Have you seen this news?
-
The primary spec for ActivityPub is here: https://swicg.github.io/activitypub-e2ee/mls
I have a project overview here: https://emissary.dev/e2ee <- this also includes links to the MLS protocol and other implementation resources.
My overview page WAS up to date, but I haven't posted much recently. But I *swear* I'm still making progress.
I'll show off a little of my work at #FediForum - and I'm sure we'll have larger conversations there about #E2EE in general.
-
@jens Yeah, the MLS protocol is pretty solid. It's built/supported by a number of big industry groups who know what they're doing.
And, I'm not writing the encryption myself. I'm building on top of the *fabulous* ts-mls library by Luka Jacobowitz. He's been super-supportive and even helped me troubleshoot a few things.
I'm pretty sure Bonfire is using OpenMLS, which is equally awesome.
When Mastodon starts working in 2027, a lot of the groundwork will have been laid already.
-
@jens Yeah, the MLS protocol is pretty solid. It's built/supported by a number of big industry groups who know what they're doing.
And, I'm not writing the encryption myself. I'm building on top of the *fabulous* ts-mls library by Luka Jacobowitz. He's been super-supportive and even helped me troubleshoot a few things.
I'm pretty sure Bonfire is using OpenMLS, which is equally awesome.
When Mastodon starts working in 2027, a lot of the groundwork will have been laid already.
-
The primary spec for ActivityPub is here: https://swicg.github.io/activitypub-e2ee/mls
I have a project overview here: https://emissary.dev/e2ee <- this also includes links to the MLS protocol and other implementation resources.
My overview page WAS up to date, but I haven't posted much recently. But I *swear* I'm still making progress.
I'll show off a little of my work at #FediForum - and I'm sure we'll have larger conversations there about #E2EE in general.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
@benpate Scanned the specs.
Yeah, that's about how I'd have done it in AP. But the result is like encrypted email, metadata is still public.
That's more or less why I stopped looking at AP as a viable transport. But if you need to stay within it, then yes, looks reasonable.
I haven't looked in a lot of detail, obviously.
-
@benpate Scanned the specs.
Yeah, that's about how I'd have done it in AP. But the result is like encrypted email, metadata is still public.
That's more or less why I stopped looking at AP as a viable transport. But if you need to stay within it, then yes, looks reasonable.
I haven't looked in a lot of detail, obviously.
Yes.
My understanding of MLS is that there is a fair amount of metadata that's public in general. So, group ids, and members of each group are more or less in plaintext, regardless of the transport.
So, it's not *perfect* but it's better than just sending everything in plaintext.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
-
Yes.
My understanding of MLS is that there is a fair amount of metadata that's public in general. So, group ids, and members of each group are more or less in plaintext, regardless of the transport.
So, it's not *perfect* but it's better than just sending everything in plaintext.
-
since it is being funded by the German government, will it have backdoors for specific German priorities?
@rapsneezy2 Ha! None that I know of
We're (Mastodon, Bonfire, and Emissary) not doing this from scratch. It's building on MLS, which is an open standard for end-to-end encrypted messages that is used by many big players in tech.
Plus, all of this is open source (mine is here: https://github.com/EmissarySocial/conversations-mls) so hopefully any theoretical back doors would be found by interested parties.
If you're interesting in auditing some code, I'd *love* for you to participate!
-
@benpate I wouldn't count on that.
In the announcement Mastodon team credits SWF for work on E2EE, not the people doing actual research. That's part of the deal.
-
@benpate I wouldn't count on that.
In the announcement Mastodon team credits SWF for work on E2EE, not the people doing actual research. That's part of the deal.
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
-
-
@silverpill @benpate it really seems nothing has changed after the recent reorganization.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
Sorry if I'm missing a part of your context..
This whole project should be "backward compatible." It's pretty easy to tell if your recipients all accept encrypted messages or not, so if you're messaging someone who doesn't accept encrypted messages, it should just fall back naturally to regular DMs.
-
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
