Big news for the #Fediverse!
General Discussion
29
Posts
9
Posters
0
Views
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
-
Keys will be encrypted on the browser, locked with a separate password that’s not shared with the server.
There are some other synchronization issues we’re going to work out, but not before our first sets of code are due.
There’s more here than I can cover in 500char toots. But I’d be happy to chat some time to hear your thoughts
@benpate @bonfire @swf @sovtechfund Another thought before I'll catch up on sleep:
If the code that handles the key material comes from the webserver, that does not stop a government that's hostile from ordering the website owner to run malicious code that'll also encrypt messages for their people... That's what I worry mainly about in terms of security.
-
I am woefully ignorant here. Spare a link for this poor lad?
-
@benpate @bonfire @swf @sovtechfund Another thought before I'll catch up on sleep:
If the code that handles the key material comes from the webserver, that does not stop a government that's hostile from ordering the website owner to run malicious code that'll also encrypt messages for their people... That's what I worry mainly about in terms of security.
Yes. There has to be trust somewhere along the path.
You could host your own server, but you’d still have to trust the developers to not install a back door. Or a supply chain hack. Or…
-
@benpate @bonfire @swf @sovtechfund Another thought before I'll catch up on sleep:
If the code that handles the key material comes from the webserver, that does not stop a government that's hostile from ordering the website owner to run malicious code that'll also encrypt messages for their people... That's what I worry mainly about in terms of security.
One goal is to make this an interoperable standard, so that you could make your own client app, then use your ActivityPub server as only a dumb pipe.
I think that would instill trust.
More in the AM.
-
undefined oblomov@sociale.network shared this topic
undefined notizie@poliverso.org shared this topic
-
@bonfire @swf @sovtechfund @benpate Ooof, just another instant messenger..?
We've already had XMPP since the 90s... and since then it's become pretty reliable.
i hope there'll at least be interoperability. I'm so tired of new ways to communicate that are not interoperable with what's already there.
@erebion @bonfire @swf @sovtechfund @benpate @evanprodromou
There is room for more instant messagers:
https://mov.im/blog/debacle/76bf90a4-5f59-4962-92db-6cd859f42ec9
-
Yes. There has to be trust somewhere along the path.
You could host your own server, but you’d still have to trust the developers to not install a back door. Or a supply chain hack. Or…
@benpate @bonfire @swf @sovtechfund The weak point will be wherever you host the webserver. If a court or corrupt official orders them to install something bad, perhaps a backdoor, that is an issue.
-
@benpate @bonfire @swf @sovtechfund The weak point will be wherever you host the webserver. If a court or corrupt official orders them to install something bad, perhaps a backdoor, that is an issue.
Yes, agreed. I know I said this before, but can't find it:
One important goal is to make a solid, consistent client-side API - something like what C2S was intended to be. That would enable interchangeable clients for mobile/desktop/etc that work with any server.. and greatly increase the trust factor.
I'm only good at making web apps, so that's what Emissary's first client will be. But there will be space for others to build on top of this work.
-
@erebion @bonfire @swf @sovtechfund @benpate @evanprodromou
There is room for more instant messagers:
https://mov.im/blog/debacle/76bf90a4-5f59-4962-92db-6cd859f42ec9
I feel like this is the right time to mention https://xkcd.com/927/
You're very right here. There are tons of IM services. "Why introduce another one?" is a reasonable question
But I don't see it in those terms because we're not creating a new network. This is adding features to network we already have
I'll still use Signal. And Apple Messages
And I'd also like to talk privately with people here, as well. There is room for both.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@julian Many of the hashtags that I use are not for discovery or not only. They are also or exclusively there to trigger filters.
-
I feel like this is the right time to mention https://xkcd.com/927/
You're very right here. There are tons of IM services. "Why introduce another one?" is a reasonable question
But I don't see it in those terms because we're not creating a new network. This is adding features to network we already have
I'll still use Signal. And Apple Messages
And I'd also like to talk privately with people here, as well. There is room for both.
-
Don't forget NodeBB is also based off of groups! We've increased support for it in 2025 and it's continuing to be our core focus into 2026.
-
That giant pile of hashtags and you don't use #ActivityPub? 😂
-
Yes, agreed. I know I said this before, but can't find it:
One important goal is to make a solid, consistent client-side API - something like what C2S was intended to be. That would enable interchangeable clients for mobile/desktop/etc that work with any server.. and greatly increase the trust factor.
I'm only good at making web apps, so that's what Emissary's first client will be. But there will be space for others to build on top of this work.
-
@🌴 Seph 💭 👾 Fun fact: Hubzilla (which my post and this comment come from) has a feed reader, too. But Hubzilla is the most powerful and feature-rich Fediverse server software out there. So if Friendica is overkill for you already...
#FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Friendica #Hubzilla #FeedReader
-
@jupiter_rowland I do wish Friendica wasn't the only one with a feed reader, as Friendica is overkill for my needs most days.
-
@benpate @bonfire @swf @sovtechfund The weak point will be wherever you host the webserver. If a court or corrupt official orders them to install something bad, perhaps a backdoor, that is an issue.
