You know instance admins can read your direct messages in the fediverse? Twitter and Facebook also can - and sometimes do - read your private messages, and they have infrastructure to comply with law enforcement requests. I'd love to see some end-to-end encryption built into Mastodon clients.
@micahflee Honestly, Mastodon gives you a huge honkin warning about trust and everything else says nothing.
@micahflee Another reason why the "Pick a server that you trust!" blurb on Mastodon's front page makes me skittish.
For me at least, there aren't any!
@micahflee that would require some artful key management. keybase are in a stronger position to deliver that.
@mmn I think it would be completely reasonable to only have e2e supported by native apps- mobile apps, and perhaps an electron desktop app
@mmn it is more enticing to me because Firefox extensions are portable, easier to install and don't require admin privileges
About our Hack Day: http://andregarzia.com/en/blog/addons-hack-day
@micahflee I feel like PGP was made to solve exactly this kind of problem. Would we even need to change anything, except maybe relaxing the 500-character limit?
@Falkreon the hard problems would be key management, key verification, and multi-device support I think
@micahflee I guess. I feel like associating pubkeys with accounts really needs to be addressed in the scope of OAuth though. Sort of tangential to mastodon.
@Falkreon it's not an easy problem to solve -- no one has solved it really well yet anywhere else either.
If it's addressed through OAuth, then do you trust your OAuth service to act as a CA and to not facilitate MITM attacks? Do you try to build in a web of trust like with PGP? Or do you do TOFU with fingerprint verification like Signal (I think this is the best option)?
@lambadalambda @micahflee but that's the tool people are using. I use XMPP+OTR, e-mail+PGP, Signal, etc., but if somebody is not as tech-savvy but is already here, I don't see why they should not have the option of encrypting private messages.
Or, put a bit differently: https://mastodon.social/media/N9MHhHNBYckrKdO8bPc
@pettter @rysiek @micahflee FWIW, I agree with @lambadalambda - it can be argued that private messages are simply a misfeature in OStatus since they cannot be truly private without extra (non-standard) hacks.
Keeping things simple is valuable; using the right tool for the job (some other protocol for private messages) is good engineering.
@lieselotte @pettter @rysiek @micahflee @lambadalambda Well, I'd venture that poor engineering usually leads to a poor user experience sooner or later. The fundamental user expectation is "software that works".
Mastodon and GNU Social and others could all agree to integrate XMPP (or even SMTP) for direct messages. It doesn't need to be in the OStatus protocol.
@lambadalambda It's still up to the admin to set up the xmpp server (with bosh!), though, so it's not very widespread :-/
@lambadalambda @micahflee @rysiek Not completely. Riseup rolled out a system a few weeks ago that encrypts all emails with your login passwords. So if they have to hand out data, it will be encrypted data. https://0xacab.org/riseuplabs/trees
Philosophically: The same thing. Granted.
Practically: Huge difference if you ask me.
@micahflee yep, I was wondering how to implement this (at least, log what is done "by hand" on the database). Any ideas?
@micahflee I'd love to see many thngs and the open source way iz you contribute the things you want to see in the world. Mature, safe, and reliable systems don't happen overnght and this isn't a corporatin with unlimited budget.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!