Mastodon: The content of direct messages should not appear in mail notifications
Hello,
When we send a direct message to someone, he or she might have enabled the mail notifications. Thus, the message will be sent by mail to this person. The content of this private message appears in clear in the e-mail. This is a privacy issue.
I think that the mail should actually only have a link to the direct message on Mastodon.
- [x] I searched or browsed the repo’s other issues to ensure this is not a duplicate.
- [ ] This bug happens on a tagged release and not on
master(If you're a user, don't worry about this).
hidrarga
All 3 comments
Inversely, I find it very helpful to have the direct messages available in my email. If it's sent to me, I can read it anyways, and for someone who prefers to manage their asynchronous communications in a central place (i.e. an email client), it allows me to distinguish between "someone is asking for more information/continuing a conversation" and "someone replied with a thank you" - no need to check the website.
As different people and different instances have different use cases and security levels, I agree with this idea, but I propose it should be per-user optional. Personally I'd prefer opt-in, but opt-out works, too - maybe an instance administrator could set the default?
Also consider issue #4501, "Add ability for emails to be encrypted with your GPG public key".
digitalcircuit
on 22 Aug 2017
Private messages are no more secure then email, and shouldn't be thought of in that way. I'm having a hard time fathoming the user story here, so if someone would like to explain the usecase for having enabled e-mail notifications but not wanting PMs to appear there, I would be happy to re-open the issue. As is though I'm not sure what the software can do to solve this issue.
nightpool
on 23 Aug 2017
@nightpool It's about third-parties. On my mastodon instance, we send mails through mailgun. In addition, people usually use GAFAM's services for their mails. Potentially, those third-parties know the content of every direct messages. Although we cannot guarantee that those direct messages will be really private (simply because they are not encrypted), we should try to limit the number of third-parties able to read those "private" messages.
if someone would like to explain the usecase for having enabled e-mail notifications but not wanting PMs to appear there
The usecase is simple : you want to get a notification by mail saying that you received a new direct message, but without telling the content of that message to any third-parties.
You can have a look at Diaspora* which is doing this exact same thing.
Ideally, we could also remove the content from the browser's notification.
hidrarga
on 17 May 2018
Related issues
Lewiscowles1986
·
3Comments
phryk
·
3Comments
selfagency
·
3Comments
KellerFuchs
·
3Comments
ccoenen
·
3Comments
Most helpful comment
Inversely, I find it very helpful to have the direct messages available in my email. If it's sent to me, I can read it anyways, and for someone who prefers to manage their asynchronous communications in a central place (i.e. an email client), it allows me to distinguish between "someone is asking for more information/continuing a conversation" and "someone replied with a thank you" - no need to check the website.
As different people and different instances have different use cases and security levels, I agree with this idea, but I propose it should be per-user optional. Personally I'd prefer opt-in, but opt-out works, too - maybe an instance administrator could set the default?
Also consider issue #4501, "Add ability for emails to be encrypted with your GPG public key".