Here are my more political thoughts about this change: [thread]

ANYWAY (1) This change should have been announced to everyone, and MOST IMPORTANTLY to client developers, AT LEAST A WEEK before implementation. Right now Amaroq (for example) still says that private posts only federate to "followers on your instance", even though THIS IS NO LONGER TRUE, because the app hasn't had time to update to reflect the new changes.

This just REINFORCES the impression that Mastodon devs don't care about client devs enough to warn them about things ahead of time or (ideally!) give them a way of knowing which features a particular Mastodon instance supports. AFAIK Amaroq has no way of notifying users if their instance is running the 1.3 update or not.

(2) Changing the name from "Private" to "Followers only" might be a helpful and good change, but I FEAR that it is being used AS A COP-OUT for not better implementing real privacy features before shipping. People WANT private posts. And by "private" I mean "as private as e-mail, or Facebook". They don't want "followers-only-and-I-abdicate-all-responsibility-for-what-happens" posts.

(3) Requiring users to exert labour to vet and background-check literally everyone who follows them AND maintain a locked account if they want to share things privately is a bad solution to the problem and like literally Twitter wouldn't dare implement that it's so awful

The amount of tech-literacy which is required to have any semblance of privacy on Mastodon right now with the 1.3 change is waaayyy overboard. You have to already be incredibly fluent in how federation and servers and whatnot works to even UNDERSTAND THAT THERE IS A PRIVACY CONCERN IN THE FIRST PLACE.

Mastodon HAS NO HELP CENTER and this information ISN'T PROVIDED IN THE WELCOME MODULE, SOOOO………

*waves arms around in the air*

I kept all of these criticisms out of my blogpost because really I just want people to know what's going on and what's changed and not everyone will necessarily agree with me on all of these points

BUT if you aren't 100% sold on the new changes, **Mastodon is open software** and you can and should demand better accountability from devs in the future, and also express your frustration (in a civil, respectful manner!!) through GitHub or official channels if you have something to say. The PR which led to this change is here fyi: https://github.com/tootsuite/mastodon/pull/2111

If you are an instance admin, you can of course keep your instance at v1.2 until things get sorted out a little better or better privacy settings are put into place.

@u2764 well said! and, excellent post, too!

...yeah, this pretty much persuades that for whatever is going on 'round here, federation is a privacy nightmare.

Also, following @u2764 now. Smart, smart criticism, with a side of understanding why the more server-fluent are so wary of Mastodon in the first place.

I'm not here for privacy, mind. Mission statement remains consistent: I'm here to talk, and I'm here to listen. I'm here for whoever wants positive dialogue. And a lot of that hope IS for what happens in the open.

But: having privacy settings and not having the means to actually enforce privacy on other federated servers is something that should be A LOT more transparent.

@u2764 actually there's a way that it's similar to the way Twitter repeatedly gets things wrong - not getting feedback from people who are harassment targets before they release. https://twitter.com/LeslieMac/status/831396216218984452

@u2764 and this is how people like us on Twitter usually did things anyway!

@u2764 Can you provide links to 1 and 2? They don't want to federate over to me for some reason.

@u2764 Text change is a special problem. For Tusky, I can change the english and have it by next release, but all the translations are out of date so there's extra lag time to ask others to fix that.

@u2764 1 week is far from enough for these kind of changes, but it would help more than zero notice

@ninjawedding wow apparently i don't know how to date i'll fix that lol

SORRY IF THIS LINK JUST DIED GIMME A SEC GIMME A SEC

OKAY IT'S ALIVE AGAIN SORRY ABOUT THAT I DID THE DATES WRONG,, ANYWAY,,,,

oh my god did the link die again why

Sorry I fixed the redirect but then GitHub took a while to deliver the changes so I unfixed it and thought it was fixed so now i'm ununfixing so it should work now sorry sorry I can't do dates that's the real problem here

The actual permalink is here: https://marrus-sh.github.io/mastodon-info/everything-you-need-to-know-about-privacy-v1.3-020170427.html I did the date wrong in the original and said it was 2015 that's my problem lol

I am now compulsively re-clicking that link to make sure the redirect doesn't break again lol but I think it's all good

Eugen commented that “A word-of-mouth announcement might be fine?” regarding this change; how passive-aggressive would it be for me to rename my blog "The Word of the Mouth"

@u2764 If people who follow you can read your private toots, this isn't private at all. Except you lock your account, but this cuts your reach.

@u2764 Nice writeup.

@projektir It used to be that private posts were not federated to other instances; which is to say, only people on the same Masto instance as you could see your private posts. This is no longer the case as of v1.3

@u2764 Ah, fair enough. This seems fine to me, though, as I would have expected ALL my followers to see Private posts (since that's what the tooltip says, and since I follow people on all sorts of random instances).

Having extra granularity wouldn't hurt, though. I think that's along the same lines as allowing individuals to block instances and such.

@Tdorey @u2764 Stuck between a rock and a hard place here. It's not like adding a warning like that to authorize new follower screen is hard. It's all the folks who have existing followers that now have to think about this for future private posts (*if* they have non-mastodon followers, which I feel must be rare with >1000 mastodon instances). I added a screen to review them ("Authorized followers" in settings)