fsebugoutzone.org:9999

       Post B0q4NFIXzFWpdK1BeC by raucao@kosmos.social
 (DIR) More posts by raucao@kosmos.social
 (DIR) Post #B0q085FYfESKJD8PlA by sozialwelten@ifwo.eu
       2025-12-02T11:44:28Z
       
       0 likes, 0 repeats
       
       End-to-end Encryption (E2EE) over ActivityPubEncrypted direct messages supply the confidence that people need to connect with family, friends and colleagues privately over a social network. As part of the Summer of Protocols 2024, we explore the integration of end-to-end encryption (E2EE) into the ActivityPub protocol.https://socialwebfoundation.org/program-protocol-e2ee/#ActivityPub #E2EE #SocialWeb #Foundation #SocialWebFoundation #Encryption #Verschlüsselung #Sicherheit #Privatnachricht
       
 (DIR) Post #B0q086uiTgyNT9OnYG by raucao@kosmos.social
       2025-12-02T11:45:52Z
       
       0 likes, 0 repeats
       
       @sozialwelten It&#39;s 2025 now, and there are no tangible results.
       
 (DIR) Post #B0q0889Ht0DrIdDwu0 by sozialwelten@ifwo.eu
       2025-12-02T11:54:48Z
       
       0 likes, 0 repeats
       
       @raucao It is also not a part of the official Mastodon Roadmap even though there are some open issues in the GitHub repository concerning E2EE. I personally hope that it will get integrated into ActivityPub and/or Mastodon but for 2026 and 2027 I do not see any signs that there is anything remotely close to being published. #E2EE #Issues #Github: https://github.com/mastodon/mastodon/issues?q=is%3Aissue%20state%3Aopen%20e2ee #Mastodon #Public #Roadmap: https://joinmastodon.org/roadmap
       
 (DIR) Post #B0q088UCdEx8LV0eVE by koteisaev@mastodon.online
       2025-12-02T12:09:27Z
       
       0 likes, 0 repeats
       
       @sozialwelten @raucao I searched for some progress information, and found this: https://www.w3.org/2024/09/25-e2ee-minutes.html
       
 (DIR) Post #B0q089FLnwfOhj4IzY by raucao@kosmos.social
       2025-12-02T12:12:36Z
       
       0 likes, 0 repeats
       
       @koteisaev @sozialwelten There is zero progress in that, just a few people discussing what anyone interested in E2EE already knows.
       
 (DIR) Post #B0q089WMmgHHYV1tVw by raucao@kosmos.social
       2025-12-02T12:17:30Z
       
       0 likes, 0 repeats
       
       @koteisaev @sozialwelten FWIW, since Nostr identities are already based on key pairs by design, E2EE DMs are already being rolled out via an MLS-based protocol there:https://github.com/marmot-protocol/marmotI think it&#39;s a shame that none of the large AP implementers are prioritizing this, because without user-owned keys, not just are DMs unencrypted, but there can be no true user sovereignty and account portability on the fediverse.
       
 (DIR) Post #B0q08A4kipmdH97M6y by lain@lain.com
       2025-12-02T12:19:12.783705Z
       
       1 likes, 1 repeats
       
       @raucao @koteisaev @sozialwelten the problem is, as always, key management. nostr has the advantage that people are already comfortable with handling cryptographic keys. e2ee on AP doesn&#39;t make much sense if people don&#39;t own their keys.
       
 (DIR) Post #B0q4NFIXzFWpdK1BeC by raucao@kosmos.social
       2025-12-02T12:19:45Z
       
       0 likes, 0 repeats
       
       @lain @sozialwelten @koteisaev Yes.
       
 (DIR) Post #B0q4NGGoNBjaeEDJa4 by silverpill@mitra.social
       2025-12-02T13:06:21.791236Z
       
       1 likes, 0 repeats
       
       @raucao @lain @sozialwelten @koteisaev FWIW, encryption with user-owned keys is on my roadmap. I don&#39;t want to start with MLS, though, it&#39;s too complex. The first prototype will likely encrypt messages with user&#39;s identity key, as described in https://codeberg.org/silverpill/feps/src/branch/main/0806/fep-0806.md
       
 (DIR) Post #B0q4xIFeU4D7DYqvvk by raucao@kosmos.social
       2025-12-02T13:12:00Z
       
       1 likes, 0 repeats
       
       @silverpill @lain @sozialwelten @koteisaev Yes, that could be the first step for anyone. Still better than sending unencrypted DMs around.
       
 (DIR) Post #B0slBHYET9SZUUofnk by lutindiscret@mastodon.libre-entreprise.com
       2025-12-02T20:27:00Z
       
       0 likes, 0 repeats
       
       @raucao @silverpill @lain @sozialwelten @koteisaev the problem is not e2ee in itself. It&#39;s all the consequences: key management ux nightmare, no spam prevention from servers, no csam filter on servers, no search in server (client must download everything to index and search locally, good luck with mobile). I don&#39;t see a world where we have both e2ee and good usability 😞
       
 (DIR) Post #B0slBHsRG1cgVAGoIS by koteisaev@mastodon.online
       2025-12-02T20:46:11Z
       
       0 likes, 0 repeats
       
       @lutindiscret @raucao @silverpill @lain @sozialwelten I seen a good explainer (can&#39;t recall where) that systems either created for public communication (such as social media &amp; activity pub) or for private communication (such as e2ee messengers). And them both don&#39;t mix well.So attempt to stretch e2ee over fediverse will end mass usage of technical and social crutches and band-aids.That explainer proposed to use email for direct messages (with PGP?), OR giving links pointing to e2ee messengers
       
 (DIR) Post #B0slBIBw5XDdTdONge by lutindiscret@mastodon.libre-entreprise.com
       2025-12-02T21:25:16Z
       
       0 likes, 0 repeats
       
       @koteisaev yes. Fediverse is designed to give everyone a megaphone. Some people want to use the megaphone to have private conversations. Quite a strange idea. Same for e2ee encrypted messengers some will use as a megaphone (making rooms with thousands people).I agree a protocol between x people to automatically negociate a chatapp to dm would be cool. Or maybe integrate xmpp, there is a bluesky dm implementation based on matrix. Reuse may work best  @raucao @silverpill @lain @sozialwelten
       
 (DIR) Post #B0sp5afmrSuGsKtKnA by greyarea@mitra.vpclmulqdq.moe
       2025-12-02T22:41:46.113218Z
       
       0 likes, 0 repeats
       
       @silverpill @raucao @lain @sozialwelten @koteisaevAs a note, FEP-0806 is overly simplistic in that it has no forward secrecy.As an easy improvement, if the sender also generates a per-message ephemeral X25519 keypair, you can do static-static + static-ephemeral KEX and get imperfect forward secrecy (no additional round trips required).
       
 (DIR) Post #B0sp5bpkXuTCTWYnxY by silverpill@mitra.social
       2025-12-03T20:59:15.120343Z
       
       1 likes, 0 repeats
       
       @greyarea @raucao @lain @sozialwelten @koteisaev Thank you for the advice. I need to start with something simple in order to learn how cryptography works. Then it will be replaced with a more secure scheme.From what I learned so far, the core principle is pretty much the same in all modern encryption schemes, they differ in how shared symmetric key is generated. Is that correct?
       
 (DIR) Post #B1T8vOjFftQkB4F2Ce by raucao@kosmos.social
       2025-12-21T09:26:56Z
       
       1 likes, 0 repeats
       
       @silverpill @greyarea @lain @sozialwelten @koteisaev Thought I&#39;d share this here, in case someone missed it (I know I did):https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
       
 (DIR) Post #B1T8vQC0EU1SiWhVei by lain@lain.com
       2025-12-21T09:31:42.671411Z
       
       0 likes, 1 repeats
       
       @raucao @silverpill @greyarea @sozialwelten @koteisaev &gt;  &quot;object&quot;: {    &quot;type&quot;: [&quot;Object&quot;, &quot;PrivateMessage&quot;],oh come on