What actual privacy looks like for android apps:
Others: "We encrypt your data" (server-side, they have keys)
Us: End-to-end encryption (E2EE, you have keys)
Others: "We don't sell data" (but share with "partners")
Us: Zero data collection architecture
Most apps do the left column. Only 4 do the right.
#E2EE #ZeroKnowledge #privacy #privacy #security #health #android #apple #app #women #girls #cybersecurity #mentalhealth
RE: https://social.xwiki.com/@CryptPad/115723032257269334
Last day to benefit from our holiday offer! ⏰
You have until today, midnight Central European Time (CET time zone) to use our coupon code and enjoy a 50% discounted new paid plan. 💸
Encryption is never far from the political crosshairs.
Now more than ever, we need to stand our ground to combat attempts to break encryption for surveillance.
Because privacy is our defence against hackers and predators.
Become an ORG member today ⬇️
https://www.openrightsgroup.org/join/
#ORG2025 #digitalrights #e2ee #encryption #privacy #cybersecurity #ukpolitics #ukpol
Lurking in the UK Online Safety Act is the spy clause that could make encrypted message apps scan our private chats.
This would shatter our right to privacy and create vulnerabilites that anyone could exploit.
That's why we launched #PracticeSafeText ⬇️
https://www.openrightsgroup.org/blog/the-case-for-encryption/
#ORG2025 #digitalrights #e2ee #encryption #privacy #cybersecurity #ukpolitics #ukpol
When the UK government tried to force Apple to give them backdoor access to encrypted products, we stepped in.
We ensured that at least some of the appeal would be heard in public, recognising the huge global implications for secure communication.
Read more ⬇️
#ORG2025 #digitalrights #e2ee #encryption #Apple #privacy #cybersecurity #ukpolitics #ukpol
2025 has seen sneaky attempts to break encryption. ORG was there to fight back 🔒
We resisted the UK government's attempt to force a backdoor into Apple encryption. We’ll keep fighting until the dangerous powers that remain on the books are gone.
Find out more ➡️ https://www.openrightsgroup.org/campaign/save-encryption/
#ORG2025 #digitalrights #e2ee #encryption #Apple #privacy #cybersecurity #ukpolitics #ukpol
Defending #Encryption in the U.S. and Abroad: 2025 in Review
Defending encryption has long been a bedrock of our work. Without encryption, it's impossible to have private conversations or private data storage. This year, we’ve seen attacks on these #rights from all around the world.
#privacy #security #cryptography #e2ee
https://www.eff.org/deeplinks/2025/12/defending-encryption-us-and-abroad-2025-review
Anatomy of an E2EE ActivityPub Note in Enigmatick
Over the break I spent some time revamping my structs and enums for handling #E2EE #ActivityPub exchanges. This is what I have at the moment for the initial Create from the client (this is subject to change).
Cicle: Offline Period Tracker
CryptPad
Tom Stoneham
Open Rights Group
🚀 Несерьёзный Выдумщик 👨🔬🛠
PrivacyDigest
Justin Thomas{
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://purl.archive.org/socialweb/mls"
],
"type": "Create",
"actor": "https://enigmatick.social/user/jdt",
"to": [
"https://enigmatick.social/user/mls-tester"
],
"cc": [],
"object": {
"mediaType": "message/mls",
"encoding": "base64",
"published": "2025-12-29T21:11:17Z",
"type": "Note",
"to": [
"https://enigmatick.social/user/mls-tester"
],
"cc": [],
"attributedTo": "https://enigmatick.social/user/jdt",
"content": "AAEAAhDIkTdahK5U3s1SQBbA2fIvAAAAAAAAAAEBABzHJj3+WZDE3Hw6H5W9YNhE3bhDSyExL4tnn0E5QOvPUeOgYdo/2n+rGUI1M8wupeK2bt919jAs8yTj2awvBAsprxAInHm8qWgq2FER2xjcpAx9f42ncAL8Xehfy3v6vonGuAPkYteAzdFCC8mGWxg3slpI+VoPrSWThSKqjMNxttZSfvbnhEFYw0jUFmJwxOecDS8n3UVjuLDt14V0Fw9YMv+XXUgKj9bWaCPi0qhuatcgxCqXwXzpevJBhY0trbPZgjB8LlhC/zcx5NNLI9WJtCF9zq3RPkG6ByPdH6IWTH5drOJyvefILElybP4eGMSoGWZATmGUQm/k3iKG6tRyzMM/fHxpIz34",
"tag": [
{
"type": "Mention",
"name": "[at]mls-tester@enigmatick.social",
"href": "https://enigmatick.social/user/mls-tester"
}
],
"attachment": []
},
"published": "2025-12-29T21:11:17Z",
"instrument": [
{
"type": "VaultItem",
"content": "oAjN0c2+q5gCtrFlauGU1kbKGizm5a5pH+iY5cObdihVBjjsSiSbkeu6XQ7/RR4lcn0OIqS9O+MVJ0QyympRxt7JI9qzCGlkCFcAyp4oe8nhh/YG7WHoLWL272vPqlq8A/Yf0YFprhIBlU48sJF6A1iRlU4fEBaRwnwV4gniSCQr55jpDe++M/HD3bSFJNcvpmf5BH9G4Z3VBaB8HMnDECGzFrB8zFycAR0w1SNYbGJuXFsopfMb4EfPkZoHT28="
},
{
"type": "Welcome",
"mediaType": "message/mls",
"encoding": "base64",
"content": "AAFAmCDd32lw8FF8QC6uFjAHr3mgvxBPjuGV1Pssxx+h5CNhcCAv4/tP+dWUbCq6L4A+aMr+L1uP3Xkusb4ea2H80EgFOUBUqHDCdGzjAhZdLCrjE0kM/aou36ZSZc0ahftKmE07chTiMUo8FgIj12deS4A0l3sXAR8x724HeigtyObI1GK7fxMGXU5oWemHGhS1unxK6XVyiuqvQriKP+VJPZa6JzN3Yb4r4l9B5jUfNUc5gX3XvzkzcO57Exj8SgpTTygo2zBTOPQ+6steYycUA70ed3LPKEfSCllIWeWAV+J+EFh7ywm90XFYzaPrXVudIx3orRzVMFnIldLax3oHUW5uXIrGQ06JWfgdOQ6DByb2iy/Dw4zJlbZP1oJptBTgO19IqUQaz58wrWDBSiYIT3h1jOXE3GvJgeeQIiW78noO5MF3xI3WRXB4C0cttyKm7Od2CBOk1USo+TDLCevnmExhlKlVTobTMMI4xZ1vVCdYpnb0k9rO7coVKPueBqVg2mE20GS/IoRG0v8+h0xUKIgsbYua41krjXoB5hctX4kH3lRO+qERkoXEcLVxRJuyeZEGsk4XrJ18AigU1a8gB6cZZ5LyvcV756yelu6F6MRQKba6zawDLOn4Takm3Lr3urfWo5Br7DBZcigMVjzGn8MhLSIEMhv6Ehmqajj9Vl6sTnpi90tVYWUtKO1buPrk3AiXrsbnEoNubqCs1sVmA93/Z0CcE8GQa1dO7NywofSV4/ax/tmBCZEoU6/uL7ygZHt8ZvSyd6wniPCR6sfd4ys4O8C7qW1KKFtEBbb1lMre494ZeXI5v0sG7MwbwFtI3d2uRHtWZ8v9khGr1ds4AFz3QnvoMSUtsR2kvq+C6H45kUs2ae957+txpKt5MDrcmK+CTTcX/FhlAtib4mlbs+Aj4WJFLOkXuB+MlHOMBlMz3ndJ5I3GDbo+VQvdJC2mCUOBWraihOV92mQQHi2gLXAA1NSsZIjXgnyVSYsrUvNJgTvw+AOVmJ7q5tXENPlZoOKUjSB3fEmKlywf90EQLUjDpphnYtvdFz8Oh8Vbgze+QAQp2VVYImI+1voBErK1EMKqEDFz1DC1CWUzqhl3k2pMgx00JhP3ZZpbX7YtjRmLjJM="
}
]
}
The mention of mls-tester has an [at] to avoid triggering my automatic webfinger resolution.
I've adopted the mediaType and encoding attributes from the draft ActivityPub specification. And I've standardized the Welcome message to incorporate those.
The Create includes the Welcome and a VaultItem as instruments rather than being sent as separate activities. The Welcome can include any number of recipients, so one within the activity should be sufficient.
The VaultItem is specific to the #Enigmatick client and isn't intended to be federated. That's how I'm handling ongoing access to the decrypted data; the VaultItem is a symmetrically encrypted representation of the original content that can be safely stored on the server for repeated use by the client. I'll need to eventually update the @context with that extension.