RE: Steemit Private Messages UI Design Concept - Desktop
I think there should be three different categories of PMs: ones from those a user follows (perhaps optionally a different type of follow that allows receiving PMs but doesn't clutter up your feed with their posts), ones from those they have muted, and ones from everyone else. The interface could have different tabs for those different categories of PMs, each with their own unread message count. Default settings would be to show notifications and a message count for PMs from those the user has not muted within other views of the website outside of the private messaging interface. However, those settings could be changed by the user so that the notifications and message count outside the private messaging interface would be only for PMs from those the user has followed. If later there were to be push notifications to a mobile device for new PMs, the user could decide whether to allow all PMs that are not from muted accounts to push notify them, or only PMs from those they follow (which would be the default setting).
Do you consider the mute functionality described in your post the same as the existing mute function? Meaning it also (eventually) hides that account's posts from the user's view of the website by default, and also broadcasts that blocking intent onto the blockchain? I can see scenarios where I would want to mute users (ideally privately as an option) so that I don't normally see their private messages (unless I go out of my way to do so), but would still normally see their posts and comments in public discussion threads. The blockchain follow feature allows for specifying the type of follow (which is how mute is currently implemented as well, by the way), so perhaps that can be used to distinguish between a public mute that hides all communication by the blocked account from the user's view of the website and a public mute that only categorizes private messages sent from that muted account differently so that it doesn't show up in their typical messages views (and doesn't create notifications). There would ideally still need to be a third type of mute that isn't broadcast onto the blockchain (in order to privately mute unwanted PMs), which would all be done client-side.
Regarding indentation of your messages to distinguish them from the other user, I would like to see something a little more distinct. For example, different background colored boxes containing the message from you and from the other user, and placing your avatar on the right side.
The delete functionality concerns me. The current implementation of the end-to-end encryption used for private messaging does not support perfect forward secrecy. This means that if someone later gets access to the memo key that was active during the time the messages were sent, they can decrypt the encrypted messages stored on the blockchain. On one hand this is good, because with just a very small amount of data backed up (basically just the current memo key, and also old memo keys can be stored encrypted in the history of account JSON metadata changes on the blockchain), the user can retrieve the entire history of their private conversations that they wish to keep. On the other hand, it means a user can't really delete a specific private conversation unless they somehow truly destroy the appropriate memo keys, and even then it comes at the cost of losing access to all the other old conversations that they actually want to keep.
In my opinion, Steem's private messaging system should prioritize the ease of backup over perfect forward secrecy. There are already other chat applications like Signal that design their cryptography to provide privacy-centric features like perfect forward secrecy and also plausible deniability. (Side note: Steem's private messaging also doesn't provide plausible deniability because the ciphertext is included in a transaction that needs to be signed by the author's posting key. This means someone can expose a PM they received to the public in a way that can be cryptographically verified to be legitimate.) Of course this means that a "delete" function would likely provide users with a false sense of security, which is something I am very much against. So at most I would like to see an archive function (to avoid clutter of old conversations in the default messages view) rather than a "delete" function.
First Off Great Comment! Pretty much a full post in response to my post which is awesome. I can clearly see that you have put some serious thought into Private Messages. You have some great points here, I'll try to get to all of them, thanks for opening up the discussion. I was planning on going into more discussion and theory on this post but ended up just focusing on design.
This is a solid idea, I think by having these 3 types are a simple dropdown to tab based system would work well. This way, like you do with most spam and junk , be able to switch users between the categories easily. Notifications as you put it would work fine, and user settings n the client side would do the trick. For mobile this would extend to push notifications and alerts.
I was considering this mute button to be separate from the one on the block chain , which would be for you to see and not anyone else to know you have blocked that user. I do think that this may be something more on the lines of Public Messages like that of comments but on the blockchain for everyone to see... though this is a different discussion ;) A distinguishable mute for each would be appropriate I think.
Thanks for the suggestions, I actually looked at all sorts of Social Media to gain inspiration on this but ended up with the simple design you see above. I ended with this because I wasn't feeling any of the Normal type designs in regards to steemits design. Now that you point it out a single color difference between the messages maybe all we need. I just wanted to illustrate that we don't need over design here.
In regards to true deletion of messages its a toss up. We want everything to be on the blockchain but like you said messages would eventually be decrypted and you have all great points in that 3rd and closing paragraph. The false sense of security I am also very much against and this really opens up the conversation on if PMs could really be pulled off correctly.