Gorujo's Blog

Why and when to comply DMing to a more Private Platform when asked (and when not to)

If the "when to do it" criteria meets, please do them a favour instead of leaving them behind if you can.

Written in 04-12-2024/12-04-2024 5:41 PM UTC and Published in 05-12-2024/12-05-2024 1:16 AM UTC

I am keeping the identities of some people from my experience anonymous for safety reasons, with the exception of 2 people. Those that may read it may understand who they are:

After my previous interaction with a person who is against switching platforms (until it affects them) and another who called me sketchy over the idea of not accepting Discord DMs but other means of private communication and then told by another that the act of asking someone to use another platform was "sus". I said Enough is Enough, and decided to write this post to hopefully help those struggling to convince friends to switch, but also to narrow down the criteria for when you should and shouldn't accept for the recipient, because here's the thing: In their/your defense, there are valid reasons for someone to be skeptical, even if in my case they weren't that valid, and even if it feels valid and condone the behavior of not accepting them, you're not helping the person who wants to protect their privacy (and don't give me the usual bullcrap about privacy, you're only making it worse). Take the time to read why it matters here and also here, which the second one should speak more to your language. And if it does not matter to you and/or you aren't bothering to do so, then it matters to them, no matter what the argument is (Yes I'm talking to you recipient).

I do want to appreciate that 2 out of the exceptions I made from the community of my experience, which are Maebbie and Etch-9 value privacy the same way I do but it is also the problem where you can't convince everyone so my goal with these 2 recent privacy blog posts are to mitigate this kind of barrier and let's be clear recipient, we never want to ask you to give up on any of these platforms you use but to respect the choices of others (again there can be exception to the equation which I'll get to.).


With that out of the way let's get into when you should (or shouldn't) comply with the request:

1. Trust

Yes I know what you're thinking: "Wow so obvi-" yeah I know zip, let me explain:
[If you like to get to the point read below the paragraph]
Obviously if you have talked to the person and have gained online trust status [if irl then you trust them as friends] on the basis that you have known them enough to have faith in them and they do not exhibit patterns of scams like the pig butchering [basically as soon as they ask for anything like crypto outside of the known legitimate tools, run]. The pig butchering is just one example of many but not limited (also the commission scams I've noticed are common among other things) or any continuous SCUMMY behaviour counts.

The point here is basically establish some kind of trust with each other, it doesn't have to be irl, doesn't have to be a full on trust, just make sure there are not suspicious [no I'm not talking about trying to get you to another platform suspicious, this is not the one and I'll get to the platforms later] or scummy patterns (eg. Predatory) or straight up scamming. Yes this applies even AFTER you've complied to their platform, though its best you get to know them well first where you are.


More importantly if you haven't talked to the person before or did not gained the necessary online trust and they ask you first thing, Likely run otherwise You should be fine. I know these points were obvious but wanted to make it clear at what factor and if you trust them, please comply, but make sure you actually do so you don't get scammed or something.

2. Platforms chosen

After establishing some kind of trust or respect or something along those lines, it's time to get to platforms because this is where they can degrade their trust and avoid at all costs or have the right things for you to talk to, as follows you need to make sure that the platforms they chose are established and trusted and not some random platform that "friend" decided to make in intention to harm your device or anything malicious.

I recommend Privacy Guide's recommendations alongside what I would approve of in order (but both will work) which are:

  1. SimpleX
  2. Signal [This requires a phone number, you can hide it and use a username but if that still makes you uncomfortable choose anything else from Privacy Guide's or mine]
  3. Session
  4. Matrix [Only use Matrix if you're okay with making an account or already have one]

In fact on my contact site, I actually offer 3 out of the 4 however the only reason I reserve Matrix is for those who already have an account otherwise I suggest SimpleX as it does not require registering an account and Signal if you are comfortable with it.

The point is that everything you see on my recommendations and privacy guides is trusted and established, so if anything is recommended outside of those, be skeptical or distrust (them) immediately.

3. Their threat model

One of the more likely factors you should consider after both is obviously, threat model. What is threat model? Simply put, what the person is trying to protect, Usually in their case the threat model is varied from just wanting to protect DMs message contents and perhaps metadata away from platforms like discord you're likely looking at to higher threat models than this.
This matters as that person they're trying to contact you perhaps really needs this kind of protection and cannot afford what discord does regardless of argument (once again).
Now the argument can be made that if a person is on a higher threat model, why are they using discord? Again ultimately what you should focus on is that they likely want to protect private messages to something that is more private than say discord. However most with high threat models actually do prefer not to use it which is why this argument can be valid anyway.
My advice from here is to ask them why they specifically they want to be contacted elsewhere in the first place or "What is your threat model?" and they will let you know for sure if they feel comfortable doing so, otherwise assume the level of protection I mentioned above.

Ok but what if the person does not call for a high threat model?:
Even if they don't, the person has likely set a standard ground rule (for my example: I assume that everything on discord is said publicly, and to make sure of that mentally, I keep my communications on public servers, not in DMs if that's avoidable). The general rule is to respect what the person wants to protect, even if it doesn't require a high threat model.


TL;DR

TL;DR is as follows: If the person (and this article is shared) asks you to DM through a different (more private) platform(s) than what they are already using, you should, but just to be sure, make sure these criteria are met as per the headings above with summary:

  1. The person is trusted in an online [or irl] manner where they don't exhibit any potential malicious intent at all even if already accepted at the private platforms above (this is obvious but I wanted to make sure at what extent).
  2. Confirm the platforms are legit or are not malicious, Preferably use the list above to confirm within my recommmendations or Privacy Guide's recommendations.
  3. If possible check up on their threat model otherwise if they don't feel comfortable assume they have a high threat model and want to be protected at all cost or (their choice) to protect their privacy, especially if the platform already invades privacy.

Ok why? Should I even care at all?

Ultimately this is up to you. But for the love of god, especially if all of these criteria are well met. Do not call people with such actions "Suspicious" or "Sketchy" as you could trigger a nerve and if not you'll probably make them feel bad, Seriously avoid it especially if the criteria meet. As for why, It ultimately boils down to that you are helping yourself and the person asking you to protect their privacy (and security if applicable) by doing such action rather than neglecting, ignoring what the other platforms do and in the process endangering the person who would want their privacy protected and as seen on "Why Privacy Matters" by Privacy Guides

Personally, I don't care if you don't dm me, but to stick to the ground rule I set, I still won't accept DMs from things like Discord, because if the platform can read the messages, other people should be able to as well. (among the other data they are already collecting anyway even if reserved for the platform but honestly that's a whole other story and luckliy not within my threat model to protect [[yet]].)
I will still offer the option to dm me through these means if you ask, and you can respectfully decline, but I ask you not to call the action "suspicious" or "sketchy" UNLESS I rightfully don't meet the criteria, but should still avoid if possible.

#privacy