↳ In-reply-to » @eapl.me When it is up and running, I promise to add it to the specification. I will also include some corrections. The nature of twtxt does not allow us to selectively hide clients. It's a problem not with DM, but with any extension. @prologic Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links. @xuu It's already much better than Mastodon :P . Maybe we can remove the sender and receiver references with an intermediary register.

@andros@twtxt.andros.dev Ahh I see 👌

@prologic@twtxt.net Yes, it is a security hole. All dm-echo messages are readable. I intend it to be a debugging tool. Maybe I can include a warning message. If many of you see that it is a serious problem, I can remove the links.