Have you seen this news?
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
undefined _elena@mastodon.social ha condiviso questa discussione su
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
-
-
@silverpill @benpate it really seems nothing has changed after the recent reorganization.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
Sorry if I'm missing a part of your context..
This whole project should be "backward compatible." It's pretty easy to tell if your recipients all accept encrypted messages or not, so if you're messaging someone who doesn't accept encrypted messages, it should just fall back naturally to regular DMs.
-
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
@benpate As somebody who also thought about E2EE (MLS was my suggestion), I can confidently say that SWF spec didn't add much to the discussion. That's not surprising, because to do that one needs to actually start writing code.
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
-
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesn’t stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
Signal and similar tools tightly control trust models (trusted by default with centralized keys and safety number/verification UX), while federated SNS would have to pick between a similar central authority or a more fragile, user‑managed web‑of‑trust‑style setup.
-
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesn’t stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
-
To introduce E2EE into public‑facing SNS & simultaneously try to “solve” abuse, moderation, & legal exposure, the path of least resistance is likely to be “just verify everyone”, pushing identity‑linked, KYC‑style identity checks as a way to “anchor” trust & accountability.
The loudest voices may start demanding identity verification.
Awful for privacy, & it’s exactly why I strongly believe E2EE should be kept out of the core social layer & kept within dedicated tools instead.
-
@benpate did you hear that Mastodon’s next version implemented Activity Intents, as well? Things keep getting better!
@andypiper Activity Intents, abbreviated as AI?
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
-
undefined oblomov@sociale.network ha condiviso questa discussione su
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
Interesting times ahead. I wonder if they will go for the Signal Protocol Post-Quantum Ratchets or similar? 🙂
-
@rusty__shackleford @benpate @dusk i think a good middle ground for letting people to have private discussions on fediverse is just allowing people to do PGP themselves or in 3rd party clients, with a "buyer beware" kind of scenario
building it into servers puts a lot more responsibility in the hands of server admins. and risk for abuse. i don't want my admin holding onto my private keys and i don't necessarily trust my server to generate keys for me either ...
people with the know-how to generate and manage their own keys can deal with the potential negatives and headaches associated with it. just running servers as they already exist is plenty of work for mastodon admins i would imagine -
Interesting times ahead. I wonder if they will go for the Signal Protocol Post-Quantum Ratchets or similar? 🙂
Not Signal, MLS, which is similar but run by a group of industry organizations.
Post-quantum is possible in MlS, depending on the crypto algorithms you choose.
There’s more info about the project in general on https://emissary.dev/e2ee — though Mastodons announcement is a big new development I haven’t covered yet.
-
@rusty__shackleford @benpate @dusk i think a good middle ground for letting people to have private discussions on fediverse is just allowing people to do PGP themselves or in 3rd party clients, with a "buyer beware" kind of scenario
building it into servers puts a lot more responsibility in the hands of server admins. and risk for abuse. i don't want my admin holding onto my private keys and i don't necessarily trust my server to generate keys for me either ...
people with the know-how to generate and manage their own keys can deal with the potential negatives and headaches associated with it. just running servers as they already exist is plenty of work for mastodon admins i would imagine@sampler @rusty__shackleford @dusk
A) that excludes 99% of the population, who deserve the same level of privacy as you do.
B) since it’s E2EE, most of the work is on your client. The updates to the server are minimal (C2S API + publish public key packages). So EVERY Fediverse server could support this. You’d just need a client that can send/receive encrypted messages.
C) Don’t let “perfect” be the enemy of “good” - giving people easy, modern tools is a win, even if the NSA can hack it.
-
@rusty__shackleford @sampler @benpate
Really well articulated, totally makes sense! 🙌
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
@sampler @rusty__shackleford @dusk
That is one of Mastodon’s big issues to address. It’s not a protocol thing, but a server software issue that I know they’re going to address.
Ciao! Sembra che tu sia interessato a questa conversazione, ma non hai ancora un account.
Stanco di dover scorrere gli stessi post a ogni visita? Quando registri un account, tornerai sempre esattamente dove eri rimasto e potrai scegliere di essere avvisato delle nuove risposte (tramite email o notifica push). Potrai anche salvare segnalibri e votare i post per mostrare il tuo apprezzamento agli altri membri della comunità.
Con il tuo contributo, questo post potrebbe essere ancora migliore 💗
Registrati Accedi