Follow

Masto meta; urgent 

The Direct Messages on Masto are broken in a way that is potentially dangerous

It has happened more than once that someone has tried to contact me in my admin persona about another user using a "Direct" privacy toot

And they try to talk *about* the other person

But Masto helpfully auto-fills their name, so now they're *in* the conversation

And suddenly someone who absolutely should NOT be in a private conversation is added by accident

ยท ยท Web ยท 8 ยท 74 ยท 40

Masto meta; urgent 

So far, in the cases where I've been involved it's been somewhere between "embarrassing" and "very unfortunate"

But it is not hard to imagine a situation where a call for help from someone who is dealing with an abusive user could suddenly and unexpectedly turn into a very, unnecessarily BAD situation

This happens often enough, and the feature that's involved is sensitive enough that this needs to be addressed, and SOON

@Gargron

Show thread

Masto meta; urgent 

For clarity, the problem isn't the auto-filling

It's that many people think they're only *mentioning* another user to the recipient of a Direct Message, when in fact they are *including* another user as a recipient of that message

Enough users don't expect this, and it is a sensitive enough feature that it is a bug, and a serious one

Show thread

Masto meta; urgent 

@trwnh It's not what new users expect.

Not all of them, but enough of them that this is a recurring problem on a small instance

And it's sensitive enough that it could put someone in danger

re: Masto meta; urgent 

@bgcarlisle is this an instance bug or is this fediverse wide? either way, boosted and liked for visiility

@bgcarlisle that's just how it works though? DM is just a regular conversation, limited to people you mention and you. It's like being surprised someone you CC in your email gets a copy

@MightyPork @bgcarlisle yeah, but it's not the standard ux for convos because dms sort of pretend to be 1-to-1 but they're not

@MightyPork @bgcarlisle on twitter mentioning @foo in a dm with @catlord will not mention @foo. our UX developed from DMs being a weird hack and is highly orthogonal to that of other platforms

@MightyPork @bgcarlisle i think we should add a warning when mentioning a new user in an existing DM thread, something like "you are mentioning @user@domain. this will make this message visible to them. do you wish to proceed?"

@er1n @bgcarlisle I really dislike all the warning boxes that already are there, but yeah... If it helps inexperienced users, it should be there. So long as it can be dismissed

Masto meta; urgent 

@bgcarlisle So? Don't use the @ then or do a space. That's not a bug. As well as forgetting to set a message to direct instead of public.

Masto meta; urgent 

@alsternerd @bgcarlisle User interfaces that lay traps for users are broken and need to be fixed.

It doesn't matter whether it's working "as intended", if the intent itself was flawed.

This isn't hard to fix, the hard part will be convincing the devs that their current design has bad enough side-effects that it should be reconsidered.

Masto meta; urgent 

@HerraBRE @bgcarlisle But what do you do IF you want to have that other person mentioned by intention?
How do you want to do that? adding a +@username@inst.ance ? Then it's easier to just let the @ go. Maybe the problem is only a client one.
Which is the UI you mean here, there are very different ones, the default web one, pinafore, some others as well as all the mobile clients. they all work different.

Masto meta; urgent 

@alsternerd @bgcarlisle Uhm. I refer you to your nearest e-mail client for a tried and tested design pattern that solves this.

This ain't rocket science.

Masto meta; urgent 

@HerraBRE @bgcarlisle Yeah, you get that you have separated fields in an email client and do not write your emails starting with "Hello @user@example.com, message".
Twitter, didn't have this too and this is by intention, maybe you want to use a different network like friendica then?

Masto meta; urgent 

@HerraBRE @bgcarlisle Following this, we can go back to have extra fields for adding tags, too. (I got no problem with that, but that whould change how these social networks work a lot and people don't use tab a lot to change input fields.)

Masto meta; urgent 

@alsternerd @bgcarlisle Telling people to just go use something else in response to a legit concern about UI design is very, very obnoxious.

Muting you now, have a nice day!

Masto meta; urgent 

@HerraBRE @bgcarlisle As I said you can CHANGE the UI you use, just use a different one.

Masto meta; urgent 

@alsternerd @HerraBRE @bgcarlisle one could simply not allow more than one @ user when set to direct message.

Masto meta; urgent 

@HerraBRE @bgcarlisle So the easiest fix is to just not use @ for adding. If the UI tries to make a username out of every word, yes that should be changed.

Masto meta; urgent 

@alsternerd The fact that there's a workaround that a user can eventually figure out doesn't mean it's not a very serious bugโ€”if this is something that new users *think* they're doing correctly and they don't get it right *the first time*, it's potentially dangerous

Masto meta; urgent 

@bgcarlisle
Again, wishing for true DMs (including group DMs) with integrated xmpp instead of this "restricted distribution" posts.

Masto meta; urgent 

@bgcarlisle Well, to be fair, since this was repeated over and over: Mastodon is not and will never be a communication tool. It is a publication platform, where content is mostly meant to be public.

For secure and private communication, proper tools exist that offer fine grain recipient filtering, e2ee, etc. for instance: email, Matrix, XMPP.

Masto meta; urgent 

@SallyStrange Didn't mean to be, which part did sound offensive?

Masto meta; urgent 

@kaiyou the part where you were like "I see that you're describing what you think is a problem but here's why it shouldn't be a problem" rather than just acknowledging that it is, in fact, a problem

Masto meta; urgent 

@SallyStrange Sorry it did sound that way then. I acknowledge it is a problem, and can become pretty hurtful, only it is mostly a problem of software advertising features it is not meant to support in the first place. I do not think the private message ux itself is problematic, more that any feature in mastodon (substitute most of current fediverse software) is branded as "private" or "direct" messaging at all.

Masto meta; urgent 

@kaiyou @bgcarlisle Security and transparency should be part and parcel of EVERY platform. Behavior like this which is unintended and unexpected is hostile to the people most vulnerable to damage by the platform via cyberbullying, abuse, and doxxing.

Masto meta; urgent 

@sandrockcstm @bgcarlisle Indeed. I would advocate for more transparency about the actual feature, like clearly branding it "mentioned users" instead of private or direct message, then stop using icons that suggest security or privacy like closed envelopes or locks. Haven't got much traction so far though.

Masto meta; urgent 

@bgcarlisle oh thaaaaat isnโ€™t good.

Masto meta; urgent 

@bgcarlisle I wonder if itโ€™s just the web client? mast app doesnโ€™t seem to do this unless you @ first.

Sign in to participate in the conversation
Scholar Social

Scholar Social is a microblogging platform for researchers, grad students, librarians, archivists, undergrads, academically inclined high schoolers, educators of all levels, journal editors, research assistants, professors, administratorsโ€”anyone involved in academia who is willing to engage with others respectfully.