Who of Mastodon app developers wants to add E2EE messages to their app?

As I've revealed in my last Patreon post, I've been working on adding end-to-end encryption APIs into Mastodon as an upgrade to the direct message system.

Any and all technical details available at the moment are here:

An implementation guide for app developers is being worked on.

Show thread

@Gargron I like this idea, but doing it well is v hard. Why not use / integrate with something like Matrix?

@aeva @Gargron yep. good idea with Matrix. Maybe take a look of as well?

@Gargron sounds good but shouldn't everything be encrypted in order for this feature to make sense?

@brand @Gargron same thought here, what about the main platform? I'm not here for chatting, but for tooting.

@hinterwaeldler @Gargron I agree they're different use cases. however if it reduce the number of "join my discord" requests I'll embrace it.

@brand @hinterwaeldler @Gargron yeah, isn't tooting for discussing stuff publicly? Leave private stuff to privacy orientated services, instead or trying to do everything?

@nezhac @brand @hinterwaeldler @Gargron I guess for Direct Messages it could be useful? Doubt it's implementable without reducing the number of users with browsers powerful enough to support it though...

@Gargron that’s actually very good idea! Also, can it prevent the person whose server I use from being able to read the DMs? 🧐

@yegorpetrov @Gargron that's what it does, they can still read your message if it gets reported though

@BadAtNames @Gargron 😔 so there is really only one way to prevent it! Just to crate your own server right ?

@yegorpetrov @Gargron admins on the other instance can read it too, if your message gets reported. It's basically the equivalent of the other person taking a screenshot with your message and showing it to their admin

@BadAtNames @Gargron so how to prevent this? I mean then it’s not decentralized platform at all

@Gargron @BadAtNames does it claim to be decentralized social network ? I’m confused !

@yegorpetrov @BadAtNames Yes, Mastodon is a decentralized social network. Anyone can run a server and people from different servers can follow each other and send each other messages.

@Gargron @BadAtNames @Gargron @BadAtNames okay, then we are in the same page😉 So, with E2EE will it be possible to prevent server owners not be able to read DMs?

@yegorpetrov @BadAtNames Yes, E2EE is intended to protect DMs from being accessed by server admins. However, the recipient of a DM has the option to leak (report) the DM to their admin. Similar to someone being able to take a screenshot and share it that way, but with cryptographic protection against falsification (so you can't be punished for something you *haven't* said).

@Gargron @BadAtNames nice! Thank for explaining and hopefully this will be implemented 😉

@Gargron I'm choosing to interpret the "message franking" heading in the most literal sense possible



Just to be sure, is it the client responsible for key generation, encryption etc?

If so i think using libolm

could be the simpler way to implement this feature, right?

Bye and thank you for your work!
@Gargron pleroma: adds federated chat
mastodon: adds e2ee to hidden posts

well played

@Gargron Das schlimme nach meinem Unfall kann ich noch weniger Englisch ,was vorher schon nicht mein Interessengebiet war.Da ich den Unfall hatte wie Schumacher einen Tag später ist es schwer in Englisch immer zu folgen. Auch in Github. Und ansonsten stehe ich auf Linux Python WP & etwas Joomla habe etliche Domains. Wenn, ich das könnte wie du würde ich einen Deutschen Schlüssel sozusagen Programmieren. Leider wird das ein Traum bleiben. Einfach geil was du kannst. Ich beneide dich👍 👌 😉

@alcinnz @Gargron @bleakgrey thanks for mentioning us. I would be happy to although am not sure that I will be able to able to spend time on this soon enough: I have a bit too much of work to do at daily job :(

@Gargron Is it possible to make use of Jami? You don't have to bake the bread every day.. Just buy it.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!