Mention behaviour

If I understand you, Florian, you mean either:

• make the '@[name]' text into a 'mention' link, but not send a notification (NO to the proposal);
  • keep the '@[name]' text as plain text (YES to the proposal).

My vote is for the second (so, YES to the proposal, if I understand you correctly).

But I don't think it's a case of 'removing' a mention, as the software doesn't allow you to make a mention. I mean, you can type @goob, but if I'm not one of your contacts in that aspect, it won't allow you to turn that into a mention.

If your 'removal' proposal means that in the case above, your post would read 'I thought @goob might like this' all in plain text, with no links or anything, that's fine. If you mean that '@goob' would actually be removed from the text so that the text would read 'I thought might like this', I'm not sure that's a good idea. Good for privacy, but will make some nonsensical posts.

I definitely think that there shouldn't be a link or anything to a user who is not part of the aspect to which the post is made, as that would be a privacy leak.

You could always get the UI to stop anyone posting @[text] except where that text is the name of one of their contacts in the aspect(s) to which they are posting.

Ah - of course, the poster might select aspect(s) after typing the post, so the behaviour I suggest wouldn't always be possible. Well, hopefully you can discern what I mean!

@goob the proposal is supposed to mean completely remove the markup and leave just the plain text, no link or anything. of course the mentioned name would have to stay, otherwise the message would be distorted.

The problem with limiting input just from the UI is that it can always be circumvented... also, should we ever get an API (hopefully soon), we can't control what gets sent at all.

Thanks for clarifying that, Florian. (Probably just me being stupid.) That makes sense, and I agree with your proposal to make mentions plain text.

I think leaving the mention in the text is just fine, as @goob pointed out, mentioning someone from an Aspect they're not a part of can be very useful in talking about someone. D* does a pretty good job of correctly linking the user's profile on different pods, and I see no problem with linking to a user's profile via a mention.

If the mentioned user is out of scope of the post privacy, then the mentioned user probably shouldn't be notified about it.

How about adding the person who is mentioned to the aspect dropdown, so it would read:
2 Aspects, Sean Tilley
or
2 Aspects, 2 People
then they could be removed through there and not notified if they don't get the post.

Sean, of course it would be better to type a name in full, but since the advent of Twitter, people have been @naming each other all over the place where it doesn't work: blog comments, message boards, Facebook, probably even in emails and text messages for all I know. We can't stop people doing that, but I do agree that it's inappropriate to turn that usage into a link to the profile of someone who's not able to view the post because they're not included in the relevant aspect(s).

Hi Raphael! Long time no see. Hope all's well with you.

@raphaelsofaer interesting suggestion - and that is how it works with Google+ actually. I like that idea.

First however I think we should fix this bug (remove the mention completely or just not notify) - then we can improve on how aspects work.

It's a really annoying bug, sometimes getting a notification of a post and no way of seeing the actual post.

The solution of Raphael is probably the best, but also the hardest to implement. As I have no time to dev for the moment, it's up to you guys, but this has to be fixed quickly as it's a privacy leak.

Don't just agree to remove the mention completely if you want to change something later and it's only an intermediate step. "Never underestimate the livetime of a quick fix." So please think of it, how you could do it right now, so that there is not much to do until somebody really wants to improve it. And I think "just remove the mention" is not living up to our standards for user experience (at least not to mine).

How feasible would it be to write code to do the following?

Assume I type a message and @-mention Fred Bloggs, who is in my 'Friends' aspect, but then select 'Family' from my aspects list. Fred is not part of my Family aspect.

When I press the Share button, a dialog pops up:

'You can only @-mention people in the aspect(s) to which you are posting. You are sharing this post with only your Family aspect, but are attempting to @-mention Fred Bloggs, who is in another aspect. If you wish this @-mention to remain, press Edit and add the aspect relevant for that person to the post. If you press Continue, the post will be shared only with your Family aspect, and the @-mention of Fred Bloggs will be removed.'

This alerts the user to what possibilities there are, and what will happen if they proceed with their post. The dialog would need to fetch information on which aspect(s) the person being @-mentioned is in; or, you could keep the language more general and just refer to different aspects without naming them.

Have no knowledge of coding so apologies if this is a really unworkable suggestion.

I’d also be interested to know from people who vote to retain the @-mention of someone not in the aspect to which a post is made, how they think it’s acceptable that there will be a link to that person’s profile visible to a (perhaps large) number of people in a post which they will be unable to view, which they will not know about, and therefore will not be able to ask to be removed if they don’t want it.

E.g. someone could, theoretically, post malicious things such as ‘@fredbloggs is a paedophile’, which various people would see, with a link to Fred Blogg’s profile, but Fred would know nothing about this.

I think @-mentions are only acceptable where they provide a two-way link: there is a link in the post for people to follow to that person’s profile, and conversely that person is alerted to their name being used and can view the post. Otherwise it has potentially dangerous implications.

The way I see it, with the way we currently advertise aspects, we have a serious privacy problem. For the present model of sharing, we need to fix this issue (most probably in one of the ways I outlined in the description).
I would also go ahead and implement the way we shall decide, so that pods, that choose to backport those kinds of fixes can do so.

However, I also have no problem if afterwards we decide to revamp the sharing model altogether, which we should discuss and vote on in a different thread.

... I really just wanted to know how to fix a technical defect here, not stir up a completely new discussion. It's nice, if that happened, but the technical issue remains.
:)

Wait, Goob. If this is your argument, then we should disable the possibility to write hyperlinks as well, because they point at something/someone without notifying this thing/person about it. Do you really think that this is a privacy issue?

I don't see anything potentially dangerous implications about letting an @-mention point at someone without notifying this person. That's exactly the same as if I was writing a hyperlink in markdown.

I don't think there's an equivalence, Rasmus, because although a Diaspora profile is displayed as a web page, it is in nature more like an email address than an 'ordinary' web page. The majority of web pages are open, 'published' pages intended to be read by anyone; a profile is less so. I can't put it clearly at the moment, but there is, to me, a difference between linking to someone's profile and linking to an 'ordinary' web page.

In any case, we're talking about mention behaviour, which is by its nature a means of alerting someone to a discussion. If this doesn't happen in an instance because the person mentioned is not a part of the aspect(s) to which the post has been made, it should not be possible to mention that person, because by allowing the poster to mention a person, it gives the person the impression that that person will be notified of that mention. It's confusing, and doesn't do what it should do in this instance.

So no mentions where the person mentioned wouldn't be notified - but if you want to provide a link to that person's profile in secret, you could still do that as a hyperlink. At least in that case the person doing it would know exactly what it was that they were doing.

I set an outcome to the proposal. I should be able to work on the implementation within a week.

Thanks, Florian. If I understand your outcome correctly, it will allow people to mention someone even when that person cannot see the post. This to me is problematic, and deserves further discussion - and the motion was only swung by one vote, so not a convincing majority.

I wouldn't be happy for someone to be able to mention me if I were unable myself to view that mention - whether it's a 'regular link' or a 'mention link'. (I'm not sure what the difference is, apart from the notification.) Indeed, I'd rather be notified so I could at least then ask the person to remove the link if I wanted, rather than have no idea there was this link to my profile.

I think the better thing would be either:
- allow the mention (and notification) so at least the person mentioned knows that they have been mentioned,
or
- stripping out the hyperlink completely.

I think that transforming it to a 'regular link' is the worst outcome, because that way there would still be a link to my profile, which I wouldn't be able to see and wouldn't even know if its existence. And I don't feel this was the outcome of the vote, either.

I may well have misunderstood you. But if I have understood correctly, I think it needs further discussion about the issues (which are quite important, I think) before taking such action.

Best wishes.
Goob

We have a real issue here that needs to be fixed asap. The most simple solution with the least implications is to strip it. That doesn't mean it has to be the answer for ever. But it's the answer for the moment.

So I'm tempted to reopen the proposal and ask to vote for an intermediate solution. And after that we can discuss what the ideal behavior should be.

That's a good idea, Jonne, and I support it.

Florian said I'll work on the definitive solution in a week. We'll not release a hotfix before that, so what's the benefit of an intermediate solution?

I think that transforming it to a ‘regular link’ is the worst outcome, because that way there would still be a link to my profile, which I wouldn’t be able to see and wouldn’t even know if its existence. And I don’t feel this was the outcome of the vote, either.

@goob do you think so? If someone asks a question in a limited aspect, I'd love to answer "you should ask @someone". The person will not see the conversation neither a notification, but the asker will be able to find him easily, independently of his pod. For the moment, I have to put the handle of the person because if I make a link (like diasp.org/u/someone) the user will not understand why I can't add it from the profile (He is probably not on diasp.org).

For my, strip the notification and not allow the mentioned person to see the post but adding a link to his profile is the best solution. Your friend which is able to mention you is able to link to your profile anyway, stripping completely the mention does not solve the issue of "link to my profile", it just complicates it as it is not "cross-pod".

Fla, yes I do think so. I dislike it in exactly the same way as I dislike it when someone whom I have entrusted with my personal contact details gives my email address, phone number or house address to someone I don't know without asking me first. It's an invasion of my privacy, my choice to whom I give my contact details.

We can't stop someone providing a link using Markdown to my profile in a post I am not allowed to read, but let's not actually facilitate this behaviour (i.e. make it easy for them) by allowing them to do a mention, which then gets changed into a normal link.

Don't forget that the mention being changed into a normal link is without the knowledge of the person doing the mention as well, unless they have read this discussion, for example. They would assume that I would receive a notification, as they had @-mentioned me, but this wouldn't happen. Thus it's not working for them and it's not working for me. It's just a privacy leak.

If you really want to mention me in a limited post in the way you suggest ('you should ask @someone'), add me to the relevant aspect before posting.

If you don't feel I should be reading the content you post to that aspect, you also shouldn't be mentioning me in posts in that aspect. It's as simple as that (I think).

@florianstaudacher - please don't change the code to turn a mention into a standard link without further discussion, because that outcome was not even one of the two options that was being voted on, but something completely different.

alright ... you have to understand, a quickfix for the privacy issue would probably take me half an hour, tops.

The description states my two easy-to-apply solutions, and I wasn't sure which one would make more sense so I started this discussion. Then I put the first one up to a vote and waited 7 days for the result, which went 5:6 for not just removing the mention markup.

The only other quickfix option, while keeping the current aspect model and fixing the privacy leak, is to convert the mention into a link.
That can be done today, while we can start discussing a better solution to the whole Aspect/Mention situation altogether.

Thanks for your reply, Florian. I think I understand:

At the moment we have a 'broken' functionality - mentions to people not in an aspect send them notifications which they can't see. This causes problems technically, and so needs to be ‘fixed’ immediately.

I would say the best stop-gap solution to a feature which is not working and is causing problems, if no better solution has yet been found, must be to remove that feature until a proper solution can be found which works properly and causes no problems.

In this case, that would mean stripping out mentions completely when a person mentioned is not in the relevant aspect.

I suspect when you set the vote, people who voted against it did so because they didn’t like the idea of mentions being completely stopped in such cases, not (necessarily) because they thought it is a good idea to replace mentions with an ordinary hyper-link as a stop-gap solution until a better solution has been found.

I think there are serious privacy issues here – we’d be facilitating a behaviour which shouldn’t be happening – and if your proposal had been worded in a way which allowed me to ‘block’ the suggestion of replacing mentions with an ordinary hyperlink, I would have done so, because I believe it is far worse than allowing people to use ‘real’ @-mentions (with notifications) in posts which the person mentioned can’t see. Using a standard hyperlink may be neater from a technical point of view, but I seriously think it is much worse from a privacy/user experience point of view.

So if you really need to ‘fix’ this mention behaviour today, I believe the only possible step is to remove the feature completely for the time being (by stripping out mentions and replacing with plain text), until a better long-term solution can be found and has been agreed on.

This may stop some people from doing something they want to – that is, to @-mention their contacts in posts which those contacts can’t read – but it’s debatable whether they should be doing that in any case. And we have to consider not just whether people want to do something, but also the consequences of enabling them to do it.

And we can then try to come to a decision on a long-term solution as quickly as possible so that this facility is not unavailable any longer than it needs to be – if, indeed, it is a good idea to have it at all.

Sorry this is so long, but I do think there are important considerations here.

btw it is also possible to mention a user who is not one of your contacts with @{name ; [email protected]}. I just tested that on my dev-pod. The post shows up in the stream of the mentioned user but he/she doesn't get a notification.

@steffenvanbergerem see the failing spec in https://github.com/diaspora/diaspora/pull/4161

Goob, I still don't get your argument that a link to a user-page is vulnerating privacy. Could you explain a little more, since it seems to be quite important to you.

Doing some housekeeping on old Github issues, I found a discussion on this issue, which mirrors this one: https://github.com/diaspora/diaspora/issues/2516

Rasmus, I think I've explained it as well as I can. Apologies if it's not clear to you.