Big news for the #Fediverse!
General Discussion
36
Posts
14
Posters
79
Views
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
We hope this will enable the fediverse to become a safer space for activists and communities to organise, coordinate, and collaborate meaningfully. By making secure, user-friendly messaging a core part of the fediverse, we can help lay the groundwork for decentralised networks where people can go beyond talking in the mythical ‘global town square’ and actually organise and accomplish things together.
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
-
We hope this will enable the fediverse to become a safer space for activists and communities to organise, coordinate, and collaborate meaningfully. By making secure, user-friendly messaging a core part of the fediverse, we can help lay the groundwork for decentralised networks where people can go beyond talking in the mythical ‘global town square’ and actually organise and accomplish things together.
@bonfire is it feasible that someone could build a chat client that would let any Fediverse account privately talk with any other Fediverse account?
Because that would be insanely cool.
-
@bonfire is it feasible that someone could build a chat client that would let any Fediverse account privately talk with any other Fediverse account?
Because that would be insanely cool.
@alisynthesis The initial idea is that all fediverse apps (clients and servers) should implement the standard for maximum interoperability. But it's definitely worth thinking about what we could do to make that possible in any case!
-
@alisynthesis The initial idea is that all fediverse apps (clients and servers) should implement the standard for maximum interoperability. But it's definitely worth thinking about what we could do to make that possible in any case!
@bonfire very exciting! Thanks for your hard work on this.
-
undefined evan@cosocial.ca shared this topic on
-
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate Will this mean the possibility of friends-only (i.e. people you select, rather than anyone who follows you) posts on Mastodon/Pixelfed/similar? If ActivityPub ever gets mass adoption, that will be important, because when everyone’s here, so are griefers, trolls, pig-butchers and as yet uncategorised hostile actors.
-
@bonfire @swf @sovtechfund @benpate Will this mean the possibility of friends-only (i.e. people you select, rather than anyone who follows you) posts on Mastodon/Pixelfed/similar? If ActivityPub ever gets mass adoption, that will be important, because when everyone’s here, so are griefers, trolls, pig-butchers and as yet uncategorised hostile actors.
@acb @bonfire @swf @sovtechfund
This *specific* tech will make private groups, similar to Apple Messages, Signal, and WhatsApp.
It won’t make “Friends Only” posts, but.. both Emissary and Bonfire already provide different flavors of “Circles” that let you choose the visibility of your posts. https://emissary.dev/circles
Id live for other Fediverse tools like Mastodon to add this too.
-
@ligasser @bonfire Not sure, but:
- Specification: https://github.com/fedi-e2ee/public-key-directory-specification
- Implementation: https://github.com/fedi-e2ee/pkd-server-php
- Announcement: https://soatok.blog/2025/12/15/announcing-key-transparency-fediverse/
The AuxData thing should also be useful for folks that want to build atop my feature to add transparency to other types of public keys (or any other public commitments of static data, such as security researchers publishing hashes of vulnerabilities being disclosed).
Yes, this is excellent work -- and I really hope that @bonfire and @benpate leverage it in their implementations!
EDIT: here, @evanprodromou clarifies that this new project is alongside @soatok 's work - https://neuromatch.social/@evanprodromou@socialwebfoundation.org/115747757149878070
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate is it client or server side?
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate Around the world I can hear politicians screaming, "But what about the children? We need to stop this."
-
@bonfire @swf @sovtechfund @benpate is it client or server side?
Emd to end => Client side encryption. And only you will hold the private keys.
Messages travel via ActivityPub inboxes, but are opaque to the servers.
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate Ooof, just another instant messenger..?
We've already had XMPP since the 90s... and since then it's become pretty reliable.
i hope there'll at least be interoperability. I'm so tired of new ways to communicate that are not interoperable with what's already there.
-
@bonfire @swf @sovtechfund @benpate Ooof, just another instant messenger..?
We've already had XMPP since the 90s... and since then it's become pretty reliable.
i hope there'll at least be interoperability. I'm so tired of new ways to communicate that are not interoperable with what's already there.
@erebion @bonfire @swf @sovtechfund
Agreed. End to end encryption is nothing new. That’s why we’re using the MLS protocol that’s supported by tons of other messaging systems.
I think the “new” part will be building it alongside ActivityPub, so your existing network of contacts can talk to you in either plaintext or encrypted.
I’m not sure where in the world you are, but in my corner of it, it seems good to set up more ways for regular people to commmunicate reliably and safely.
-
@bonfire @swf @sovtechfund @benpate Ooof, just another instant messenger..?
We've already had XMPP since the 90s... and since then it's become pretty reliable.
i hope there'll at least be interoperability. I'm so tired of new ways to communicate that are not interoperable with what's already there.
@bonfire @swf @sovtechfund @benpate It doesn't matter whether people use landline or a mobile phone or even a satellite phone. They can call me.
But somehow everyone agrees it's just the way it is, you cannot contact someone that uses a different instant messenger.
Where the hell did this take the wrong turn?
We were promised the internet would let us all communicate with each other, anytime. Freely. A large network, decentralised. And suddenly we have many islands instead. :(
-
@bonfire @swf @sovtechfund @benpate Around the world I can hear politicians screaming, "But what about the children? We need to stop this."
Yup. Politicians probably will. Hopefully they start with bigger targets like Google and Apple.
The Fediverse has a unique advantage here, being so spread out means that there’s no one server that’s really worth going after.
And if someone forced to take E2EE off of one specific server, then everyone there could just up and move to a new servers. At max I t would be a day of downtime.
-
@erebion @bonfire @swf @sovtechfund
Agreed. End to end encryption is nothing new. That’s why we’re using the MLS protocol that’s supported by tons of other messaging systems.
I think the “new” part will be building it alongside ActivityPub, so your existing network of contacts can talk to you in either plaintext or encrypted.
I’m not sure where in the world you are, but in my corner of it, it seems good to set up more ways for regular people to commmunicate reliably and safely.
@benpate @bonfire @swf @sovtechfund
More ways aren't bad. But those ways should have turns and roundabouts and small footpaths and bridges and maps.
What good is a way that only connects a couple places, but isn't accessible from the rest of the world?
-
@bonfire @swf @sovtechfund @benpate It doesn't matter whether people use landline or a mobile phone or even a satellite phone. They can call me.
But somehow everyone agrees it's just the way it is, you cannot contact someone that uses a different instant messenger.
Where the hell did this take the wrong turn?
We were promised the internet would let us all communicate with each other, anytime. Freely. A large network, decentralised. And suddenly we have many islands instead. :(
Yeah, you’re not wrong about that. Back in the day, I loved the Trilliam IM client because I could sign in to every IM network from one window.
I’m hoping ActivityPub can become that landline+mobile+sat phone combo on the Internet.
UX will be key, here. Let us cook for a bit, and get some screenshots out to all of you. I’d love to hear your feedback once I have something to show for it.
-
@benpate @bonfire @swf @sovtechfund
More ways aren't bad. But those ways should have turns and roundabouts and small footpaths and bridges and maps.
What good is a way that only connects a couple places, but isn't accessible from the rest of the world?
@benpate @bonfire @swf @sovtechfund I'll read up on what ActivityPub does, but MLS seems like a pretty good start and makes me fear it somewhat less. :-)
Still, we need well thought out interoperability in our FOSS communities. We're more and stronger together.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@fabio this is getting annoying, every time you save your site you are sending a new version of all your likes so this thread gets bumped to the top of my feed
-
@macgirvin that's interesting, I hadn't thought of using punycode. Like @edent@mastodon.social my exposure to it was strictly limited to domains (and even then only to counter domain spoofing)
-
@edent@mastodon.social -- It's also used for the username component of email addresses iirc; as these are originally also specified as 7-bit US-ASCII. So I convert local usernames with idn. Just something I did out of habit really. You can use UTF-8 if you want, so I'm only saying that punycode seems to federate better based on my experience. We tested this with a bunch of fediverse software at the time and it just worked. We'll accept either.
-
@macgirvin
I thought Punycode was only for domain names. Are you saying you also use it for the user part?
-
@edent@mastodon.social -- I've just tested and that account also works fine with Hubzilla. I will mention that your implementation in this case uses url-encoded usernames while ours uses punycode. They should be able to interact just fine, but the fact that there are multiple ways to arrive at a solution could cause a bit of confusion for implementers.
You'll need to use punycode if you wish to federate with the diaspora protocol or email or any other projects or protocols which restrict the character set for usernames. So it might end up being a more flexible solution in the long run and should work fine with every other fediverse project today. ASCII-restricted software will just use the xn-- name; and all their links and buttons should work fine.
Url-encoding should also work, but perhaps not so universally and easily as punycode; as witnessed by the number of issues documented in this thread.
-
-
@jandi
Yes, that would really help. I will set the priority in the Weblate project for the part used to understand tags inside messages. Thank you for your continuous support on projects :)
-
@edent@mastodon.social -- Just looked again... this was first introduced as a hidden feature in redmatrix around 2013-2014, and so may also be available currently in Hubzilla (behind the "system.unicode_usernames" feature toggle). There were some major changes in 2019 that to my knowledge weren't ever backported. I think these only applied to local usernames and not remote usernames, but the functionality in hubzilla still might need to be verified.
