fsebugoutzone.org:9999

       Post B2pKcbbHES4fQhMYpU by fathermcgruder@jorts.horse
 (DIR) More posts by fathermcgruder@jorts.horse
 (DIR) Post #B2pCnSmxXC0HeYUfWi by apps@toot.fedilab.app
       2026-01-30T22:50:14Z
       
       0 likes, 0 repeats
       
       Yes, it&#39;s possible for Fediverse apps like Fedilab to support end-to-end encrypted DMs. We plan to write a FEP where actors expose their public keys in their profile. Each app would manage encryption locally while servers act as relays. The security model is the same as Signal: private keys stay on the device, servers only see encrypted data.
       
 (DIR) Post #B2pKcbbHES4fQhMYpU by fathermcgruder@jorts.horse
       2026-01-30T23:41:15Z
       
       0 likes, 0 repeats
       
       @apps What about integrating XMPP?
       
 (DIR) Post #B2pLjmp40QYEDTndHU by apps@toot.fedilab.app
       2026-01-30T23:52:17Z
       
       0 likes, 0 repeats
       
       @fathermcgruderXMPP would require adding a separate messaging protocol on top of ActivityPub. We prefer keeping E2EE native to ActivityPub so existing Fediverse apps can add encryption without needing another protocol stack.
       
 (DIR) Post #B2pNsvR3YLK9RX3WRU by jesuisatire@social.tchncs.de
       2026-01-31T00:17:56Z
       
       0 likes, 0 repeats
       
       @apps Some way to join forces with @delta ?
       
 (DIR) Post #B2puD3VyQ9zwpEzyAC by virbonus@sueden.social
       2026-01-31T06:55:53Z
       
       0 likes, 0 repeats
       
       @apps @pachli Great idea!
       
 (DIR) Post #B2r8G5YqrUrKYce3VI by silverpill@mitra.social
       2026-01-31T21:07:45.170388Z
       
       0 likes, 0 repeats
       
       @apps You can expose public keys with FEP-c390: Identity Proofs. Identity proofs are more secure than simple public key profile fields because they make it harder for a malicious server operator to replace a client-generated key with his own key.
       
 (DIR) Post #B2rCYT58YCbmXDlXBQ by apps@toot.fedilab.app
       2026-01-31T21:20:09Z
       
       1 likes, 0 repeats
       
       @silverpillYou&#39;re right, FEP-c390 is more secure than a simple profile field. We should use Identity Proofs instead of plain profile fields in a E2EE FEP. Thanks for sharing.
       
 (DIR) Post #B2rHVrDEsP1GHE86j2 by silverpill@mitra.social
       2026-01-31T22:51:37.469445Z
       
       0 likes, 0 repeats
       
       @apps Great, I am going to take a look at the FEP.Identity proofs were designed for a different use case, where person&#39;s public key is known beforehand (e.g. published on a trusted keyserver). But in theory they should also be a good fit for E2EE. We&#39;ll see.