Important progress has been made regarding bringing MLS end-to-end encryption to the ActivityPub protocol, with developers already building implementations and providing feedback to a future version of the protocol spec.
this is misleading and sensationalistic. if emissary implements e2ee, it’s not “e2ee for the fediverse”, it’s " e2ee for emissary users". did mastodon talk about e2ee? did lemmy?
also the MLS-in-activitypub draft proposes for trusted key exchange either " trust the server" (lmao), use a centralized key authority (wow) or have users manually verify their keys out of band (so basically use matrix to assure your chat is encrypted). source: https://swicg.github.io/activitypub-e2ee/architectural-variations.html#validating-end-to-end-encryption
fedi devs need to stop clickbaiting, and fedi users should learn a bit more about their protocol to avoid getting misled this way
I felt like a 90 year old grandma reading this.
Fediverse and Linux have to be the most unholy tech union in existence.
Fake journalists not even bothering to google that XMPP exists #10496839485.
This is about implementing E2EE directly into ActivityPub, so that has nothing to do with this.
I have a bit of an issue with the title, considering federated end to end encrypted messaging has existed since, at the latest, 1991.
Well now this sounds interesting. And I assume it’s open source?
It seems so, as the project (Emissary) is using the GNU Affero GPL.
Also XMPP with omemo?
We should always have more alternatives to chose from - good to see so many players.
@benpate@mastodon.technology that’s amazingly quick work after just under four weeks. I’m looking forward to the result.
MLS will eventually be included in all messengers.
It was initially introduced by Wire as an RFC, but they fumbled the federation by making it an enterprise only feature. Because of that, other messengers will do the federating for them. iMessage, Google Messenger, Matrix, and Germ DM (Bluesky) do or partly have it implemented.
Why?
What benefit does this have over Signal/Matrix?
The article just says “improvements”.
why? because it would be cool if only intended recipients are able to view sent messages.
That’s not really going to be the case if you’re using a website instead of an audited app like signal/matrix.
that argument doesn’t hold. you’re letting perfect be the enemy of good-and if you truly believe that, then you wouldn’t be recommending Matrix which has web clients, see https://app.element.io/
Any we client including Matrix webclient is incredibly vulnerable to the server just injecting JS and reading your messages.
Like there is no point of E2E encryption in Twitter, Musk can read your messages if you open them on any device he can execute arbitrary code on.
Any we client including Matrix webclient is incredibly vulnerable to the server just injecting JS
That doesn’t preclude fediverse clients from enabling E2EE. A web-client isn’t a requirement.
Like there is no point of E2E encryption in Twitter, Musk can read your messages if you open them on any device he can execute arbitrary code on.
Agreed, nobody should trust twitter, but I would trust most mastodon clients to send encrypted messages, if/when implemented correctly. Does it guarantee that messages will never be read? No, but it does an extra layer that wasn’t there before.
One benefit is that Signal controls all the infrastructure and some people do not like that. Sure, you could also spin up a Matrix home server, but that isn’t an ideal solution for everyone either. Some people want to do messaging via their existing ActivityPub infrastructure and that’s OK.
So, I used messaging here in the broad sense. One possible application for it is instant messaging, which there are ActivityPub implementations out there doing that. But it can also be used for statuses or pretty much anything else that gets federated.
That actually sounds cool, I wonder if they could support Hidden containers, so the same message can be decypted to different messages by different users.
Major League Soccer messaging? Let’s goooo
Let’s gooooooo
Finally I can discuss my scat fetish with my fellow scat enthusiasts away from the prying eyes of the NSA!
Nyeh-heh heh heeh!
Scat fetish means you like scat singing, right? scatman
i came 😩
this will pair nicely with my shit fetish videos
But, what about Session? It’s decentralized, E2EE, uses Lokinet, seems pretty solid, no?
No phone, email, or other info needed to sign up
good news everybody!
