Good day dear Lemmy community!
When I try to use lemmy’s private messages, I get the following warning:

Warning: Private messages in Lemmy are not secure. Please create an account on Element.io for secure messaging.

It is very good to have this warning! However, can it be improved?
When I first encountered this wording, I was completely unsure whether the DMs would be totally public due to lemmy’s limitations or its open stance, or whether the messages would have a similar security to e.g. email where your trust relies on TLS and the servers involved.

My proposal would be to change the wording to something like:

Warning: Private messages in Lemmy are not End-to-End encrypted. Please create an account on Element.io for secure messaging.

Or if the team is open to it,

Warning: Private messages in Lemmy are not End-to-End encrypted. Please use a platform with E2E encryption for private messaging.

Or if the team is even more open to it,

Warning: Private messages in Lemmy are not End-to-End encrypted. Please use a platform with E2E encryption for private messaging. Lemmy recommends Element.io and XMPP.

Thoughts? I’m ready to create a PR.

    • Steve@communick.news
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Yes. Rather than focusing on encryption, (most normies don’t know what that really means anyway) point out that admits not mods have access to all messages sent.

    • vas@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 months ago

      Yes. And I think saying “messages in Lemmy are not End-to-End encrypted” is clearer communication than “messages in Lemmy are not secure”.

      • Drewfro66@lemmygrad.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        I think both are bad communication. When I hear “messages are not end to end encrypted”, I think that my ISP or a hacker might be able to see them but not, like, ordinary people. In reality, whatever shitheads are administrating either your or the recipients instances.

        I think “private messages are visible to both your and the recipients instance administrators” would be more clear