Have you seen this news?
-
-
@silverpill @benpate it really seems nothing has changed after the recent reorganization.
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
Sorry if I'm missing a part of your context..
This whole project should be "backward compatible." It's pretty easy to tell if your recipients all accept encrypted messages or not, so if you're messaging someone who doesn't accept encrypted messages, it should just fall back naturally to regular DMs.
-
@silverpill SWF built the original spec that we're building to. They did a TON of research and groundwork ahead of time.
I'll just have to graffiti Wikipedia myself.
-
Interesting take / prediction, thx for sharing!
> Want E2EE? Use PGP/GPG and do it yourself.
This bit doesn't fly with me; E2EE is For The People.
My sense is that "just roll your own" ignores the accessibility gap; that the DIY approach may be too complex for others.
(Admittedly not speaking from experience; I'm a #Signal user which is quite user-friendly)
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
-
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesn’t stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
-
Completely agree, "roll your own" overcomplicates things. I simplified to spur curiosity, & why I ended with use of alternative tools for private messaging, like signal.
It can be simple. Generate your public/ private keys, & start trading public keys with people. When you send a message to someone it'll be encrypted using their public key & only able to be decrypted by their private key so your message to them stays secure. Sign that message with your signature to prove origin.
The question with E2EE & SNS quickly becomes: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?
It's why many people say: keep the public social layer unencrypted & use purpose built tools like Signal for private conversations.
Also, metadata, note that E2EE doesn’t stop the network from seeing who talks to who, when, or how often, so privacy is leaky even if message content is encrypted.
-
To introduce E2EE into public‑facing SNS & simultaneously try to “solve” abuse, moderation, & legal exposure, the path of least resistance is likely to be “just verify everyone”, pushing identity‑linked, KYC‑style identity checks as a way to “anchor” trust & accountability.
The loudest voices may start demanding identity verification.
Awful for privacy, & it’s exactly why I strongly believe E2EE should be kept out of the core social layer & kept within dedicated tools instead.
-
@benpate did you hear that Mastodon’s next version implemented Activity Intents, as well? Things keep getting better!
@andypiper Activity Intents, abbreviated as AI?
-
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
-
Have you seen this news?
#Mastodon just got funding to add end to end encryption into their software.
So, some time next year, you’ll be able to send truly private messages to the vast majority of the #Fediverse
Im so excited about this.
Because it’s an open spec, this opens the doors for every Fediverse app to join the party.
Yesterday, this project was a proof of concept. Today, Mastodon has turned it into a stampede.
https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
-
@rusty__shackleford @benpate @dusk i think a good middle ground for letting people to have private discussions on fediverse is just allowing people to do PGP themselves or in 3rd party clients, with a "buyer beware" kind of scenario
building it into servers puts a lot more responsibility in the hands of server admins. and risk for abuse. i don't want my admin holding onto my private keys and i don't necessarily trust my server to generate keys for me either ...
people with the know-how to generate and manage their own keys can deal with the potential negatives and headaches associated with it. just running servers as they already exist is plenty of work for mastodon admins i would imagine -
Interesting times ahead. I wonder if they will go for the Signal Protocol Post-Quantum Ratchets or similar?
Not Signal, MLS, which is similar but run by a group of industry organizations.
Post-quantum is possible in MlS, depending on the crypto algorithms you choose.
There’s more info about the project in general on https://emissary.dev/e2ee — though Mastodons announcement is a big new development I haven’t covered yet.
-
@rusty__shackleford @benpate @dusk i think a good middle ground for letting people to have private discussions on fediverse is just allowing people to do PGP themselves or in 3rd party clients, with a "buyer beware" kind of scenario
building it into servers puts a lot more responsibility in the hands of server admins. and risk for abuse. i don't want my admin holding onto my private keys and i don't necessarily trust my server to generate keys for me either ...
people with the know-how to generate and manage their own keys can deal with the potential negatives and headaches associated with it. just running servers as they already exist is plenty of work for mastodon admins i would imagine@sampler @rusty__shackleford @dusk
A) that excludes 99% of the population, who deserve the same level of privacy as you do.
B) since it’s E2EE, most of the work is on your client. The updates to the server are minimal (C2S API + publish public key packages). So EVERY Fediverse server could support this. You’d just need a client that can send/receive encrypted messages.
C) Don’t let “perfect” be the enemy of “good” - giving people easy, modern tools is a win, even if the NSA can hack it.
-
@rusty__shackleford @dusk @benpate dealing with spam (and other forms of abuse) when e2ee is mixed with federated SNS seems really hard. agree 100% with your assessment
-
@benpate I'm wondering what the advantage of e2ee private messages on Mastodon is when we have Signal, Matrix and other robust encrypted messaging tools that you could invite a friend to if you want to have a private conversation.
Is anyone worried about this creating moderation issues?
Generally I'm in favor of privacy and security, but I'm just not sure what the value of this feature is on Mastodon. Maybe you or others can provide your perspective on this.
-
M monkee@chaos.social shared this topic
