[Karunamon]

Having person-to-person messages be unencrypted is irresponsible in 2022, the same way offering a web service for public consumption without TLS is. Encryption should be the default and the user should not have to even consider the threat of their messages being read by unauthorized parties.

[tptacek]

The most irresponsible thing you can do is make a security promise you can't keep. Mastadon's usage is overwhelmingly browser-based; achieving reliably end-to-end security between users of browser-based apps remains an open problem. Taking a short step back from that: if you're going to try to give people secure messaging, you should have that goal from the start. Matrix is a good case study in what happens when you don't do this.

You can still high-horse Mastodon: just tell them they shouldn't have private messaging at all. That seems like a reasonable take.

[xypage]

Since matrix is an open standard and everything would it be possible to build a matrix client into mastodon? That would be really interesting, if it became a plug and play messaging client for open source projects that include some sort of DMs.

[politician]

> the user should not have to even consider the threat of their messages being read.

Could you clarify whom you hope that a message should be able to be read by?

- the intended recipient(s)

- parties involved in the intermediate storage system

- middleboxes / parties in the transmission path

- unintended recipients that the intended recipients forwarded the message to accidentally

- unintended recipients that the intended recipients forwarded the message to maliciously

[Karunamon]

Whichever follows the principle of least astonishment.

1 is obvious and I think it is bad faith that you are asking.

[politician]

I just included it as a default case. If you want to assume malintent, that's on you. The more interesting cases are the last two because they reveal that messaging cannot be made private because you cannot prevent the counterparty from leaking information.