**Micah Lee 🔑** @micahflee · Apr 07, 2017, 02:29

**Micah Lee 🔑** @micahflee · Apr 07, 2017, 02:29

Micah Lee 🔑 @micahflee

You know instance admins can read your direct messages in the fediverse? Twitter and Facebook also can - and sometimes do - read your private messages, and they have infrastructure to comply with law enforcement requests. I'd love to see some end-to-end encryption built into Mastodon clients.

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 07, 2017, 08:44

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 07, 2017, 08:44

@micahflee Too bad it's impossible to e2e-encrypt on the web without plugins to the web browser. And if you have to install plugins, why not just install some proper software like an !XMPP client? .)

**Micah Lee 🔑** @micahflee · Apr 07, 2017, 13:17

**Micah Lee 🔑** @micahflee · Apr 07, 2017, 13:17

@mmn I think it would be completely reasonable to only have e2e supported by native apps- mobile apps, and perhaps an electron desktop app

**Hisham** @hisham_hm · 2017-04-07T13:33:45Z

Hisham @hisham_hm

@mmn @micahflee technically doable with a browser extension as well?

Apr 07, 2017, 13:33 · Tusky · 0 · 0

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 07, 2017, 13:57

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 07, 2017, 13:57

@hishamhm ...extension/plugin/whatever. Needs separate installation anyway and thus no more enticing than desktop software.

**Hisham** @hisham_hm · Apr 07, 2017, 18:31

**Hisham** @hisham_hm · Apr 07, 2017, 18:31

@mmn it is more enticing to me because Firefox extensions are portable, easier to install and don't require admin privileges

**SoapDog ✓✓✓ 3 times verified!** @soapdog@toot.cafe · Apr 07, 2017, 18:36

**SoapDog ✓✓✓ 3 times verified!** @soapdog@toot.cafe · Apr 07, 2017, 18:36

@hisham_hm we just had an "Add-on Hack Day" here in Niterói, RJ, Brazil focused on building #crossbrowser #webextensions.

It would be quite easy to ship a #mastodon #webextension that works on #Chrome, #Firefox, #Opera and maybe even #Edge. Maybe I will work on it :fox:

About our Hack Day: http://andregarzia.com/en/blog/addons-hack-day

**Hisham** @hisham_hm · Apr 07, 2017, 18:57

**Hisham** @hisham_hm · Apr 07, 2017, 18:57

@soapdog That's a great idea!

Also, very cool post on the hack day!

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 07, 2017, 19:52

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 07, 2017, 19:52

@hisham_hm Not sure I want to use supersecret ultraprivate e2e crypto on a machine I don't even have admin access on... ;)

**pettter ✅** @pettter@social.umeahackerspace.se · Apr 07, 2017, 19:56

**pettter ✅** @pettter@social.umeahackerspace.se · Apr 07, 2017, 19:56

@mmn @hishamhm Meh, it's a balance, as always. It's not like the sysadmins at your job/school/foo is actively watching everyone's machines and what goes on there at all times.

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 09, 2017, 09:56

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 09, 2017, 09:56

@pettter In the case of e2e-credentials stored on computers with other admins than me, I am less concerned with admins reading my communication and more concerned with stray backups, stolen machines etc. which someone else finds lying around and can thus impersonate me with digital perfection.

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 09, 2017, 09:57

**MMN-o ✅⃠** @mmn@social.umeahackerspace.se · Apr 09, 2017, 09:57

@pettter That's the reason I never, ever write a password of my own in a machine at work (and don't even use private SSH keys). I have zero trust in the #Umeå municipality IT department.