Ben Pate 🤘🏻RE: https://mastodon.social/@eff/115996451312302984
Wouldn’t it be cool if you could send encrypted DM’s on the Fediverse BEFORE you could do it in Bluesky? #JustBetweenUs
Ben Ramsey@benpate There’s not a lot stopping this from being added at the client level today, but the 500-character default restrictions set by the Mastodon (and other) server software makes it difficult to fit into a single post.
@benpate I wonder if the Fediverse can build on the back of the Signal Protocol. I think that protocol is non-federated, so folks would need to figure out a way to federate it, which is probably really tricky.
We are. 😳
To be more helpful and specific, we are using the MLS protocol, which is an open standard inspired by the signal protocol.
I’ve written up my description of the project here, with links to the official announcements and specifications: https://emissary.dev/e2ee
pink@benpate
The @HolosSocial project i mentioned after Your talk at #Fosdem does implement the e2ee with the signal protocol:
https://mastodon.social/@HolosSocial/115986023918493823
Maybe they are interested in collaboration on the e2ee activities.
@ramsey
The @HolosSocial project i mentioned after Your talk at #Fosdem does implement the e2ee with the signal protocol:
https://mastodon.social/@HolosSocial/115986023918493823
Maybe they are interested in collaboration on the e2ee activities.
@ramsey
Very cool! And thanks for the link.. I’ll check this out and see what I can learn 😀
We’re not using the Signal protocol exactly. Technically is the “MLS” protocol, which was inspired by Signal, but makes some important changes to the ways that encryption keys are generated and shared.
It’s complicated, but MLS makes it possible to efficiently create very large groups (like thousands of people) — something that gets very cumbersome with Signal.
thomas_shone@benpate @ramsey @soatok is working on federated public key exchange specification and an example implementation (it's in PHP): https://github.com/fedi-e2ee . This is a key component of getting to E2EE in a federated configuration.
Soatok Dreamseeker@benpate @ramsey @thomas_shone The reference implementations are in PHP, but there's nothing preventing a Go or Rust implementation from materializing later on.
https://soatok.blog/2026/01/15/software-assurance-that-warm-and-fuzzy-feeling/ explains the testing methodology behind this project.
https://publickey.directory offers at-a-glance project status
@ramsey @thomas_shone pro strategy there
Terence Eden@ramsey @benpate I was able to do it a decade ago with Twitter DMs - although that had a 10k character limit.
https://shkspr.mobi/blog/2015/09/pgp-encrypt-twitter-dms-with-keybase/
https://shkspr.mobi/blog/2015/09/pgp-encrypt-twitter-dms-with-keybase/
PGP Encrypt Twitter DMs with Keybase
This is a quick tutorial on how to encrypt your Twitter messages using PGP with the help of Keybase.io. I read an article yesterday which seemed to imply that Twitter was mangling PGP encrypted messages (albeit unintentionally). There is a minor bug in Twitter's web interface - but PGP seems to work perfectly in apps. So, I want to demonstrate how it can be done successfully. I've written this …
On a technical level, yes. But you’d need a highly customized client or the UX would be atrocious.
We do have an effort going on now - not with Mastodon, but on the Fediverse in general - that’s aiming to launch mid-year.
So, it’s not a “what if” but really a “pretty likely to happen”
I love when open tech leads!
Tanguy ⧓ Herrmann@benpate we believe in you!
Emanuele PanzYes. And so are @Bonfire and I. Check out https://emissary.dev/e2ee
Sorry for being obtuse :)
We have chatted with @soatok (should I say, Mr. Tok?) about the project a bit, and welcomed his advice.
Jupiter Rowland@Ben Pate 🤘🏻 Technically speaking, Hubzilla has had encryption for years already, probably for longer than Mastodon has even been around. It comes on top of Hubzilla's permissions system which already makes Hubzilla inherently more private and secure than Mastodon.
Downside: Hubzilla's encryption only works within Hubzilla where it is an official, optional add-on. I'm not even sure if it works beyond the Zot6 protocol. But still, one can't say that the Fediverse doesn't have any encryption anywhere.
CC: @Ben Ramsey @Emanuele Panz
#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Hubzilla #Encryption
Downside: Hubzilla's encryption only works within Hubzilla where it is an official, optional add-on. I'm not even sure if it works beyond the Zot6 protocol. But still, one can't say that the Fediverse doesn't have any encryption anywhere.
CC: @Ben Ramsey @Emanuele Panz
#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Hubzilla #Encryption
That’s very cool.
How much work is happening on Hubzilla now? Is there a chance that we could implement this same MLS-based protocol on it?
I think the server-side work is minimal. And, you could even use my Typescript code as a starting point…
@Ben Pate 🤘🏻 Well, we're kind of in the aftermath of the recent Hubzilla 11 release. And I think the devs still have fresh plans.
#FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Hubzilla
#FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Hubzilla
You. I hear you. The “to do” list is always too long…
Well, Once I have a handle on the work involved, I’ll try to write up a guide for implementing this.
If you already support the C2S API, the server end should be next to nothing. E2EE means 97% of the work is on the client.
Double-replying to add: congratulations on the release, BTW.. I think I saw a presentation on this at FOSDEM.
🎉🎉🎉
julian@[email protected] jr pna, V nz fraqvat lbh n urnivyl rapelcgrq zrffntr evtug abj, va snpg! Vg vf fb tbbq lbh pna rira eha gur pvcure gjvpr naq vg vf qbhoyr rapelcgrq.
Mike P
william.maggosyes but I like #matrix...
it's complicated. I'd love the simplicity of one ID but I also think social media (public) and social networking (close community) need to be somewhat separate. old school twitter was a great example of the former vs the latter encompassing how we connect with family, friends and interest groups on Facebook. I'd argue phone calls and texting is social networking too.
anyway, the distinction matters for moderation. basically everybody vs just people I trust.
@wjmaggos Yes, and this (obviously) doesn’t replace Matrix.
On the Fediverse, I think direct messages / private messages are underdeveloped. I was just talking to someone who REALLY wants this, and also wants a more standard UI for small conversations.
The plan is to have both modes available, with newsfeeds for public conversations, and a separate panel (or even a separate app connecting to my Emissary profile) to manage private messages (both encrypted and plaintext.
@Ben Pate 🤘🏻 On the Fediverse, I think direct messages / private messages are underdeveloped.
Most of the Fediverse anyway. Including Mastodon.
The issue which makes people call for encryption is: Most of the Fediverse has got no permissions and no understanding for permissions. Mastodon DMs only define whom a toot is sent to, but not who is allowed to see it because this very concept doesn't exist on Mastodon. This means that anyone can pull anyone else into a "private" conversation just by mentioning them.
I think you can already guess that I'm looking at this from a Hubzilla veteran's point of view again. Hubzilla already had what's the Fediverse's second-most advanced permissions system before Mastodon was even developed. It works on three levels: for your whole channel, per contact, for certain content (e.g. a post and then the whole thread following it).
If you were on Hubzilla, too, and I sent you a message with only you as the target audience, i.e. a DM, not only would this define only you as the recipient, but it would also only grant you and me permission to see my DM as well as any and all follow-ups. You could mention other users all you want. They wouldn't receive your mention. They wouldn't be allowed to receive and see it.
And this is nothing Zot-specific. Forte has inherited the Fediverse's most advanced permissions system from (streams) which, in turn, is at the end of a whole tree of forks of Hubzilla. But while Hubzilla is based on Zot6, and (streams) is based on Nomad, Forte is entirely based on ActivityPub, and it doesn't support any other protocols. So in theory, it should be possible to port Forte's permissions system over to other Fediverse server software and even build an FEP from it.
The only downside is that it's rather complex, although Hubzilla's permissions system is even another bit more complex due to its dependency on templates. There's a monthly Hubzilla workshop in German, and it takes two sessions to cover permissions.
On (streams) and Forte, it's easier to handle, but you still have to know very well what you're doing and how to configure your new channel before you post anything or connect with anyone. That's also because (streams) and Forte default to private posting: At default settings both for your channel and for your new posts, the latter are restricted to your "Friends" access list (in which all your new connections land automatically) which makes Mastodon understand them as DMs.
CC: @william.maggos
#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Hubzilla #Streams #(streams) #Forte #Permissions
Most of the Fediverse anyway. Including Mastodon.
The issue which makes people call for encryption is: Most of the Fediverse has got no permissions and no understanding for permissions. Mastodon DMs only define whom a toot is sent to, but not who is allowed to see it because this very concept doesn't exist on Mastodon. This means that anyone can pull anyone else into a "private" conversation just by mentioning them.
I think you can already guess that I'm looking at this from a Hubzilla veteran's point of view again. Hubzilla already had what's the Fediverse's second-most advanced permissions system before Mastodon was even developed. It works on three levels: for your whole channel, per contact, for certain content (e.g. a post and then the whole thread following it).
If you were on Hubzilla, too, and I sent you a message with only you as the target audience, i.e. a DM, not only would this define only you as the recipient, but it would also only grant you and me permission to see my DM as well as any and all follow-ups. You could mention other users all you want. They wouldn't receive your mention. They wouldn't be allowed to receive and see it.
And this is nothing Zot-specific. Forte has inherited the Fediverse's most advanced permissions system from (streams) which, in turn, is at the end of a whole tree of forks of Hubzilla. But while Hubzilla is based on Zot6, and (streams) is based on Nomad, Forte is entirely based on ActivityPub, and it doesn't support any other protocols. So in theory, it should be possible to port Forte's permissions system over to other Fediverse server software and even build an FEP from it.
The only downside is that it's rather complex, although Hubzilla's permissions system is even another bit more complex due to its dependency on templates. There's a monthly Hubzilla workshop in German, and it takes two sessions to cover permissions.
On (streams) and Forte, it's easier to handle, but you still have to know very well what you're doing and how to configure your new channel before you post anything or connect with anyone. That's also because (streams) and Forte default to private posting: At default settings both for your channel and for your new posts, the latter are restricted to your "Friends" access list (in which all your new connections land automatically) which makes Mastodon understand them as DMs.
CC: @william.maggos
#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Hubzilla #Streams #(streams) #Forte #Permissions
I’ll try to post some screenshots when I have them, so you can see where this is heading. I think the UX is critical for this to work right, and I think it will feel really smooth and natural when we roll this out.
I'm sure it will be great but I could also see approaching it by having server software and apps that did both AP and matrix.
I imagine the future being less about running an AP server than running a server for musicians that does AP but also simultaneously some new protocol that lets it be part of a decentralized Spotify etc. For most people, they probably don't want separate servers and apps for microblogging, pics, videos. etc.
Oh and maybe matrix replaces text, phone, zoom...
DHeadshot's Alt@benpate
Trouble is, it requires JavaScript, so would never work in #snac2 or the #Brutaldon Mastodon client!
Trouble is, it requires JavaScript, so would never work in #snac2 or the #Brutaldon Mastodon client!
This is true. But it is the only way to guarantee that the complex math of encrypting your messages happens before anyone else can see it.
I am building this in very distinct layers, so I am hopeful (but cannot guarantee) that someone in the future can come along and repackage this as an installable app.