Implementing Encrypted Messaging over ActivityPub
Social Web Foundation
4
Posts
4
Posters
15
Views
-
One of the project areas of the Social Web Foundation for the last year has been end-to-end encrypted messaging. ActivityPub, the standard protocol that powers the Social Web, has privacy controls, but they do not protect the content of messages from server operators. Encrypted messaging has become a standard feature on most social networks since ActivityPub was created, and its lack has inhibited Social Web adoption and public trust in the network.
ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.
But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.
We decided to partner with two different projects in order to make sure that we’re making an open standard that can work between implementations. With two implementers, we’ll need to communicate clearly about architectural and implementation decisions, and make sure that those decisions end up in the final version of the spec — not in a
TODOcomment in the source code of a single project.The first project is Emissary, the great social web application platform behind projects like Atlas and Bandwagon. Ben Pate, Emissary founder, says, “The Emissary Project is deeply committed to the Fediverse, where we are building a free and trustworthy Internet for all 8 billion humans. Delivering on that promise, Emissary is excited to team up with the Social Web Foundation to bring End-to-End-Encryption (E2EE) to the Fediverse. We are eternally grateful for the SWF’s leadership and support, without which this project could not have happened. Our work is already underway, and in 2026 anyone will be able to build E2EE applications on the Emissary platform.”
The second project is Bonfire. Bonfire is a modular framework for building federated apps, with its first app (Bonfire Social) offering a social networking experience enhanced with tools for privacy, trust, and collaboration (such as circles and boundaries).
The maintainers of Bonfire, Ivan Minutillo and Mayel de Borniol, said: “We think that end-to-end encryption should simply be the default for any private communication online. Working with the Social Web Foundation to bring E2EE to ActivityPub marks a crucial step in fostering privacy and trust, and especially in enabling the fediverse to become a safe space for activists and communities to organise, coordinate, and collaborate meaningfully. By making secure, user-friendly messaging a core part of the fediverse, we’re helping lay the groundwork for decentralised networks where people can go beyond talking in the mythical ‘global town square’ and actually organise and accomplish things together.”
This work will happen best if the Fediverse community tracks it closely. We’ll be making updates here on the SWF blog as progress continues. Developers and active users may also be interested in the ActivityPub E2EE Messaging Task Force at the W3C, where the specification is being developed into a report for the Social Web Community group. Finally, we’ll be using the #JustBetweenUs hashtag to share progress and ideas, so you can follow it to see what’s been happening.
-
One of the project areas of the Social Web Foundation for the last year has been end-to-end encrypted messaging. ActivityPub, the standard protocol that powers the Social Web, has privacy controls, but they do not protect the content of messages from server operators. Encrypted messaging has become a standard feature on most social networks since ActivityPub was created, and its lack has inhibited Social Web adoption and public trust in the network.
ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.
But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.
We decided to partner with two different projects in order to make sure that we’re making an open standard that can work between implementations. With two implementers, we’ll need to communicate clearly about architectural and implementation decisions, and make sure that those decisions end up in the final version of the spec — not in a
TODOcomment in the source code of a single project.The first project is Emissary, the great social web application platform behind projects like Atlas and Bandwagon. Ben Pate, Emissary founder, says, “The Emissary Project is deeply committed to the Fediverse, where we are building a free and trustworthy Internet for all 8 billion humans. Delivering on that promise, Emissary is excited to team up with the Social Web Foundation to bring End-to-End-Encryption (E2EE) to the Fediverse. We are eternally grateful for the SWF’s leadership and support, without which this project could not have happened. Our work is already underway, and in 2026 anyone will be able to build E2EE applications on the Emissary platform.”
The second project is Bonfire. Bonfire is a modular framework for building federated apps, with its first app (Bonfire Social) offering a social networking experience enhanced with tools for privacy, trust, and collaboration (such as circles and boundaries).
The maintainers of Bonfire, Ivan Minutillo and Mayel de Borniol, said: “We think that end-to-end encryption should simply be the default for any private communication online. Working with the Social Web Foundation to bring E2EE to ActivityPub marks a crucial step in fostering privacy and trust, and especially in enabling the fediverse to become a safe space for activists and communities to organise, coordinate, and collaborate meaningfully. By making secure, user-friendly messaging a core part of the fediverse, we’re helping lay the groundwork for decentralised networks where people can go beyond talking in the mythical ‘global town square’ and actually organise and accomplish things together.”
This work will happen best if the Fediverse community tracks it closely. We’ll be making updates here on the SWF blog as progress continues. Developers and active users may also be interested in the ActivityPub E2EE Messaging Task Force at the W3C, where the specification is being developed into a report for the Social Web Community group. Finally, we’ll be using the #JustBetweenUs hashtag to share progress and ideas, so you can follow it to see what’s been happening.
@evanprodromou is this overlapping or alongside the work done by @soatok ?
https://soatok.blog/2025/12/15/announcing-key-transparency-fediverse/
-
undefined evan@cosocial.ca shared this topic on
-
One of the project areas of the Social Web Foundation for the last year has been end-to-end encrypted messaging. ActivityPub, the standard protocol that powers the Social Web, has privacy controls, but they do not protect the content of messages from server operators. Encrypted messaging has become a standard feature on most social networks since ActivityPub was created, and its lack has inhibited Social Web adoption and public trust in the network.
ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.
But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.
We decided to partner with two different projects in order to make sure that we’re making an open standard that can work between implementations. With two implementers, we’ll need to communicate clearly about architectural and implementation decisions, and make sure that those decisions end up in the final version of the spec — not in a
TODOcomment in the source code of a single project.The first project is Emissary, the great social web application platform behind projects like Atlas and Bandwagon. Ben Pate, Emissary founder, says, “The Emissary Project is deeply committed to the Fediverse, where we are building a free and trustworthy Internet for all 8 billion humans. Delivering on that promise, Emissary is excited to team up with the Social Web Foundation to bring End-to-End-Encryption (E2EE) to the Fediverse. We are eternally grateful for the SWF’s leadership and support, without which this project could not have happened. Our work is already underway, and in 2026 anyone will be able to build E2EE applications on the Emissary platform.”
The second project is Bonfire. Bonfire is a modular framework for building federated apps, with its first app (Bonfire Social) offering a social networking experience enhanced with tools for privacy, trust, and collaboration (such as circles and boundaries).
The maintainers of Bonfire, Ivan Minutillo and Mayel de Borniol, said: “We think that end-to-end encryption should simply be the default for any private communication online. Working with the Social Web Foundation to bring E2EE to ActivityPub marks a crucial step in fostering privacy and trust, and especially in enabling the fediverse to become a safe space for activists and communities to organise, coordinate, and collaborate meaningfully. By making secure, user-friendly messaging a core part of the fediverse, we’re helping lay the groundwork for decentralised networks where people can go beyond talking in the mythical ‘global town square’ and actually organise and accomplish things together.”
This work will happen best if the Fediverse community tracks it closely. We’ll be making updates here on the SWF blog as progress continues. Developers and active users may also be interested in the ActivityPub E2EE Messaging Task Force at the W3C, where the specification is being developed into a report for the Social Web Community group. Finally, we’ll be using the #JustBetweenUs hashtag to share progress and ideas, so you can follow it to see what’s been happening.
-
@smallcircles @evanprodromou thanks!
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Next week is European Open Source Week in Brussels, culminating in FOSDEM 2026 on the weekend. There are several important ways to stay connected to the Fediverse while you’re visiting this week!
Mastodon maintains a booth at FOSDEM throughout the weekend. It’s a great place to get Mastodon merch or take a selfie with the Mastodon team.The Social Web Dev Room is a day-long event on Jan 31 in room H.2215 with loads of talks about Fediverse software and Fediverse organizing.There will be a loose mingling of Fediverse people at the À La Mort Subite bar in Brussels on Friday Jan 30 after 8PM. Wear a Fediverse symbol on a nametag or some other creative way so people can find you. Find your own table and then start mingling. There’s no organized activities or special space; just a node in space-time where you’re more likely to run into Fediverse people than normal.As always, watch the #FOSDEM and #socialwebfosdem and #FOSDEM2026 hashtags for news and updates.
If you’re not travelling to Brussels, watch for streaming video from room H.2215 . There are also Fediverse events happening throughout the world throughout the year; Fediforum keeps a great list of the most prominent.
-
@smallcircles @evanprodromou thanks!
-
Perhaps interesting to pass along. The other day I bumped into #TPS, the Trust Spanning Protocol, which is implemented by #Robrix matrix client on top of #MLS.
-
@evanprodromou is this overlapping or alongside the work done by @soatok ?
https://soatok.blog/2025/12/15/announcing-key-transparency-fediverse/
-
One of the project areas of the Social Web Foundation for the last year has been end-to-end encrypted messaging. ActivityPub, the standard protocol that powers the Social Web, has privacy controls, but they do not protect the content of messages from server operators. Encrypted messaging has become a standard feature on most social networks since ActivityPub was created, and its lack has inhibited Social Web adoption and public trust in the network.
ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.
But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.
We decided to partner with two different projects in order to make sure that we’re making an open standard that can work between implementations. With two implementers, we’ll need to communicate clearly about architectural and implementation decisions, and make sure that those decisions end up in the final version of the spec — not in a TODO comment in the source code of a single project.
The first project is Emissary, the great social web application platform behind projects like Atlas and Bandwagon. Ben Pate, Emissary founder, says, “The Emissary Project is deeply committed to the Fediverse, where we are building a free and trustworthy Internet for all 8 billion humans. Delivering on that promise, Emissary is excited to team up with the Social Web Foundation to bring End-to-End-Encryption (E2EE) to the Fediverse. We are eternally grateful for the SWF’s leadership and support, without which this project could not have happened. Our work is already underway, and in 2026 anyone will be able to build E2EE applications on the Emissary platform.”
The second project is Bonfire. Bonfire is a modular framework for building federated apps, with its first app (Bonfire Social) offering a social networking experience enhanced with tools for privacy, trust, and collaboration (such as circles and boundaries).
The maintainers of Bonfire, Ivan Minutillo and Mayel de Borniol, said: “We think that end-to-end encryption should simply be the default for any private communication online. Working with the Social Web Foundation to bring E2EE to ActivityPub marks a crucial step in fostering privacy and trust, and especially in enabling the fediverse to become a safe space for activists and communities to organise, coordinate, and collaborate meaningfully. By making secure, user-friendly messaging a core part of the fediverse, we’re helping lay the groundwork for decentralised networks where people can go beyond talking in the mythical ‘global town square’ and actually organise and accomplish things together.”
This work will happen best if the Fediverse community tracks it closely. We’ll be making updates here on the SWF blog as progress continues. Developers and active users may also be interested in the ActivityPub E2EE Messaging Task Force at the W3C, where the specification is being developed into a report for the Social Web Community group. Finally, we’ll be using the #JustBetweenUs hashtag to share progress and ideas, so you can follow it to see what’s been happening.
-
The schedule for the Social Web Developer Room at FOSDEM 2026 is starting to be populated as the speakers confirm their availability. We had a tonne of great submissions for this year’s track, and even with double the time from last year, we still had to leave some great talks on the cutting room floor. But we still managed to fit in 24 great talks, large and small. We’re going to see some additional events happening as FOSDEM 2026 gets nearer. Watch the #SOCIALWEBFOSDEM hashtag for more news and events.
-
A quick note: I will be the keynote speaker at SeaGL 2025, the Seattle GNU/Linux conference. I will be talking about how we Free the Social Web, using Free and Open Source software connected with open standards to build an interconnected coalition of independent social networking sites. The event is free to attend, and remote online participation is encouraged. Registration is optional but encouraged. I can’t wait to meet people in the Seattle Fediverse community; please make sure to come say hi!
