Have you seen this news?

@jaz @benpate That's interesting, thanks!

@jaz @benpate I don't understand who you are talking about. IFTAS, SWF, cosocial.ca, Emissary, toot.wales, Mastodon? Also using technology from that company, or preserving privacy from that company?

I think users should use E2EE messaging for as many conversations as they can. Using encryption technology that is open source, reviewed by security pros, and based on open standards is the best.

@benpate

E2E encryption is great. Not including that from the start was a glaring oversight.

As for the other changes, well.. Mastodon the platform that sells itself on de-centralization is moving towards.. centralization. I have long said that Mastodon is just Telegram, if Telegram were designed by a group of idiots.

The euros in the fediverse seem dead set on making Mastodon a premier censorship platform.

@jaz @benpate my question was in particular about operating a server. I think there's a higher level of trust between users and server operators when there's a real-world relationship, like a business, household, non-profit or club.

@evan @benpate

I'm suggesting that a company, any company, whose privacy policy states "if this server is in jurisdiction X then certain things apply, but if not, then maybe something else" /and/ does not provide a terms of service, whosoever that company may be, they would not be my first choice for trusting them with my highly-sensitive messages, and nor would the software they may have created and distributed to keep those messages safe.

@jaz @benpate I thought you were concerned from the other direction, as a server operator.

@jaz @benpate yeah, absolutely. I think other people who run public servers may have the same concerns. I have a lot less concern with my colleagues at SWF, for example, or my family on prodromou.pub.

@evan @benpate 100%, you should get to do whatever you want to do for your family, colleagues, or 15,000 person server (if that's your desire).

My original reply is in reference to the original post about E2EE being added to Mastodon, which has has historically kind of sort of not been super great on the admin-gets-to-choose front, so I'm on record now saying make it optional for admins, or I have to pass the torch.

@benpate
Ruins communication with #Tootik and #snac2 and #honk and other JS-less Fedi software though?

@ddlyh

First, I'd just like to say that the notification summary on my phone read "Ben Pate ruins communication with..." and I said oh god, what has that asshole done now...

To be serious:

Yes and no. You obviously can't have E2EE if one side can't run actual software. Those platforms might manage keys and decrypt for you on the server, but that kind of breaks the spirit of E2EE.

More likely, those platforms would just not publish encryption keys, and continue sending plaintext messages.

@benpate I love that almost immediately after the announcement of potentially adding E2EE support there are a whole lot of posts saying "how dare they give us encryption!"

Like even if you have... some kind of bugaboo about it, it doesn't hurt you if it's there... It does, however, help protect a lot of users.

(And I'll never understand the "first fix absolutely everything else before adding anything new!" mentality. A. people can do two things at once, that's one of the great things about having more than one person working on a thing and B. there will always be something else that needs fixing. That is the nature of reality and imperfect things... If everything else must be fixed first, nothing would ever get done. Literally. We'd still be trying to perfect pointy sticks.)

@nazokiyoubinbou

So true, and I’m so glad you said this. I’ve been holding back on so many super-snarky replies that I really shouldn’t post publicly

The biggest thing I’m seeing is fear.. fear of change, and fear of the unknown.

No, the E2EE solution we’re building isn’t perfect (nothing is) but it’s been vetted by some very smart people who care deeply about getting this right.

So, most of the hot takes dissipate once you clarify the questions and alleviate the fear.

@benpate I'm reminded of an old adage, Zawinski's Law: "Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can." I've always thought it was stupid. Not the law. The fact that it happens. I already have perfectly good messaging systems, I don't need another one. Can't programs just stick to doing what they do well and let other programs do what they do well?
I already have RCS, Signal, WhatsApp, Instagram, oh and E-mail ...

@rusty__shackleford @sampler @benpate

Great read! Thanks for taking the time to write and share

@jaz @evan @matt @benpate and Nomadic Identities!

@jaz

Ok, I'm confused. What are your concerns exactly about E2EE in the fediverse? Is it added complexity for server admins?

As an user living through this period of the internet I barely see a reason why I wouldn't want E2EE for anything with direct personal communication. In fact I choose services exactly for that.

Shouldn't good E2EE be able to operate securely especially under hostile conditions? And is that not the point of open standards to do so?

@evan @benpate

@dusk
@sampler @benpate

I do need to update with new info/ best practices, but this is the gist of my logic surrounding the issue, thank you so very much for reading it!

@mikebabcock

Well, in a way, Mastodon already reads mail. I just see this as an upgrade to the existing feature set, but not really a change of mission.

I get your point that there’s already lots of encrypted messengers. But the encryption is the least interesting part. It’s the communities they serve that makes the biggest difference. And I believe E2EE will just help apps to serve people better.

@benpate I just think it adds something that needs ongoing maintenance when it's not the core functionality of the system.
Add a way to share direct message links with matrix or signal or something instead. Alas

@mikebabcock

For sure. The core feature set is growing. I’m lazer focused on E2EE at the moment, but there are actually a number of other BIG projects in their announcement. It’s going to be a very busy time at Mastodon HQ!