Yes. Click on any person's username and under/next their bio there is a button to send a direct message. Not really a live chat thing yet, lemmy does not have the backend for that.

Note, DM's over Lemmy are NOT encrypted, only obfuscated, any federated server can read the DM's you send. Keep that in mind when choosing content to talk about.

[–] nutomic@lemmy.ml 11 points 1 day ago

This is not correct, Lemmy sends private messages only to the single recipient server. Other instances cannot access it at all.

[–] quips@slrpnk.net 3 points 1 day ago

That is not true. They are encrypted in transit, but not e2e

[–] sirxdaemon@lemmy.ca 8 points 2 days ago (3 children)

Wait, what? It's just the sender and receiver's instances that can read the message; it's not just any server right?

[–] nutomic@lemmy.ml 6 points 1 day ago (1 children)

You are right.

[–] empireOfLove2@lemmy.dbzer0.com 9 points 2 days ago* (last edited 2 days ago) (1 children)

I believe you're right but don't know enough about the real back end magic to confirm. I want to say I once read that the DM was always broadcast to all servers but that seems pointless.
What matters is that dm's are not private and should not be considered private, both in transit (during sending) and at rest (copy sitting at each server)

[–] LifeInMultipleChoice@lemmy.world 7 points 2 days ago* (last edited 1 day ago)

Someone could point out where I am wrong but essentially it is the same as a standard email in that there is a plain text copy stored in both the send and receive instance. Maybe it is easier to think of as just another comment where instead of @domain.xyz has read access, just the specified user@domain.xyz has read access. The server admins could still see them if they wanted to, just like Yahoo, Google, etc can in plain text (which is how SPAM filters often work, as in if the email was actually encrypted they wouldnt know the content inside it to try to filter it out.)

More end to end options are coming to the fediverse, (Matrix has been around, I saw something last week another was coming) but really most people don't ever encrypt data they send to others, and don't care usually.

See: Epsteins emails being accessible without decrypting anything. There were people who supposedly found his password in the released files, and just logged into outlook or whatever with it. End to end encryption should have required them to have s/mime (handshake performed) on that specific device to see the emails, so it would have all been garbledegook. Aka plaintext was stored on both server ends until deleted by the companies/users.

[–] rglullis@communick.news 0 points 2 days ago (1 children)

The fact that a message is addressed to a single person does not mean that it's only sent to that person. In theory, anyone following you will receive a notification about the message.

[–] nutomic@lemmy.ml 4 points 1 day ago (1 children)

This is wrong, Lemmy doesnt send private messages to followers.

[–] rglullis@communick.news 1 points 1 day ago (1 children)

I wasn't talking about the specifics of Lemmy, but ActivityPub in general. You can not guarantee that just because a message has been addressed to a single actor that only that actor will see it.

[–] nutomic@lemmy.ml 2 points 1 day ago (1 children)

If any Activitypub platform sends messages to an actor which they arent addressed to, thats clearly a bug.

[–] rglullis@communick.news 1 points 22 hours ago

In the most practical cases, yes. But in theory, there is nothing about the protocol that says that message addressing implies message visibility, or even access control.

Also, be careful of taking your assumptions and treating them as universal truths. One day somebody could build an IRC-like system on ActivityPub and decides to treat a "ChatMessage" object as public objects which may or may not be addressed at a single participant. There would be no "bug" if the server picks up the object, relays to others, or even indexes it and makes it searchable.