End-to-end Encryption (E2EE) over ActivityPub
General Discussion
10
Posts
6
Posters
0
Views
-
End-to-end Encryption (E2EE) over ActivityPub
Encrypted direct messages supply the confidence that people need to connect with family, friends and colleagues privately over a social network. As part of the Summer of Protocols 2024, we explore the integration of end-to-end encryption (E2EE) into the ActivityPub protocol.
https://socialwebfoundation.org/program-protocol-e2ee/
#ActivityPub #E2EE #SocialWeb #Foundation #SocialWebFoundation #Encryption #Verschlüsselung #Sicherheit #Privatnachricht
-
End-to-end Encryption (E2EE) over ActivityPub
Encrypted direct messages supply the confidence that people need to connect with family, friends and colleagues privately over a social network. As part of the Summer of Protocols 2024, we explore the integration of end-to-end encryption (E2EE) into the ActivityPub protocol.
https://socialwebfoundation.org/program-protocol-e2ee/
#ActivityPub #E2EE #SocialWeb #Foundation #SocialWebFoundation #Encryption #Verschlüsselung #Sicherheit #Privatnachricht
@sozialwelten It's 2025 now, and there are no tangible results.
-
@sozialwelten It's 2025 now, and there are no tangible results.
@raucao It is also not a part of the official Mastodon Roadmap even though there are some open issues in the GitHub repository concerning E2EE.
I personally hope that it will get integrated into ActivityPub and/or Mastodon but for 2026 and 2027 I do not see any signs that there is anything remotely close to being published.
#E2EE #Issues #Github: https://github.com/mastodon/mastodon/issues?q=is%3Aissue%20state%3Aopen%20e2ee
#Mastodon #Public #Roadmap: https://joinmastodon.org/roadmap -
@raucao It is also not a part of the official Mastodon Roadmap even though there are some open issues in the GitHub repository concerning E2EE.
I personally hope that it will get integrated into ActivityPub and/or Mastodon but for 2026 and 2027 I do not see any signs that there is anything remotely close to being published.
#E2EE #Issues #Github: https://github.com/mastodon/mastodon/issues?q=is%3Aissue%20state%3Aopen%20e2ee
#Mastodon #Public #Roadmap: https://joinmastodon.org/roadmap@sozialwelten @raucao
I searched for some progress information, and found this: https://www.w3.org/2024/09/25-e2ee-minutes.html -
@sozialwelten @raucao
I searched for some progress information, and found this: https://www.w3.org/2024/09/25-e2ee-minutes.html@koteisaev @sozialwelten There is zero progress in that, just a few people discussing what anyone interested in E2EE already knows.
-
@koteisaev @sozialwelten There is zero progress in that, just a few people discussing what anyone interested in E2EE already knows.
@koteisaev @sozialwelten FWIW, since Nostr identities are based on key pairs by design, and its developers care a bit more about privacy, E2EE DMs are already being tested via an MLS-based protocol there:
https://github.com/marmot-protocol/marmot
I think it's a shame that none of the large AP implementers are prioritizing this, because without user-owned keys, not just are DMs unencrypted, but there can be no true user sovereignty and account portability on the fediverse.
-
@koteisaev @sozialwelten FWIW, since Nostr identities are based on key pairs by design, and its developers care a bit more about privacy, E2EE DMs are already being tested via an MLS-based protocol there:
https://github.com/marmot-protocol/marmot
I think it's a shame that none of the large AP implementers are prioritizing this, because without user-owned keys, not just are DMs unencrypted, but there can be no true user sovereignty and account portability on the fediverse.
@raucao @koteisaev @sozialwelten the problem is, as always, key management. nostr has the advantage that people are already comfortable with handling cryptographic keys. e2ee on AP doesn't make much sense if people don't own their keys. -
@raucao @koteisaev @sozialwelten the problem is, as always, key management. nostr has the advantage that people are already comfortable with handling cryptographic keys. e2ee on AP doesn't make much sense if people don't own their keys.
-
@raucao @lain @sozialwelten @koteisaev FWIW, encryption with user-owned keys is on my roadmap. I don't want to start with MLS, though, it's too complex. The first prototype will likely encrypt messages with user's identity key, as described in https://codeberg.org/silverpill/feps/src/branch/main/0806/fep-0806.md
-
End-to-end Encryption (E2EE) over ActivityPub
Encrypted direct messages supply the confidence that people need to connect with family, friends and colleagues privately over a social network. As part of the Summer of Protocols 2024, we explore the integration of end-to-end encryption (E2EE) into the ActivityPub protocol.
https://socialwebfoundation.org/program-protocol-e2ee/
#ActivityPub #E2EE #SocialWeb #Foundation #SocialWebFoundation #Encryption #Verschlüsselung #Sicherheit #Privatnachricht
sozialwelten@ifwo.eu I apologize if my point of view may seem conservative and narrow-minded... but in my opinion, pushing for the integration of encrypted messaging into the Fediverse is not advisable. I believe the best solution is that of the Lemmy developers, who have created a button that allows two users with a Matrix account to communicate via software designed for secure communications.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@box464 👀
-
#activitypub #mitra #? @rf
Поднял минималистичный инстенс mitra - а mastodon с ним не хочет педерироваться, говорит 503, а курл нормально всё достаёт:
curl http://mitra.root.sx/users/l29ah --header 'Accept: application/activity+json'ЧЯДНТ?
-
I am waiting for ActivityPub and the Fediverse to make an appearance. I would suspect that the "expensive and annoying game of whack-a-mole" will start to get very hard to manage.
#auspol #activitypub #mastodon #pixelfed #fediverse #socialmedia
-
@almino SIM
-
O @evan acabou de dizer que a W3C tá trabalhando em geo localização pro #ActivityPub.
Vamos ter vários "Foursquare" no Fediverso?
-
🔴 Now live: 1st Brazilian #Fediverse Forum #WebSocialBR with @evan & @j12t
➡️ https://fediverse.tv/w/pMZr9K7RtyLLfa6JW2UVkP
#ActivityPub #SaveSocial #SciComm #SocialMedia #digitalsovereignty
-
Perfect! Let’s make something awesome :)
-
My approach to these issues is probably unfiltered, and I'm sorry if this makes my statements seem too categorical.
I should also point out that when I talk about Bluesky being tied to huge funding (and therefore adequate returns), I'm not expressing a moral judgment. I want to be completely non-partisan on the matter.
I simply wanted to provide my best explanation for the disruptions we're witnessing as a result of attempts at cross-pollination between the Blueskysphere and the Fedisphere.
Let me try to explain myself better:
considering the vertical nature of Bluesky PBC considering the horizontal nature of the Fediverse
I don't rule out the possibility of cross-pollination, but I do rule out the possibility of it being guided by the same principles.The development of the Fediverse is, in fact, driven by the community of developers who work only on the application layer and know that (almost) none of them has the power to decide on the "protocol." And it isn't based on a single business model. On the other hand, those who have decision-making power over the protocol know that any change would have a huge impact on an extremely diverse ecosystem. It's not easy to decide what to change because it's not easy to understand what impact such a change could have.
Bluesky's development, on the other hand, revolves around a single entity that holds decision-making power over the protocol, running the server and developing the app and APIs that dominate that ecosystem. And it's based on a business model that was already defined well before the protocol was created, with a protocol that was also developed with a business model in mind!The developers of the Fediverse were therefore Darwinianly selected by circumstances and today appear to be a bit more hacker-like, a bit more experimental, more adept at circumventing limitations, and (this isn't always a good thing...) more oriented toward community-driven financial support (and self-driven, because luckily for them, they all have IT jobs in a company). Moreover, not everyone is highly knowledgeable about the Activitypub protocol. And some of them are real "gourmets" of controversy...
Bluesky developers, on the other hand, seem decidedly more "secular" to me; they also have to deal with a more rigid protocol (definitely more protocol-based than the Activitypub protocol), strong centralized decision-making power, and objectively have more limited room for manoeuvre. Furthermore, these developers' livelihood model isn't clear to me (I mean, beyond their IT jobs at some company: do they all work for Bluesky PBC?).
I don't know... they seem like two worlds that aren't easily compatible, even from a social perspective...If this is true, then it shouldn't be surprising if the attitude of Bluesky stakeholders (the real ones, those sitting at the top) is positive only when a change could benefit their business model.
Conversely, the responses from Fediverse stakeholders (i.e., those dozen or so de facto influencers who, with a nod, can determine the public's favor or hostility toward an initiative) might seem more disappointing.I reiterate that even if I were right, this attitude wouldn't stop the new ideas germinating between the Fediverse and Bluesky developers.
It must be said, however, that since Bluesky was launched, I haven't seen any particular innovations. Recently, however, I've seen several new ideas emerge in the Fediverse, and these ideas, despite the rapidly declining user base, have led to very promising developments in the federated ecosystem over the past two years.All of this, however, would explain the communication difficulties between the two worlds, linked to the fact that the Bluesky leadership is too high-flying and the Fediverse stakeholders are too free-wheeling.
I hope I've explained myself better, despite the language barrier.
julian said in I also want to see #activitypub get some of the primitives that #atproto has such as decentralized identifiers (except for real), personal data stores, content addresses, etc.:
> This is an important observation we should take into consideration.My theory, however, would explain this reaction... :grin:
See you soon and have a good evening.
