Micah Lee ๐Ÿ”‘ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Micah Lee ๐Ÿ”‘ @micahflee

You know instance admins can read your direct messages in the fediverse? Twitter and Facebook also can - and sometimes do - read your private messages, and they have infrastructure to comply with law enforcement requests. I'd love to see some end-to-end encryption built into Mastodon clients.

Apr 07, 2017, 02:29 ยท Amaroq ยท 96 ยท 106

@micahflee Honestly, Mastodon gives you a huge honkin warning about trust and everything else says nothing.

@micahflee This is part of Gmail's Business Model. They make money from reading your emails.

@micahflee is too soon, I think it will happens

@micahflee The Intercept should set up it's own instance, with privacy in mind

@micahflee PGP would be easy but terrible, it would be cool to implement OMEMO

@micahflee Another reason why the "Pick a server that you trust!" blurb on Mastodon's front page makes me skittish.

For me at least, there aren't any!

@auerbach @micahflee You could run your own instance. But all in all Mastodon doesn't seem to be well-suited for private communication, that's not the niche it fills. There are plenty of other projects for that.

@auerbach All you should have to trust the instance with is your identity. Given federation, you will have no control over your data. Post only things that are public, discuss only things that are socially constructive and move your private business to either a medium designed for privacy (XMPP) or make sure to use pseudonyms on alternate accounts to go about your less public business. Those are my two-fiddy.

@micahflee how do we dm? I haven't seen an option

@Marshall start writing a toot and change the privacy options from "Public" to "Direct"

@micahflee I don't seem to have that option on tusky

@micahflee that would require some artful key management. keybase are in a stronger position to deliver that.

@micahflee At least in FidoNet, people understood that.

@micahflee How would you envision it happening? An embedded XMPP client + OTR?

@katjapurrs you wouldn't need XMPP because we already have the OStatus network. I think something like OMEMO, which is a newer fancier protocol than OTR, which supports multiple devices and multiparty chats, would be better. But apparently @Rushyo is already working on something! #e2e

@micahflee with the 500 chars limit, something based on gpg could even work

@micahflee Probably webpg.org/ could be a good start.

@micahflee Too bad it's impossible to e2e-encrypt on the web without plugins to the web browser. And if you have to install plugins, why not just install some proper software like an !XMPP client? .)

@mmn I think it would be completely reasonable to only have e2e supported by native apps- mobile apps, and perhaps an electron desktop app

@mmn @micahflee technically doable with a browser extension as well?

@hishamhm ...extension/plugin/whatever. Needs separate installation anyway and thus no more enticing than desktop software.

@mmn it is more enticing to me because Firefox extensions are portable, easier to install and don't require admin privileges

@hisham_hm we just had an "Add-on Hack Day" here in Niterรณi, RJ, Brazil focused on building #crossbrowser #webextensions.

It would be quite easy to ship a #mastodon #webextension that works on #Chrome, #Firefox, #Opera and maybe even #Edge. Maybe I will work on it :fox:

About our Hack Day: andregarzia.com/en/blog/addons

@soapdog That's a great idea!

Also, very cool post on the hack day!

@hisham_hm Not sure I want to use supersecret ultraprivate e2e crypto on a machine I don't even have admin access on... ;)
@mmn @hishamhm Meh, it's a balance, as always. It's not like the sysadmins at your job/school/foo is actively watching everyone's machines and what goes on there at all times.
@pettter In the case of e2e-credentials stored on computers with other admins than me, I am less concerned with admins reading my communication and more concerned with stray backups, stolen machines etc. which someone else finds lying around and can thus impersonate me with digital perfection.
@pettter That's the reason I never, ever write a password of my own in a machine at work (and don't even use private SSH keys). I have zero trust in the # municipality IT department.

@micahflee Is it anything you could help with on github?

@micahflee I feel like PGP was made to solve exactly this kind of problem. Would we even need to change anything, except maybe relaxing the 500-character limit?

@Falkreon the hard problems would be key management, key verification, and multi-device support I think

@micahflee I guess. I feel like associating pubkeys with accounts really needs to be addressed in the scope of OAuth though. Sort of tangential to mastodon.

@Falkreon it's not an easy problem to solve -- no one has solved it really well yet anywhere else either.

If it's addressed through OAuth, then do you trust your OAuth service to act as a CA and to not facilitate MITM attacks? Do you try to build in a web of trust like with PGP? Or do you do TOFU with fingerprint verification like Signal (I think this is the best option)?

@rysiek @micahflee SUre, but why? There are already several mature open source federated e2e encrypted chat systems available. Both xmpp and matrix could even be easily integrated into the existing user@instance id scheme. They have mobile clients, web clients, desktop clients...

It's neat to encrypt a tweet and send it to someone, but it just seems like the wrong tool for the job.
@rysiek @micahflee If somebody is not tech savvy they sure won't use userscripts or browser extensions. The only alternative is javascript crypto provided by the mastodon instance, which means you have to trust the one potential attacker you're trying to shield yourself from.
@rysiek @lambadalambda @micahflee I think adding an integrated XMPP+OMEMO server and client in Mastodon is a good idea. I think creating something homebrew is a bad idea.

@pettter @rysiek @micahflee FWIW, I agree with @lambadalambda - it can be argued that private messages are simply a misfeature in OStatus since they cannot be truly private without extra (non-standard) hacks.

Keeping things simple is valuable; using the right tool for the job (some other protocol for private messages) is good engineering.

@lieselotte @pettter @rysiek @micahflee @lambadalambda Well, I'd venture that poor engineering usually leads to a poor user experience sooner or later. The fundamental user expectation is "software that works".

Mastodon and GNU Social and others could all agree to integrate XMPP (or even SMTP) for direct messages. It doesn't need to be in the OStatus protocol.

@lambadalambda It's still up to the admin to set up the xmpp server (with bosh!), though, so it's not very widespread :-/

@HerraBRE @micahflee @rysiek @pettter Note that having private messages work cleanly (and no different than public posts) is one of the things ActivityPub was designed for. The design is much closer to email delivery... outbox -> inbox, w/ to, cc, bcc addressing.

@maiyannah Sure, happy to go through it. Spec is here: w3.org/TR/activitypub/ but tl;dr: your user has an inbox & outbox, you post json messages to your outbox and your server looks at recipients and sends to their inboxes. That's most of the whole spec right there. Simple stuff.

@maiyannah Oh and ActivityStreams is used as the core vocabulary.

@cwebber @micahflee @rysiek @pettter I think some of us feel that creating new "private messaging" channels that lack e2e crypto is really not something we should be doing anymore.

@lambadalambda @micahflee @rysiek Not completely. Riseup rolled out a system a few weeks ago that encrypts all emails with your login passwords. So if they have to hand out data, it will be encrypted data. 0xacab.org/riseuplabs/trees

Philosophically: The same thing. Granted.

Practically: Huge difference if you ask me.

@micahflee yep, I was wondering how to implement this (at least, log what is done "by hand" on the database). Any ideas?

@micahflee end to end encryption is essential for messaging cross-instance too, tbh