Masto meta; urgent
The Direct Messages on Masto are broken in a way that is potentially dangerous
It has happened more than once that someone has tried to contact me in my admin persona about another user using a "Direct" privacy toot
And they try to talk *about* the other person
But Masto helpfully auto-fills their name, so now they're *in* the conversation
And suddenly someone who absolutely should NOT be in a private conversation is added by accident
Masto meta; urgent
So far, in the cases where I've been involved it's been somewhere between "embarrassing" and "very unfortunate"
But it is not hard to imagine a situation where a call for help from someone who is dealing with an abusive user could suddenly and unexpectedly turn into a very, unnecessarily BAD situation
This happens often enough, and the feature that's involved is sensitive enough that this needs to be addressed, and SOON
Masto meta; urgent
For clarity, the problem isn't the auto-filling
It's that many people think they're only *mentioning* another user to the recipient of a Direct Message, when in fact they are *including* another user as a recipient of that message
Enough users don't expect this, and it is a sensitive enough feature that it is a bug, and a serious one