Good day dear Lemmy community!
When I try to use lemmy's private messages, I get the following warning:
Warning: Private messages in Lemmy are not secure. Please create an account on Element.io for secure messaging.
It is very good to have this warning! However, can it be improved?
When I first encountered this wording, I was completely unsure whether the DMs would be totally public due to lemmy's limitations or its open stance, or whether the messages would have a similar security to e.g. email where your trust relies on TLS and the servers involved.
My proposal would be to change the wording to something like:
Warning: Private messages in Lemmy are not End-to-End encrypted. Please create an account on Element.io for secure messaging.
Or if the team is open to it,
Warning: Private messages in Lemmy are not End-to-End encrypted. Please use a platform with E2E encryption for private messaging.
Or if the team is even more open to it,
Warning: Private messages in Lemmy are not End-to-End encrypted. Please use a platform with E2E encryption for private messaging. Lemmy recommends Element.io and XMPP.
Thoughts? I'm ready to create a PR.
I think the larger point is that private messages are visible to instance admins.
Yes. And I think saying "messages in Lemmy are not End-to-End encrypted" is clearer communication than "messages in Lemmy are not secure".
I think both are bad communication. When I hear "messages are not end to end encrypted", I think that my ISP or a hacker might be able to see them but not, like, ordinary people. In reality, whatever shitheads are administrating either your or the recipients instances.
I think "private messages are visible to both your and the recipients instance administrators" would be more clear
Yes. Rather than focusing on encryption, (most normies don't know what that really means anyway) point out that admits not mods have access to all messages sent.