Have you seen this news?
-
@benpate Scanned the specs.
Yeah, that's about how I'd have done it in AP. But the result is like encrypted email, metadata is still public.
That's more or less why I stopped looking at AP as a viable transport. But if you need to stay within it, then yes, looks reasonable.
I haven't looked in a lot of detail, obviously.
Yes.
My understanding of MLS is that there is a fair amount of metadata that's public in general. So, group ids, and members of each group are more or less in plaintext, regardless of the transport.
So, it's not *perfect* but it's better than just sending everything in plaintext.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, youâll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because itâs an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
-
Yes.
My understanding of MLS is that there is a fair amount of metadata that's public in general. So, group ids, and members of each group are more or less in plaintext, regardless of the transport.
So, it's not *perfect* but it's better than just sending everything in plaintext.
-
since it is being funded by the German government, will it have backdoors for specific German priorities?
@rapsneezy2 Ha! None that I know of
We're (Mastodon, Bonfire, and Emissary) not doing this from scratch. It's building on MLS, which is an open standard for end-to-end encrypted messages that is used by many big players in tech.
Plus, all of this is open source (mine is here: https://github.com/EmissarySocial/conversations-mls) so hopefully any theoretical back doors would be found by interested parties.
If you're interesting in auditing some code, I'd *love* for you to participate!
-
@benpate I wouldn't count on that.
In the announcement Mastodon team credits SWF for work on E2EE, not the people doing actual research. That's part of the deal.
-
@benpate I wouldn't count on that.
In the announcement Mastodon team credits SWF for work on E2EE, not the people doing actual research. That's part of the deal.
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, youâll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because itâs an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
-
-
@silverpill @benpate it really seems nothing has changed after the recent reorganization.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, youâll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because itâs an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
Sorry if I'm missing a part of your context..
This whole project should be "backward compatible." It's pretty easy to tell if your recipients all accept encrypted messages or not, so if you're messaging someone who doesn't accept encrypted messages, it should just fall back naturally to regular DMs.
-
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
-
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesnât stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
-
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesnât stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
-
To introduce E2EE into publicâfacing SNS & simultaneously try to âsolveâ abuse, moderation, & legal exposure, the path of least resistance is likely to be âjust verify everyoneâ, pushing identityâlinked, KYCâstyle identity checks as a way to âanchorâ trust & accountability.
The loudest voices may start demanding identity verification.
Awful for privacy, & itâs exactly why I strongly believe E2EE should be kept out of the core social layer & kept within dedicated tools instead.
-
@benpate did you hear that Mastodonâs next version implemented Activity Intents, as well? Things keep getting better!
@andypiper Activity Intents, abbreviated as AI?
-
