I’ll put this in it’s own topic, because I believe that it is an important discussion and that there is room for improvement without ignoring any of the arguments brought forward against DMs (direct messages). The original discussion started inside another thread.
I believe that direct messages serve an important social function: People do not have to carry every argument or misunderstanding into public, but can ask questions and have exchanges before reacting in public.
And if we condemn the unencrypted direct message I’d say we need an alternative - not only for social.librem.one where we possibly can find the matrix account to contact people, but for all users of the fediverse.
Sometimes when I read some toot I get the strong feeling that the meaning it has to me must be embarrassing to the person who sent it. At the same time I have the feeling that the person might not have wanted me and others to understand it in that sense.
Why bother discuss something like this in public where the probability of building a conflict where none is necessary is so much higher than in private? It is a lot harder to stand back from a bad formulated opinion in public than finding out in private whether it could be rephrased or complemented by some missing pieces.
I believe that such a function and the awareness of users when and how to use it serves to make the fediverse a better place.
I also think that it is not acceptable to throw away the communication a user receives. The sender didn’t know and couldn’t guess that the receiver is not able to receive her/his direct message and this might lead to misunderstandings. Please correct me if there is an error message in response to sending a DM to a librem.one mastodon user.
Furthermore we’re always talking about freedom and this includes the freedom of choice. I’d like to be able to choose whether I want to receive DMs while still accepting that I can’t send any (because I support the argument against unencrypted DMs).
Throwing away data that had been send for me without giving me a choice to accept it cuts down my freedom.
I already made some suggestions to improve the situation:
Every mastodon user on social.librem.one registered using an email address that could be used to forward the messages (opt-in by the user). DMs could be deleted immediately on the mastodon instance.
work on protocol extensions to make DMs encrypted and better controllable by users (opt-in/out, custom reject messages, etc. pp.)
at least allow the social.librem.one users to set an automatic answer to any DM received and thrown away
The ultimate solution to your problem would be for mastodon to support true e2e encrypted DMs. That way it doesn’t put the mastodon operator in the position of being able to read, store, and possibly hand over DMs to law enforcement.
We made quite a few design decisions with Librem Social that differ from other Mastodon servers (how we handle timelines for instance) but we did them all for a reason and publicized and explained our reasoning. This is one of the big benefits of using a decentralized, federated service–a user isn’t locked in to us, they are free to choose whichever Mastodon server has the features, moderation, and other policies they prefer. We aren’t removing choice, instead we are adding an additional choice to the fediverse on top of all of the existing ones, for people who agree with our approach.
We didn’t want Librem Social users to have a false sense of privacy, we didn’t want to be put in the position of storing private-but-not-really messages, we offer an alternative for messaging that is secure with Matrix, and users who rely on unencrypted DMs can choose to set up a mastodon account on a different service that allows it.
Your point about possibly setting up an auto-respond so people know that DMs are disabled on our platform is a valid one, and it’s a shame that Mastodon doesn’t already have something like that in place.
But doesn’t librem.one allow its email users to send and receive unencrypted emails? Do they not need to be stored? Yes, theoretically it is simple to encrypt email e2e and would be quiet complicated to do so in a mastodon direct message. But that is the only difference I can see here. (Upadate: Just found this on the librem.one page: “Safe. We delete unencrypted mail after 30 days.”).
Furthermore I have to emphasize again that I like the thoughts behind the changes purism did to its mastodon instance. That’s why I’d like to discuss this aspect instead of just moving away. I’d like to see these ideas even better .
I would go this far that even with e2e encrypted DMs it would be nice to have an opt-in for DM and an auto-reply with custom text if the user doesn’t want them. As others argued: DM could also be a way to receive information that is not wanted.
Well, can it be that hard? I’m not a programmer and didn’t even look at mastodons code, but I’d expect there’d be an API for things like DM?
I found a discussion on a setting to disable DMs https://github.com/tootsuite/mastodon/issues/6945. From that ticket it seems that it is not yet possible to deactivate DMs. Maybe it would also be a good idea to link both tickets.
Assumptions and ideas
If you want to implement this yourself, you might search the purism repo for how they surpressed the DMs to implement e.g. an auto-respond if you get a DM while DMs are de-activated.
I assume that the librem one version “not complies with the protocol” and ignores DMs sent while the sender is either ACKed or not expecting an ACK (don’t know the DM procotol of Mastodon)
You might discuss in the github repo how this should be best implemented.
DO you think that encrypting DMs or content in general on a social media platform is maybe beyond the scope of the platform to begin with?
If secure discourse is what you seek then a public meeting ground is most likely not the best place to look to begin with.
That being said, I did not know that librem.one mastodon instance disabled DMs. I have DM’d a number of Librem.one users, and always wondered why I NEVER got a response from any of them.
That’s fine however. Purism’s policy supports my argument above (although I would argue that social media should not be encrypted at all), but I would think that some kind of notice or disclaimer could be placed on Librem.one accounts.
Using Mastodon should require adherence to its feature set otherwise. This is why standards are created.
However, I disagree that this is a reason to leave librem.one. Purism’s stance on moderation is bold and brave today. I 100% support it.
Uhuhh, I explicitly emphasized above that I support the idea behind disabling DM (privacy concerns, unwanted content), but that I criticize exactly the same as you do:
Also I wrote why I think that the function of DM does help to make the social network better:
Here’s a thought… (I don’t know enough about the internals of your software to know how easy it would be). Why not let a user register a PGP public key to encrypt everything not already encrypted? It doesn’t solve the potential problem of state actors seizing the server and reading the messages before they get encrypted, but it’s already the case that a compromised server could read the DMs before they get round-filed.
Using ascii-armored PGP would also let federated users successfully send DMs, if they go to the effort of PGP encrypting them first. Unencrypted DMs should generate a bounce message warning that they are insecure (and require an opt-in on the user’s part to accept them, since they have to provide the public key).
Just spit-balling here, but there’s a truism with web standards that “he who ships first sets the standard”. I think if your Mastodon server handled PGP encrypting DMs on behalf of the sender on the way in, that could be leveraged into getting other Mastodon servers to encrypt DMs on the way out. As well as support for one-click decrypting PGP messages within various Mastodon clients.
I’m not sure I found what I’ve been looking for. The closest thing I came across is this repo: https://source.puri.sm/liberty/host/smilodon, but it seems to be based on mastodon 3.1.2 whereas I’m seeing 3.1.1 on social.librem.one .
Which I didn’t find. I’d expect that this information is presented to the user during the registration process.
It seems like there is a space reserved in the online interface as well to present information like this:
“Terms of service” points to a Librem.one specific page with information about the services. “About this server” opens (while I’m logged in) the main page of social.librem.one, so basically the page itself I’m already on.
I’d expect that DMs fall into the category “Temporary” by that description. And even this is quite an educated guess since it cannot be assumed that users know that DMs in mastodon are not secure.
I’d say we need to make the information you mention, @Kyle_Rankin, more visible.
@maximilian, do you know which is the right repo? I’m thinking about running a server quiet similar to social.librem.one to test it and maybe find a better way for dm handling?
@joao.azevedo, @Kyle_Rankin, any hints where to find the source of the actual running social.librem.one?
.
