Have you seen this news?
-
Yup. I've heard some discussion about allowing users to "Flag" content to admins. But then there's the question of how to prove that the message is authentic (and I didn't just use a screenshot maker to frame someone)
Right now, I don't know how that'll play out. But I'm glad Mastodon is going to be asking those questions.
-
@rapsneezy2 Yup. And, most vulnerabilities have nothing to do with the encryption, but all of the architecture around it that leaks, injects, or lets adversaries circumvent your encryption.
I'm gonna share this image *so many times* today
At the end of the day, I don't think we're building something to keep out the NSA or the Mossad. I think we're thwarting nosy admins, data harvesters, and the same. And that's a good step forward.
Use Signal to do illegal stuff.
I may be wrong but I understood the RSA issue to be a deliberately chosen random number generator which wasn't quote so random - so algorithmic.
(but i'm no expert)
-
@jaz I can only say "yes" so many times before I dig up the Meg Ryan gif.
Do you want me to dig up the Meg Ryan gif?
@benpate I'd appreciate the gesture
-
@rapsneezy2 Yup. And, most vulnerabilities have nothing to do with the encryption, but all of the architecture around it that leaks, injects, or lets adversaries circumvent your encryption.
I'm gonna share this image *so many times* today
At the end of the day, I don't think we're building something to keep out the NSA or the Mossad. I think we're thwarting nosy admins, data harvesters, and the same. And that's a good step forward.
Use Signal to do illegal stuff.
@benpate I would also say
use Signal (or other) to do good stuff which western governments like Germany don't want you to do
not just illegal stuff
good stuff on the right side of history
-
Yup. I've heard some discussion about allowing users to "Flag" content to admins. But then there's the question of how to prove that the message is authentic (and I didn't just use a screenshot maker to frame someone)
Right now, I don't know how that'll play out. But I'm glad Mastodon is going to be asking those questions.
-
@jaz @benpate In the interviews I've done with Fediverse users about bringing their personal connections, family and friends, to the Fediverse, they repeated again and again that they needed to have private messaging to do that, and this warning keeps them from doing it. If people don't connect with real-world relationships here, they aren't going to stay. This is existential.
-
@jaz @evan @benpate I would add, in regards to 'Signal has 50 employees", that Mastodon does not. And there's a lot of things that need fixing and improving already without having to solve E2EE messaging.
Something, something, resourcing.
But whatever, it is what it is. I'm sure it'll be fine. It just sounds like a lot of work for not a lot of reward.
-
@soatok@furry.engineer @benpate@mastodon.social @bluewinds@tech.lgbt @GroupNebula563@mastodon.social if we have our finest crypto furries on board let’s hope we can avoid a multiply by zero bug
-
-
50% of people in this survey think SMS is secure.
https://connect.lime-technologies.com/en/blog/messaging-data-privacy-survey/
-
@aslakr I can only imagine @evan says "like what?" because he's thinking of the protocol / backend work and not Mastodon as a piece of software with a frontend.
There's so much sub-par public UX in Mastodon, but even more so if you look at the Admin and Moderation panels. A lot needs a rethink.
But this $$$ is not being spent on that. It's 2 backend engineers to work on backend according to the press release.
I just don't see E2EE as a priority for a Mastodon experience.
-
@jaz @benpate @earth_walker Signal is also a centralized service controlled by a very few people with the ability to be blocked and cut off easily.
I don't see E2EE fedi as competition for Signal, it's just a way to ensure comms are at least somewhat protected. Is there something complex about the implementation that makes you feel you are operating a E2EE service beyond the fact that Masto servers already do that via TLS?
-
I agree. I love groups! A lot of great work happening there.
-
@aslakr I can only imagine @evan says "like what?" because he's thinking of the protocol / backend work and not Mastodon as a piece of software with a frontend.
There's so much sub-par public UX in Mastodon, but even more so if you look at the Admin and Moderation panels. A lot needs a rethink.
But this $$$ is not being spent on that. It's 2 backend engineers to work on backend according to the press release.
I just don't see E2EE as a priority for a Mastodon experience.
@matt I say "like what?" because part of what I do for a living now is find problems that are keeping the Fediverse from growing and improving, and then I find money to help fix those problems. Sometimes with technology, sometimes with convening meetings, sometimes with research.
So, knowing what experienced instance operators like you think needs to be done to make the Fediverse bigger and better is a really big deal for me!
-
@matt I say "like what?" because part of what I do for a living now is find problems that are keeping the Fediverse from growing and improving, and then I find money to help fix those problems. Sometimes with technology, sometimes with convening meetings, sometimes with research.
So, knowing what experienced instance operators like you think needs to be done to make the Fediverse bigger and better is a really big deal for me!
I think it'd be good to get more of this kind of input, though. I am thinking about good ways to do it.
-
@jaz @benpate @earth_walker Signal is also a centralized service controlled by a very few people with the ability to be blocked and cut off easily.
I don't see E2EE fedi as competition for Signal, it's just a way to ensure comms are at least somewhat protected. Is there something complex about the implementation that makes you feel you are operating a E2EE service beyond the fact that Masto servers already do that via TLS?
@reflex @benpate @earth_walker
I'm not trying to be snide here, I mean this very literally.
I don't know what I don't know about operating an E2EE, patio, porn, or recycling business. All I know is they are all regulated, require licensing, insurance, have wildly different requirements in different jurisdictions.
I've done the work for operating social media services.
I have no intention of doing the work for any of the other services listed.
(Export controls come to mind though.)
-
-
@evan There's probably two very different buckets full of 'Things I'd like to improve as a Fediverse admin' and 'Reasons why people don't want to adopt yet another social media site in 2026' and there's little overlap between those two buckets.
Do you publish your findings and research anywhere publicly? I'd be interested in reading along.
-
@evan There's probably two very different buckets full of 'Things I'd like to improve as a Fediverse admin' and 'Reasons why people don't want to adopt yet another social media site in 2026' and there's little overlap between those two buckets.
Do you publish your findings and research anywhere publicly? I'd be interested in reading along.
For the personal relationships research work I did, it's on my personal blog. There's a video, too.
-
Done, no AI used so criticism is welcome:
https://pen.waltuh.cyou/autumn/the-social-web-foundation-adds-end-to-end-encryption-to-mastodon-and-why-this
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login