Micah LeeYou know instance admins can read your direct messages in the fediverse? Twitter and Facebook also can - and sometimes do - read your private messages, and they have infrastructure to comply with law enforcement requests. I'd love to see some end-to-end encryption built into Mastodon clients.
Constance Variable@micahflee just use matrix / xmpp.
Rysiekúr (old account)@lambadalambda @micahflee the solution here is not to use a different tool, but to fix the tool we're using. There is no reason why #Mastodon couldn't support #e2e #encryption in private messages.
@rysiek @micahflee SUre, but why? There are already several mature open source federated e2e encrypted chat systems available. Both xmpp and matrix could even be easily integrated into the existing user@instance id scheme. They have mobile clients, web clients, desktop clients...
It's neat to encrypt a tweet and send it to someone, but it just seems like the wrong tool for the job.
It's neat to encrypt a tweet and send it to someone, but it just seems like the wrong tool for the job.
@lambadalambda @micahflee but that's the tool people are using. I use XMPP+OTR, e-mail+PGP, Signal, etc., but if somebody is not as tech-savvy but is already here, I don't see why they should not have the option of encrypting private messages.
Or, put a bit differently: https://mastodon.social/media/N9MHhHNBYckrKdO8bPc
@lambadalambda @micahflee Yes, that is a concern. Still better than nothing though.
Also, you're completely ignoring apps. If #Mastodon has official and standardized support for #e2e #encryption, apps can implement it, closing the JS loophole.
pettter ✅@rysiek @lambadalambda @micahflee I think adding an integrated XMPP+OMEMO server and client in Mastodon is a good idea. I think creating something homebrew is a bad idea.
BjarniBjarniBjarni 🙊 🇮🇸 🍏@pettter @rysiek @micahflee FWIW, I agree with @lambadalambda - it can be argued that private messages are simply a misfeature in OStatus since they cannot be truly private without extra (non-standard) hacks.
Keeping things simple is valuable; using the right tool for the job (some other protocol for private messages) is good engineering.
[MOVED] Christopher Webber@HerraBRE @micahflee @rysiek @pettter Note that having private messages work cleanly (and no different than public posts) is one of the things ActivityPub was designed for. The design is much closer to email delivery... outbox -> inbox, w/ to, cc, bcc addressing.
@cwebber @micahflee @rysiek @pettter I think some of us feel that creating new "private messaging" channels that lack e2e crypto is really not something we should be doing anymore.