Comment on Pixelfed leaks private posts from other Fediverse instances - fiona fokus
Irelephant@lemm.ee 4 weeks agoPosts should be encrypted, this is what diaspora does. I agree with this. For emails though, pgp is used by no-one. Also, AP uses tls as well.
I was thinking that encrypted posts could work with multi key encryption (if my understanding of this post is correct stackoverflow.com/…/encryption-decryption-with-mu… ).
The problem (imo) is mastodon being the internet explorer of the fediverse, and refusing to do any encryption.
PhilipTheBucket@ponder.cat 4 weeks ago
Yeah. One of the very few design feature of AP that I like is that actors have their very own keys, which means that in theory you could have the keys stay in the browser unlocked by a passphrase or something, and make it so no one could forge a message by a user except that user.
It would be pretty easy to extend that, so that Lemmy DMs get encrypted with the key of the actor meant to receive them, private posts get multi-encrypted with the public keys of any approved followers, et cetera. But yeah it seems like the amount of attention this stuff gets is very minimal.
Irelephant@lemm.ee 4 weeks ago
That would also key in (no pun intended) with the nomadic identity FEPs.