Have you seen this news?
-
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesn’t stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
Signal and similar tools tightly control trust models (trusted by default with centralized keys and safety number/verification UX), while federated SNS would have to pick between a similar central authority or a more fragile, user‑managed web‑of‑trust‑style setup.
-
To introduce E2EE into public‑facing SNS & simultaneously try to “solve” abuse, moderation, & legal exposure, the path of least resistance is likely to be “just verify everyone”, pushing identity‑linked, KYC‑style identity checks as a way to “anchor” trust & accountability.
The loudest voices may start demanding identity verification.
Awful for privacy, & it’s exactly why I strongly believe E2EE should be kept out of the core social layer & kept within dedicated tools instead.
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
Interesting times ahead. I wonder if they will go for the Signal Protocol Post-Quantum Ratchets or similar?
-
@rusty__shackleford @benpate @dusk i think a good middle ground for letting people to have private discussions on fediverse is just allowing people to do PGP themselves or in 3rd party clients, with a "buyer beware" kind of scenario
building it into servers puts a lot more responsibility in the hands of server admins. and risk for abuse. i don't want my admin holding onto my private keys and i don't necessarily trust my server to generate keys for me either ...
people with the know-how to generate and manage their own keys can deal with the potential negatives and headaches associated with it. just running servers as they already exist is plenty of work for mastodon admins i would imagine -
Interesting times ahead. I wonder if they will go for the Signal Protocol Post-Quantum Ratchets or similar?
Not Signal, MLS, which is similar but run by a group of industry organizations.
Post-quantum is possible in MlS, depending on the crypto algorithms you choose.
There’s more info about the project in general on https://emissary.dev/e2ee — though Mastodons announcement is a big new development I haven’t covered yet.
-
@rusty__shackleford @benpate @dusk i think a good middle ground for letting people to have private discussions on fediverse is just allowing people to do PGP themselves or in 3rd party clients, with a "buyer beware" kind of scenario
building it into servers puts a lot more responsibility in the hands of server admins. and risk for abuse. i don't want my admin holding onto my private keys and i don't necessarily trust my server to generate keys for me either ...
people with the know-how to generate and manage their own keys can deal with the potential negatives and headaches associated with it. just running servers as they already exist is plenty of work for mastodon admins i would imagine@sampler @rusty__shackleford @dusk
A) that excludes 99% of the population, who deserve the same level of privacy as you do.
B) since it’s E2EE, most of the work is on your client. The updates to the server are minimal (C2S API + publish public key packages). So EVERY Fediverse server could support this. You’d just need a client that can send/receive encrypted messages.
C) Don’t let “perfect” be the enemy of “good” - giving people easy, modern tools is a win, even if the NSA can hack it.
-
@rusty__shackleford @sampler @benpate
Really well articulated, totally makes sense!
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
@sampler @rusty__shackleford @dusk
That is one of Mastodon’s big issues to address. It’s not a protocol thing, but a server software issue that I know they’re going to address.
-
@benpate I'm wondering what the advantage of e2ee private messages on Mastodon is when we have Signal, Matrix and other robust encrypted messaging tools that you could invite a friend to if you want to have a private conversation.
Is anyone worried about this creating moderation issues?
Generally I'm in favor of privacy and security, but I'm just not sure what the value of this feature is on Mastodon. Maybe you or others can provide your perspective on this.
If people are already on Signal, good for them. But the real issue is getting people off the Meta apps. So if there's a good Fedi Messenger, that can definitely help!
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
RE: https://mastodon.social/@benpate/116403046724832335
@benpate super stoked!!!
-
It's not either-or. You can use both.
If you prefer to switch apps and identities and go over to Signal, awesome.
If you'd rather message someone with your ActivityPub identity, you can do that securely now, too.
The E2EE work on ActivityPub uses an open standard, MLS, to encrypt data. One reason we chose it was so it's at least possible to bridge to other social and messaging networks while keeping the data encrypted from end to end.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
@benpate
Ideas for how I explain this to my swaths of very-non-tech friends & family? (Most of whom are happy with FB & Insta & Wassap.)
-
@GroupNebula563 @benpate @soatok "How are they managing public keys" was my very first question, inspired by our own furry blogger's work on the subject!
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
Sovereign Tech Agency funding
Announcing a service agreement for new work to improve Mastodon and the broader ecosystem.
Mastodon Blog (blog.joinmastodon.org)
-
@GroupNebula563 @benpate @soatok "How are they managing public keys" was my very first question, inspired by our own furry blogger's work on the subject!
It’s using “MLS” - a well documented, tested, and tooled protocol.
Private keys are generated on your device (browser, app, whatever). Each device manages its own private keys.
Public keys are posted to your ActivityPub actor profile.
Keys are rotated *very* frequently.. like every time you join a new group.
When someone sends you a message, they address your ActivityPub inbox using a “group key” that includes all of your devices.
-
@benpate I’ll read it later. But discussing E2EE in a public forum seems a bit odd to me. If it’s meant for DM, then why not.
-
@jaz I agree 100%
It’s too early for anyone to say how Mastodon will design this (even Mastodon)
But this is exactly how I’m doing it in Emissary. Domain owners can choose if they want to support E2EE on their server, and for which groups of users.
Users can also opt in to publishing encryption keys or not.
It’s easy to build this as completely opt-in, so it’s a fair bet that’s how mastodon will architect it.
Make sure they hear your voice as the project gets going in 2027.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login