Discussion

@unattributed@gotosocial.social · 17 hours ago

Curiosity question... Currently, if you are sending DM's between two users and a third is added part way through, the third party can see all the previous messages. That is a highly undesirable situation. If I understand correctly, this is a limitation / side effect of the ActivityPub specification.

Will this be resolved, or is it part of the spec, for this solution? IE, will there be a way to be certain that third parties cannot see previous portions of a Private DM thread? Or better, will it be default behavior to not expose the previous messages to third parties who are added to the thread later?

Hans Sigar

@hans_sigar@mastodon.social replied · 14 hours ago

@benpate @swf @sovtechfund @bonfire Sounds promising. Good luck.

Ben Pate 🤘🏻

@benpate@mastodon.social replied · last week

What will this mean? We're working with extensions to ActivityPub to bring top-tier encryption into the Fediverse - the same industry standard that powers Android, Apple, Discord, and others.

We're aiming to release our first versions mid-year.

#Bonfire and #Emissary are great choices because each is a sort of "application builder" that can be molded to fit many different situations. It's going to be a massive undertaking, but I'm looking forward to the results

@swf @sovtechfund @bonfire

screenshot of a dialog titled "encrypted message". "Ben Pate" in the "Participants" field, message box is empty, and text above the "Send encrypted" button says "This will be encrypted before it leaves this device and will not be readable by anyone other than the recipients".

unattributed

@unattributed@gotosocial.social replied · 17 hours ago

@benpate
@swf @sovtechfund @bonfire

Jupiter Rowland

@jupiter_rowland@hub.netzgemeinde.eu replied · 12 hours ago

@ unattributed 𓂃✍︎ @ Ben Pate 🤘🏻 @ Social Web Foundation @ Sovereign Tech Agency @ Bonfire Ideally, one day, the highly advanced permissions system available on Hubzilla (based on Zot, ActivityPub optional), (streams) (based on Nomad, ActivityPub optional) and Forte (based on ActivityPub) would be cast into one or multiple FEPs.

This would solve this issue by not only controlling who receives a DM, but also who is permitted to see the DM. In combination with FEP-171b Conversation Containers (which was invented on (streams), inherited by Forte and backported to Hubzilla), the permissions of the DM would be inherited by all comments and replies to the DM with no way of ever changing these permissions anywhere in the conversation.

See, if I send a DM to Alice and Bob, then only Alice, Bob and I are permitted to see the DM. Also, only Alice, Bob and I are permitted to participate in the conversation, and Alice, Bob and I can see each comment and reply, but only the three of us are permitted to see them. The entire conversation has the exact same permissions all over, inherited from the initial DM.

Anyone of us can mention Carol all we want. But that does not give her permission to see anything in the conversation, not even the comment/reply that mentions her. Once the initial DM is out, its permissions are set in stone, and it's also set in stone that any and all follow-ups in the same conversation have the same permissions as the initial DM.

This does not even require encryption. That said, at least Hubzilla does offer encryption on top of the permissions system; however, it's only compatible within Hubzilla AFAIK.

# Long # LongPost # CWLong # CWLongPost # FediMeta # FediverseMeta # CWFediMeta # CWFediverseMeta # Hubzilla # Streams # (streams) # Forte # FEP_171b # ConversationContainers # Permission # Permissions # DM # DMs # DirectMessage # DirectMessages # PrivateMessage # PrivateMessages

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.40 no JS en

Automatic federation enabled