Scott JensonFeb 19

#mastondon Friends!

There is a TON of improvements we could make to Private Mentions (often called DMs on other platforms) e.g.
* getting them out of the public timeline
* Having a stronger notification tied to the Private Mention tab
* (amount other things)

But here is my MAIN question: How critical is it that these message are encrypted? I'm not against encryption! It's just complex and will take time. If we were to make some UX changes as a first pass WITHOUT encryption would you be OK with that (at least for now?)

If you MUST have encryption, that's fine, please do me the favor of replying explaining why you need it.

Show threadBen Pate 🤘🏻

@scottjenson And on encryption, I think you could probably launch with UX improvements only, and leave encryption as a "fast follow". E2EE might not be *critical* but it's a *super-nice-to-have* ~ especially on today's internet.

The fact that we call them "direct messages" isn't enough; people have a natural expectation of privacy when they send DMs, and the Fediverse doesn't really honor that right now.

The more systems we can make "secure by default" the better.

Feb 20 at 12:58amWeb
Show threadBen Pate 🤘🏻Feb 20

@scottjenson

And.. you probably know, but just in case:

We have a solid spec for E2EE on the Fediverse now (https://swicg.github.io/activitypub-e2ee/mls) with #Emissary and #Bonfire launching later this year.

As you'd expect with end-to-end-encryption, *most* of the work is on the browser/client. The AP server changes are minimal: a new KeyPackage object to store, a new collection, & other small stuff.

When we have working JS code, it'll be AGPL, and you could use it as a baseline for Mastodon 😎

#JustBetweenUs

Messaging Layer Security in ActivityPub