Have you seen this news?
-
@jaz @benpate @earth_walker I understand you do not know, but my point is if you are operating a mastodon instance, and you are connecting users via https, you are already operating a E2EE service. That is what https is (via TLS, used to be SSL). You do not need to know more to have your messaging be E2EE within the instance unless they have done something very wrong with the masto instance.
It's an international standard, the concerns you have can be raised, but likely are not valid.
Sorry. We are talking about a different end. E2EE means encrypting messages from my device all the way through to your device, and not being decrypted by the server in the middle. HTTPs://does not do this, so this message I’m sending to you is readable by the admins of several intermediate servers.
It’s a very different model for communication.
-
@reflex @benpate @earth_walker I believe you may be underestimating my understanding of and experience with internetworking including the network and transport layers, but I'll just say that encryption in transit is not end to end , and the simple fact that I can moderate user-to-user (end to end) content on my service expressly informs that fact.
Let me put it another way, I have no intention of operating an unmoderatable community service.
@jaz @benpate @earth_walker To be clear, your line is one that leaves users vulnerable to malicious admins. I am unclear how it hinders moderation since again, screenshots are a thing.
Also referring people to a separate centralized service that cannot be simply moved out of a hostile jurisdiction and is easily blocked is not ideal.
-
Sorry. We are talking about a different end. E2EE means encrypting messages from my device all the way through to your device, and not being decrypted by the server in the middle. HTTPs://does not do this, so this message I’m sending to you is readable by the admins of several intermediate servers.
It’s a very different model for communication.
@benpate @jaz @earth_walker I did make this distinction, pointing out that it's server to client. My point, however, is that it raises the same concerns Jaz raised previously, namely things like insurance, licensing, export controls, etc etc. If that is a real concern, we are already operating under it.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login