Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, youāll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because itās an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
@benpate I'm wondering what the advantage of e2ee private messages on Mastodon is when we have Signal, Matrix and other robust encrypted messaging tools that you could invite a friend to if you want to have a private conversation.
Is anyone worried about this creating moderation issues?
Generally I'm in favor of privacy and security, but I'm just not sure what the value of this feature is on Mastodon. Maybe you or others can provide your perspective on this.
I donāt have all the answers, but I believe thereās a network effect at work.
Signal is fantastic. I use it for lots of things. But itās āyet anotherā place to go.
But the Fediverse is my primary place to talk with people (like you)
If you and I could have a truly private follow-on discussion without switching networks, it would be a win for the Fediverse.
Signal also has 50 employees and money in the bank to pay the lawyers.
I'm certainly not a lawyer or expert on this, and I'm sure it varies between legal jurisdictions... but I thought that US law has (some?) liability protections for "common carriers" who pass data but are unable to read it.
Your ISP isn't liable for stuff you download over a secure HTTPS/SSL connection. In theory, the same *should* apply here. But still, someone may try to test it in court.
US law is certainly one jurisdiction, one which routinely compels the sharing of metadata of E2EE users and their conversations, and one which is trying very hard to remove a number of protections currently enjoyed by US-based service providers through legislation such as KOSA and EARN-IT.
Also, social media companies are not common carriers. That's a very different thing (like ISPs, telcos, and railroads.)
Also...
https://umap.openstreetmap.fr/en/map/fediverse-near-me_828094#3/25.799891/29.794922
Also, even if I enjoyed all the protections in the world, I am not in the E2EE business.
I am not in the patio installation business.
I am not in the porn business.
I am not in the banana peel recycling business.
I operate a public-facing social networking service for charitable purposes, with various liabilities I have chosen to take on, and various regulatory requirements I have chosen to comply with.
E2EE is not in my mission, nor in my wheelhouse, nor in my business plan.
@evan @benpate well, that warning would be more informative - but less readable - if it said "Direct messages on Mastodon, just like Twitter, Instagram, TikTok, LinkedIn and all your SMS messages, are not end-to-end encrypted. Do not share any highly-sensitive information over social media."
The gap here is people think the others /are/ private because they don't take the ethical stance of pointing this out.
Personally, I'd remove the warning.
50% of people in this survey think SMS is secure.
https://connect.lime-technologies.com/en/blog/messaging-data-privacy-survey/
Ben Pate š¤š»
senna.apk
jaz 
Evan Prodromou