Big news for the #Fediverse!
General Discussion
25
Posts
8
Posters
0
Views
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate Will this mean the possibility of friends-only (i.e. people you select, rather than anyone who follows you) posts on Mastodon/Pixelfed/similar? If ActivityPub ever gets mass adoption, that will be important, because when everyone’s here, so are griefers, trolls, pig-butchers and as yet uncategorised hostile actors.
-
@bonfire @swf @sovtechfund @benpate Will this mean the possibility of friends-only (i.e. people you select, rather than anyone who follows you) posts on Mastodon/Pixelfed/similar? If ActivityPub ever gets mass adoption, that will be important, because when everyone’s here, so are griefers, trolls, pig-butchers and as yet uncategorised hostile actors.
@acb @bonfire @swf @sovtechfund
This *specific* tech will make private groups, similar to Apple Messages, Signal, and WhatsApp.
It won’t make “Friends Only” posts, but.. both Emissary and Bonfire already provide different flavors of “Circles” that let you choose the visibility of your posts. https://emissary.dev/circles
Id live for other Fediverse tools like Mastodon to add this too.
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate is it client or server side?
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate Around the world I can hear politicians screaming, "But what about the children? We need to stop this."
-
@bonfire @swf @sovtechfund @benpate is it client or server side?
Emd to end => Client side encryption. And only you will hold the private keys.
Messages travel via ActivityPub inboxes, but are opaque to the servers.
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
@bonfire @swf @sovtechfund @benpate Ooof, just another instant messenger..?
We've already had XMPP since the 90s... and since then it's become pretty reliable.
i hope there'll at least be interoperability. I'm so tired of new ways to communicate that are not interoperable with what's already there.
-
@bonfire @swf @sovtechfund @benpate Ooof, just another instant messenger..?
We've already had XMPP since the 90s... and since then it's become pretty reliable.
i hope there'll at least be interoperability. I'm so tired of new ways to communicate that are not interoperable with what's already there.
@erebion @bonfire @swf @sovtechfund
Agreed. End to end encryption is nothing new. That’s why we’re using the MLS protocol that’s supported by tons of other messaging systems.
I think the “new” part will be building it alongside ActivityPub, so your existing network of contacts can talk to you in either plaintext or encrypted.
I’m not sure where in the world you are, but in my corner of it, it seems good to set up more ways for regular people to commmunicate reliably and safely.
-
@bonfire @swf @sovtechfund @benpate Ooof, just another instant messenger..?
We've already had XMPP since the 90s... and since then it's become pretty reliable.
i hope there'll at least be interoperability. I'm so tired of new ways to communicate that are not interoperable with what's already there.
@bonfire @swf @sovtechfund @benpate It doesn't matter whether people use landline or a mobile phone or even a satellite phone. They can call me.
But somehow everyone agrees it's just the way it is, you cannot contact someone that uses a different instant messenger.
Where the hell did this take the wrong turn?
We were promised the internet would let us all communicate with each other, anytime. Freely. A large network, decentralised. And suddenly we have many islands instead. :(
-
@bonfire @swf @sovtechfund @benpate Around the world I can hear politicians screaming, "But what about the children? We need to stop this."
Yup. Politicians probably will. Hopefully they start with bigger targets like Google and Apple.
The Fediverse has a unique advantage here, being so spread out means that there’s no one server that’s really worth going after.
And if someone forced to take E2EE off of one specific server, then everyone there could just up and move to a new servers. At max I t would be a day of downtime.
-
@erebion @bonfire @swf @sovtechfund
Agreed. End to end encryption is nothing new. That’s why we’re using the MLS protocol that’s supported by tons of other messaging systems.
I think the “new” part will be building it alongside ActivityPub, so your existing network of contacts can talk to you in either plaintext or encrypted.
I’m not sure where in the world you are, but in my corner of it, it seems good to set up more ways for regular people to commmunicate reliably and safely.
@benpate @bonfire @swf @sovtechfund
More ways aren't bad. But those ways should have turns and roundabouts and small footpaths and bridges and maps.
What good is a way that only connects a couple places, but isn't accessible from the rest of the world?
-
@bonfire @swf @sovtechfund @benpate It doesn't matter whether people use landline or a mobile phone or even a satellite phone. They can call me.
But somehow everyone agrees it's just the way it is, you cannot contact someone that uses a different instant messenger.
Where the hell did this take the wrong turn?
We were promised the internet would let us all communicate with each other, anytime. Freely. A large network, decentralised. And suddenly we have many islands instead. :(
Yeah, you’re not wrong about that. Back in the day, I loved the Trilliam IM client because I could sign in to every IM network from one window.
I’m hoping ActivityPub can become that landline+mobile+sat phone combo on the Internet.
UX will be key, here. Let us cook for a bit, and get some screenshots out to all of you. I’d love to hear your feedback once I have something to show for it.
-
@benpate @bonfire @swf @sovtechfund
More ways aren't bad. But those ways should have turns and roundabouts and small footpaths and bridges and maps.
What good is a way that only connects a couple places, but isn't accessible from the rest of the world?
@benpate @bonfire @swf @sovtechfund I'll read up on what ActivityPub does, but MLS seems like a pretty good start and makes me fear it somewhat less. :-)
Still, we need well thought out interoperability in our FOSS communities. We're more and stronger together.
-
Yeah, you’re not wrong about that. Back in the day, I loved the Trilliam IM client because I could sign in to every IM network from one window.
I’m hoping ActivityPub can become that landline+mobile+sat phone combo on the Internet.
UX will be key, here. Let us cook for a bit, and get some screenshots out to all of you. I’d love to hear your feedback once I have something to show for it.
@benpate @bonfire @swf @sovtechfund
Things I wonder:
- Where will the keys be stored?
- Where will the code come from?I hope none of those will be answered with "browser".
Also, signing in to all messengers in one tool is nice, but what we need is to be able to communicate directly.
It's nice if I can talk to Johne Doe on IRC and Jane Doe on AOL, but what if I want to have a group chat? Yeah. :/
-
@benpate @bonfire @swf @sovtechfund
More ways aren't bad. But those ways should have turns and roundabouts and small footpaths and bridges and maps.
What good is a way that only connects a couple places, but isn't accessible from the rest of the world?
Yes. 💯
That’s why “app builders” like Bonfire and Emissary are so interesting for this space.
We enable the “long tail” of technology adoption, and make it possible for tiny communities to launch highly customized Fediverse apps with very low effort. Small paths, many branches.
AtlasMaps.org (for instance) took me about six weeks start to finish. Other community-specific servers will launch even easier.
😎
-
@benpate @bonfire @swf @sovtechfund I'll read up on what ActivityPub does, but MLS seems like a pretty good start and makes me fear it somewhat less. :-)
Still, we need well thought out interoperability in our FOSS communities. We're more and stronger together.
Jump on the GitHub issues. We’d love to talk.
https://github.com/swicg/activitypub-e2ee
And, I’m happy to walk you through how I’m trying to approach it. We have a tight timeline, but more eyes is still better at this point.
-
@benpate @bonfire @swf @sovtechfund
Things I wonder:
- Where will the keys be stored?
- Where will the code come from?I hope none of those will be answered with "browser".
Also, signing in to all messengers in one tool is nice, but what we need is to be able to communicate directly.
It's nice if I can talk to Johne Doe on IRC and Jane Doe on AOL, but what if I want to have a group chat? Yeah. :/
Keys will be encrypted on the browser, locked with a separate password that’s not shared with the server.
There are some other synchronization issues we’re going to work out, but not before our first sets of code are due.
There’s more here than I can cover in 500char toots. But I’d be happy to chat some time to hear your thoughts
-
RE: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
Big news for the #Fediverse! End-to-end encryption is coming to #ActivityPub.
@swf with support from @sovtechfund is coordinating two interoperable implementations.
Bonfire is proud to be one of these first two projects, alongside #Emissary by @benpate
We think #E2EE should simply be the default for any private communications, and we’re especially thrilled to bring private, trusted collaboration to the fediverse.
-
Keys will be encrypted on the browser, locked with a separate password that’s not shared with the server.
There are some other synchronization issues we’re going to work out, but not before our first sets of code are due.
There’s more here than I can cover in 500char toots. But I’d be happy to chat some time to hear your thoughts
@benpate @bonfire @swf @sovtechfund Another thought before I'll catch up on sleep:
If the code that handles the key material comes from the webserver, that does not stop a government that's hostile from ordering the website owner to run malicious code that'll also encrypt messages for their people... That's what I worry mainly about in terms of security.
-
I am woefully ignorant here. Spare a link for this poor lad?
-
@benpate @bonfire @swf @sovtechfund Another thought before I'll catch up on sleep:
If the code that handles the key material comes from the webserver, that does not stop a government that's hostile from ordering the website owner to run malicious code that'll also encrypt messages for their people... That's what I worry mainly about in terms of security.
Yes. There has to be trust somewhere along the path.
You could host your own server, but you’d still have to trust the developers to not install a back door. Or a supply chain hack. Or…
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
-
-
@joshix based on what's popular today: JSON.
(I'm joking, my assumption is that they chose what was the best alternative at the time. As far as I know JSON hadn't been described by Crockford at Jabber's inception)
-
@wolf480pl yes I think that is a huge part of the problem. It is very easy to completely underestimate the complexity of Instant Messaging. Sending a message from A to B seems like something every software developer can write before lunch and people don’t see how it can and will rapidly escalate from there.
But I don’t know how do communicate that to other people.
-
@mariusor @daniel what would've been a better alternative?
https://www.process-one.net/blog/stop-telling-us-xmpp-should-use-json/
-
I consider this a failure on our part but I don’t really know what to do about it. Most arguments against #XMPP don’t hold if you’re building from scratch anyway:
• #Conversations_im looks very outdated: OK, but you are developing your own clients anyway.
• XMPP doesn’t have an SDK: Neither does your #ActivityPub or email stack
• OMEMO is insecure and I would prefer #MLS: Yes, let’s work on that together and you’ll still benefit from XMPP’s 100+ solved IM problems.
-
@daniel I think people have never truly forgiven XMPP for being an XML based protocol.
-
@daniel
I'm guessing there are complex problems in IM space that they don't realize they'll have to solve from scratch, which XMPP already solved for them.What are these problems?
