Lemmy Support

5065 readers

1 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 7 years ago

MODERATORS

dessalines@lemmy.ml

Private messaging is not "secure" - can this wording be improved? (lemmy.ml)

submitted 8 months ago* (last edited 8 months ago) by vas@lemmy.ml to c/lemmy_support@lemmy.ml

5 comments fedilink hide all child comments

Good day dear Lemmy community!
When I try to use lemmy's private messages, I get the following warning:

Warning: Private messages in Lemmy are not secure. Please create an account on Element.io for secure messaging.

It is very good to have this warning! However, can it be improved?
When I first encountered this wording, I was completely unsure whether the DMs would be totally public due to lemmy's limitations or its open stance, or whether the messages would have a similar security to e.g. email where your trust relies on TLS and the servers involved.

My proposal would be to change the wording to something like:

Warning: Private messages in Lemmy are not End-to-End encrypted. Please create an account on Element.io for secure messaging.

Or if the team is open to it,

Warning: Private messages in Lemmy are not End-to-End encrypted. Please use a platform with E2E encryption for private messaging.

Or if the team is even more open to it,

Warning: Private messages in Lemmy are not End-to-End encrypted. Please use a platform with E2E encryption for private messaging. Lemmy recommends Element.io and XMPP.

Thoughts? I'm ready to create a PR.

you are viewing a single comment's thread
view the rest of the comments

[–] Drewfro66@lemmygrad.ml 0 points 8 months ago (1 children)

I think the larger point is that private messages are visible to instance admins.

[–] vas@lemmy.ml 0 points 8 months ago* (last edited 8 months ago)

Yes. And I think saying "messages in Lemmy are not End-to-End encrypted" is clearer communication than "messages in Lemmy are not secure".