tell their users. As Mastodon is different this will make a big statement and I believe positive effect to people that want to know all. (no hidden benefits for mastondon). Greetings from Holland, Barbara
Dex 🔞 - 
@Gargron Yes, especially if they're cross-instance. With anyone being able to set up an instance - I trust my admin, but can I trust the admin of honeypot.example isn't reading all the DMs sent to that instance?
Dave@Gargron there's also a difference between it being technically possible at faceless megacorp and some guy whose server you're on being able to read them.
Andrew (Television Executive)@Gargron if you do this, mention that this is just like every other social network, so people don’t start FUDing it up.
Faveing@Gargron
I would say yes but people that are using a DM system on any service shoukd assume that it all gets stored on the server
I would say yes but people that are using a DM system on any service shoukd assume that it all gets stored on the server
Satsuma [moved]
derpayatz@Gargron very useful to know, will use a different platform for sensitive communications
byron@Gargron I'd word it as "Remember: these messages are stored on this server..." etc.
Or maybe "Note on privacy:..."
As other people are saying, it shouldn't be signaled as a nefarious practice but as a privacy level to be aware of.
@Gargron Think of it as a "privacy usability feature" similar to onboarding, to help remind people every time they send a message in case it might change their mind that particular time.
Adrian Cochrane@Gargron If possible, I would suggest linking to a list of native apps that do encrypt your messages. But doing it in the browser is pure security theatre.
𝓭𝓸𝓻𝓶𝓪𝓷𝓽 𝓻𝓻𝓪 📡 🛰️@Gargron thanks for seeking feedback! this is what makes this is a strong platform
Gadfly (-booq-)@Gargron Not on the compose, but have a "these are the people who you are trusting" (optional?) section of the Onboarding or something.
🍄@Gargron voted yes; agree with others that it should be unobtrusive and possibly dismissible. disagree with that it should say 'other sites do this too' - when websites do that when they ask for cookies, it feels very forced or showy to me. it would be nice if someone had no idea other sites did it, but to me it seems very smug, like 'oh here's a reminder how much everyone else sucks', which makes it seem more about gloating than being informative!
@Gargron 2nding the chorus of ‘yes but in a way that makes this clear that it’s standard across platforms’
Also what would be the technical feasibility of adding a ‘who are my admins?’ button to said alert? A surprising number of new users don’t seem to know
deutrino@Gargron
I agree that it should be a brief reminder that doesn't take a ton of screen real estate and maybe is permanently dismissable with a little icon:
ℹ️ ᴰⁱʳᵉᶜᵗ ᵐᵉˢˢᵃᵍᵉˢ ᵐᵃʸ ᵇᵉ ʳᵉᵃᵈᵃᵇˡᵉ ᵇʸ ⁱⁿˢᵗᵃⁿᶜᵉ ᵃᵈᵐⁱⁿⁱˢᵗʳᵃᵗᵒʳˢ [ᵐᵒʳᵉ ⁱⁿᶠᵒ] [ˣ]
A more thorough explanation can be found at the "more info" link.
I'd be careful about wording. "may be readable" is a bit of a soft sell but I chose that on purpose, other wordings I thought of make it sound like common practice.
alys@Gargron i voted no because i'm afraid too many privacy-related warnings will cause alert fatigue. we should warn them of this privacy issue when they pick an instance instead
toby@Gargron the lowered barrier to entry cuts both ways, a regulated company that wants to remain a thing™ is still beholden to bad press and the law, whereas private individuals spinning up masto are less capable to both spot and punish bad actors and also protect against external threats.
That's not a criticism of Masto putting this stuff in the hands of everyone, but I find the like for like comparison a bit off. Federation does change the risk profile for the average user.
Algot@Gargron
So long as it does not cause a major code rework on short notice for you.
So long as it does not cause a major code rework on short notice for you.
Kholid R@Gargron also give recommendation to use secure communications service outside mastodon platform.
BrainBlasted (old)@Gargron BTW, this is something critical to add to the new privacy policy
@brainblasted I think I did write that
@Gargron I'd argue that a 'better' solution in the long term would be more general education about where your data ends up and who can see what.
For example:
Your local instance operator see your:
DMs
Follower list
Following list
They don't see your:
Password
Remote instance operators see your:
DMs to people on that instance
Etc.
International@Gargron if a disclaimer is written, it should almost certainly link to more in depth information and secure alternatives.
KSquared@Gargron imo, it's more of an argument for people to spin their own. If it's that much of a concern, domains are pretty cheap. (Maybe the mastodon of the future is essentially p2p)
Walter van Holst@Gargron Feature request: polls in Mastodon.
@Gargron I am worried that this feels too much like a "disclaimer".
Maybe it would be good to have a primer of "this is what happens to your data if you do X" as a means of educating people.
Any opinions?
Waweic@Gargron
Having a certain level of both privacy and transparency is what makes mastodon different from other social networks. Maybe a "Learn more" link could show an easy understandable explanation
Having a certain level of both privacy and transparency is what makes mastodon different from other social networks. Maybe a "Learn more" link could show an easy understandable explanation
froppz@Gargron If the concern is that they'll go back to other platforms, just make sure to mention that other platforms do this too.
noueP ʇueɹnɐl
Steph [MOVED]@Gargron the key difference is that mastodon instances are run by people, and people tend to have far less failsafes and far more motivation to actually look at DMs. An admin can make a bad decision easilly in a hot situation, a company likely would have to do a lot of real paperwork to bypass their own security restrictions on the DM database.
I tend to actually trust companies more than single-person ops with privacy (unless encrypted) because people tend to have stronger motives to actually look.
I tend to actually trust companies more than single-person ops with privacy (unless encrypted) because people tend to have stronger motives to actually look.