Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨ozoned@piefed.social⁩ to ⁨technology@lemmy.world⁩

https://indieweb.social/@evanprodromou@socialwebfoundation.org/115747328653649791

Bonfire and Ben Pate’s Emisaary (which powers Bandwagon) are the first two to implement.

source

Comments

Sort:hotnew top

frongt@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
Direct link: socialwebfoundation.org/…/implementing-encrypted-…

And as you might guess from the actual title, this is about user-to-user messages. I’m not sure how useful this is, because a thoroughly secure implementation is unlikely. A server operator could easily MITM your messages, if you don’t establish trust through a separate trusted channel.

source
- ozoned@piefed.social ⁨3⁩ ⁨weeks⁩ ago
  Thank you. Exhausted and posted the wrong link. Appreciate it.
  
  source
- ranzispa@mander.xyz ⁨2⁩ ⁨weeks⁩ ago
  I’d be confused as to how it would work since most of the fediverse is accessed through webpages or APIs. How do you E2EE for whichever device will connect?
  
  If I really want I can send the key to a friend I guess, but getting that to work on the various devices I may use seems a difficult task.
  
  source
  - artyom@piefed.social ⁨2⁩ ⁨weeks⁩ ago
    You can access lots of E2EE platforms with webpages.
    
    source
supersquirrel@sopuli.xyz ⁨3⁩ ⁨weeks⁩ ago

ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.

But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.

source
Lost_My_Mind@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Is E2EE end to end encryption?

source
- Illecors@lemmy.cafe ⁨3⁩ ⁨weeks⁩ ago
  Yes!
  
  source
  - Lost_My_Mind@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Kind of strange that they abbriviated “to” with “2”.
    
    Even stranger that I still got it right. Unless you’re messing with me. In which case, fair play. I’m totally clueless sometimes.
    
    source
    -> View More Comments
CosmoNova@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
I‘m not sure how this is handled in other places but since the Fediverse is a public forum I think you wouldn‘t have any rights to privacy on your Fediverse account in Germany. Any instance hosted there would likely still need to access your DMs if authorities order them to.

Still neat, though!

source
- ozoned@piefed.social ⁨2⁩ ⁨weeks⁩ ago
  The Fediverse is anything and everything. Yes, in general it’s a public forum, but if you run your own, you can still connect to others, have private conversations, etc. Until it really gets a groundswell and is tested in courts, I’d say we don’t honestly know at this point.
  
  Is email considered a public forum? I can make a DM on my GoToSocial similarly as I can send emails specifically directly to people or an entire mailing list.
  
  Only time will tell though.
  
  source
- victorz@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
  I thought Germany was cool. 🫤 Considering Tuta is based there.
  
  source
  - kami@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
    I am sorry to tell you that nowhere is “cool”. Or at least nowhere the main online services are located.
    
    source
    -> View More Comments
  - CosmoNova@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
    I mean you still have strict privacy rights on private communication channels. Channels that are generally not considered a public place. At least on paper.
    
    source
NGC2346@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
[deleted]
source
- ozoned@piefed.social ⁨3⁩ ⁨weeks⁩ ago
  I think shitjustworks is Lemmy or Piefed. So those apps could implement encryption and then yup!
  
  source