Have you seen this news?
-
@benpate I'm wondering what the advantage of e2ee private messages on Mastodon is when we have Signal, Matrix and other robust encrypted messaging tools that you could invite a friend to if you want to have a private conversation.
Is anyone worried about this creating moderation issues?
Generally I'm in favor of privacy and security, but I'm just not sure what the value of this feature is on Mastodon. Maybe you or others can provide your perspective on this.
If people are already on Signal, good for them. But the real issue is getting people off the Meta apps. So if there's a good Fedi Messenger, that can definitely help!
😊👍 -
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
RE: https://mastodon.social/@benpate/116403046724832335
@benpate super stoked!!!
-
It's not either-or. You can use both.
If you prefer to switch apps and identities and go over to Signal, awesome.
If you'd rather message someone with your ActivityPub identity, you can do that securely now, too.
The E2EE work on ActivityPub uses an open standard, MLS, to encrypt data. One reason we chose it was so it's at least possible to bridge to other social and messaging networks while keeping the data encrypted from end to end.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
@benpate
Ideas for how I explain this to my swaths of very-non-tech friends & family? (Most of whom are happy with FB & Insta & Wassap.)
-
@GroupNebula563 @benpate @soatok "How are they managing public keys" was my very first question, inspired by our own furry blogger's work on the subject! 🦊
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
@benpate 🥳🥳🥳
Relevant! -
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
OK, I'll say it out loud.
If it ships and I'm unable to turn it off, I will have to stop being a Mastodon service provider.
Do I use E2EE platforms? Absolutely yes.
Do I want to be in the business of operating one? Absolutely no.
Please ensure this is an optional feature for service providers, especially those in well-regulated markets that will immediately become subject to a swath of additional responsibilities, risk, and legal liabilities.
-
@GroupNebula563 @benpate @soatok "How are they managing public keys" was my very first question, inspired by our own furry blogger's work on the subject! 🦊
It’s using “MLS” - a well documented, tested, and tooled protocol.
Private keys are generated on your device (browser, app, whatever). Each device manages its own private keys.
Public keys are posted to your ActivityPub actor profile.
Keys are rotated *very* frequently.. like every time you join a new group.
When someone sends you a message, they address your ActivityPub inbox using a “group key” that includes all of your devices.
-
OK, I'll say it out loud.
If it ships and I'm unable to turn it off, I will have to stop being a Mastodon service provider.
Do I use E2EE platforms? Absolutely yes.
Do I want to be in the business of operating one? Absolutely no.
Please ensure this is an optional feature for service providers, especially those in well-regulated markets that will immediately become subject to a swath of additional responsibilities, risk, and legal liabilities.
@jaz I agree 100%
It’s too early for anyone to say how Mastodon will design this (even Mastodon)
But this is exactly how I’m doing it in Emissary. Domain owners can choose if they want to support E2EE on their server, and for which groups of users.
Users can also opt in to publishing encryption keys or not.
It’s easy to build this as completely opt-in, so it’s a fair bet that’s how mastodon will architect it.
Make sure they hear your voice as the project gets going in 2027.
-
Yes. While it’s possible to have encrypted “public” discussions, it makes no sense to me and I don’t know why anyone would do that.
This is exclusively for real private messages (not just “direct” messages)
-
@jaz I agree 100%
It’s too early for anyone to say how Mastodon will design this (even Mastodon)
But this is exactly how I’m doing it in Emissary. Domain owners can choose if they want to support E2EE on their server, and for which groups of users.
Users can also opt in to publishing encryption keys or not.
It’s easy to build this as completely opt-in, so it’s a fair bet that’s how mastodon will architect it.
Make sure they hear your voice as the project gets going in 2027.
>But this is exactly how I’m doing it in Emissary. Domain owners can choose if they want to support E2EE on their server, and for which groups of users.
Tidy, cheers.
-
It’s using “MLS” - a well documented, tested, and tooled protocol.
Private keys are generated on your device (browser, app, whatever). Each device manages its own private keys.
Public keys are posted to your ActivityPub actor profile.
Keys are rotated *very* frequently.. like every time you join a new group.
When someone sends you a message, they address your ActivityPub inbox using a “group key” that includes all of your devices.
Also, we’ve chatted with @soatok abiut this project. They recommended a different management structure, using separate network of key authentication servers.
That’s not off the table, but is more than we can manage right not. It could be another way for us to validate keys in the future.
-
@benpate I'm wondering what the advantage of e2ee private messages on Mastodon is when we have Signal, Matrix and other robust encrypted messaging tools that you could invite a friend to if you want to have a private conversation.
Is anyone worried about this creating moderation issues?
Generally I'm in favor of privacy and security, but I'm just not sure what the value of this feature is on Mastodon. Maybe you or others can provide your perspective on this.
@earth_walker @benpate
Yes.
The very first thing that occurred to me reading this was: "Hmm. Adding E2EE without first implementing the long requested tools to make it less easy to harass people is going to potentially make moderation more challenging and Mastodon more unsafe than it is." -
I would love for that to happen. As soon as I can make a public beta server, you’re all welcome to come and break my code. I’ll pass out treats.
-
@benpate
Ideas for how I explain this to my swaths of very-non-tech friends & family? (Most of whom are happy with FB & Insta & Wassap.)1. “I left Instagram, so this is how you contact me now…”
2. FB paid a billion dollars for WhatsApp. They wouldn’t do that if they couldn’t use it to profile you. Even if the messages are encrypted.
3. E2EE is being removed from Instagram in a few weeks. Besides, Instagram is creepy and addictive. You can still trade pics on the Fediverse, so…
-
Also, we’ve chatted with @soatok abiut this project. They recommended a different management structure, using separate network of key authentication servers.
That’s not off the table, but is more than we can manage right not. It could be another way for us to validate keys in the future.
@benpate @bluewinds @GroupNebula563 I think you're confused.
The public keys that are rotated frequently are encryption public keys.
The thing I've proposed are for identity public keys.
Using your identity secret key to sign each encryption public key, and having your recipient verify them, is basically a one-liner:
https://github.com/swicg/activitypub-e2ee/issues/35#issuecomment-3738855995
-
@benpate did you hear that Mastodon’s next version implemented Activity Intents, as well? Things keep getting better!
@andypiper @benpate there's no mention (yet?) of this in the ticket (that @benpate opened) at https://github.com/mastodon/mastodon/issues/33984
-
I don’t have all the answers, but I believe there’s a network effect at work.
Signal is fantastic. I use it for lots of things. But it’s “yet another” place to go.
But the Fediverse is my primary place to talk with people (like you)
If you and I could have a truly private follow-on discussion without switching networks, it would be a win for the Fediverse.
Signal also has 50 employees and money in the bank to pay the lawyers.
-
@andypiper @benpate there's no mention (yet?) of this in the ticket (that @benpate opened) at https://github.com/mastodon/mastodon/issues/33984
@adamhotep @benpate thanks for the pointer! We should fix that and link it to the PRs mentioned in Trunk & Tidbits this month… 😧
Ciao! Sembra che tu sia interessato a questa conversazione, ma non hai ancora un account.
Stanco di dover scorrere gli stessi post a ogni visita? Quando registri un account, tornerai sempre esattamente dove eri rimasto e potrai scegliere di essere avvisato delle nuove risposte (tramite email o notifica push). Potrai anche salvare segnalibri e votare i post per mostrare il tuo apprezzamento agli altri membri della comunità.
Con il tuo contributo, questo post potrebbe essere ancora migliore 💗
Registrati Accedi