Have you seen this news?
-
@jens Yeah, the MLS protocol is pretty solid. It's built/supported by a number of big industry groups who know what they're doing.
And, I'm not writing the encryption myself. I'm building on top of the *fabulous* ts-mls library by Luka Jacobowitz. He's been super-supportive and even helped me troubleshoot a few things.
I'm pretty sure Bonfire is using OpenMLS, which is equally awesome.
When Mastodon starts working in 2027, a lot of the groundwork will have been laid already.
-
@jens Yeah, the MLS protocol is pretty solid. It's built/supported by a number of big industry groups who know what they're doing.
And, I'm not writing the encryption myself. I'm building on top of the *fabulous* ts-mls library by Luka Jacobowitz. He's been super-supportive and even helped me troubleshoot a few things.
I'm pretty sure Bonfire is using OpenMLS, which is equally awesome.
When Mastodon starts working in 2027, a lot of the groundwork will have been laid already.
@benpate MLS is a step in the right direction, for sure.
-
The primary spec for ActivityPub is here: https://swicg.github.io/activitypub-e2ee/mls
I have a project overview here: https://emissary.dev/e2ee <- this also includes links to the MLS protocol and other implementation resources.
My overview page WAS up to date, but I haven't posted much recently. But I *swear* I'm still making progress.
I'll show off a little of my work at #FediForum - and I'm sure we'll have larger conversations there about #E2EE in general.
Here's a screenshot from my laptop this morning. It's a pretty good view of where I am on this project right now with #Emissary. "Please ignore my silly cats"
I've seen Bonfire's work, and they're even further along.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
@benpate @mattblaze You may be interested in this.
-
@benpate Scanned the specs.
Yeah, that's about how I'd have done it in AP. But the result is like encrypted email, metadata is still public.
That's more or less why I stopped looking at AP as a viable transport. But if you need to stay within it, then yes, looks reasonable.
I haven't looked in a lot of detail, obviously.
-
@benpate Scanned the specs.
Yeah, that's about how I'd have done it in AP. But the result is like encrypted email, metadata is still public.
That's more or less why I stopped looking at AP as a viable transport. But if you need to stay within it, then yes, looks reasonable.
I haven't looked in a lot of detail, obviously.
Yes.
My understanding of MLS is that there is a fair amount of metadata that's public in general. So, group ids, and members of each group are more or less in plaintext, regardless of the transport.
So, it's not *perfect* but it's better than just sending everything in plaintext.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
-
@benpate I wouldn't count on that.
In the announcement Mastodon team credits SWF for work on E2EE, not the people doing actual research. That's part of the deal.
-
Yes.
My understanding of MLS is that there is a fair amount of metadata that's public in general. So, group ids, and members of each group are more or less in plaintext, regardless of the transport.
So, it's not *perfect* but it's better than just sending everything in plaintext.
@benpate Oh yeah, exactly that.
In a green field design, you can encrypt almost all metadata, and make the rest sufficiently anonymized.
Sadly, that isn't going to integrate well with AP.
Ah, well.
-
since it is being funded by the German government, will it have backdoors for specific German priorities?
@rapsneezy2 Ha! None that I know of
We're (Mastodon, Bonfire, and Emissary) not doing this from scratch. It's building on MLS, which is an open standard for end-to-end encrypted messages that is used by many big players in tech.
Plus, all of this is open source (mine is here: https://github.com/EmissarySocial/conversations-mls) so hopefully any theoretical back doors would be found by interested parties.
If you're interesting in auditing some code, I'd *love* for you to participate!
-
@benpate I wouldn't count on that.
In the announcement Mastodon team credits SWF for work on E2EE, not the people doing actual research. That's part of the deal.
@silverpill @benpate it really seems nothing has changed after the recent reorganization.
-
@benpate I wouldn't count on that.
In the announcement Mastodon team credits SWF for work on E2EE, not the people doing actual research. That's part of the deal.
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
-
@silverpill @benpate it really seems nothing has changed after the recent reorganization.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
-
Sorry if I'm missing a part of your context..
This whole project should be "backward compatible." It's pretty easy to tell if your recipients all accept encrypted messages or not, so if you're messaging someone who doesn't accept encrypted messages, it should just fall back naturally to regular DMs.
-
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
@benpate As somebody who also thought about E2EE (MLS was my suggestion), I can confidently say that SWF spec didn't add much to the discussion. That's not surprising, because to do that one needs to actually start writing code.
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
-
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesn’t stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login