That’s very cool.
How much work is happening on Hubzilla now? Is there a chance that we could implement this same MLS-based protocol on it?
I think the server-side work is minimal. And, you could even use my Typescript code as a starting point…
Discussion
Loading...
@benpate
Trouble is, it requires JavaScript, so would never work in #snac2 or the #Brutaldon Mastodon client!
This is true. But it is the only way to guarantee that the complex math of encrypting your messages happens before anyone else can see it.
I am building this in very distinct layers, so I am hopeful (but cannot guarantee) that someone in the future can come along and repackage this as an installable app.
yes but I like #matrix...
it's complicated. I'd love the simplicity of one ID but I also think social media (public) and social networking (close community) need to be somewhat separate. old school twitter was a great example of the former vs the latter encompassing how we connect with family, friends and interest groups on Facebook. I'd argue phone calls and texting is social networking too.
anyway, the distinction matters for moderation. basically everybody vs just people I trust.
I’ll try to post some screenshots when I have them, so you can see where this is heading. I think the UX is critical for this to work right, and I think it will feel really smooth and natural when we roll this out.
I'm sure it will be great but I could also see approaching it by having server software and apps that did both AP and matrix.
I imagine the future being less about running an AP server than running a server for musicians that does AP but also simultaneously some new protocol that lets it be part of a decentralized Spotify etc. For most people, they probably don't want separate servers and apps for microblogging, pics, videos. etc.
@wjmaggos Yes, and this (obviously) doesn’t replace Matrix.
On the Fediverse, I think direct messages / private messages are underdeveloped. I was just talking to someone who REALLY wants this, and also wants a more standard UI for small conversations.
The plan is to have both modes available, with newsfeeds for public conversations, and a separate panel (or even a separate app connecting to my Emissary profile) to manage private messages (both encrypted and plaintext.
Re: Wouldn’t it be cool if you could send encrypted DM’s on the Fediverse BEFORE you could do it in Bluesky?
@benpate@mastodon.social jr pna, V nz fraqvat lbh n urnivyl rapelcgrq zrffntr evtug abj, va snpg! Vg vf fb tbbq lbh pna rira eha gur pvcure gjvpr naq vg vf qbhoyr rapelcgrq.
@ Ben Pate 🤘🏻 Technically speaking, Hubzilla has had encryption for years already, probably for longer than Mastodon has even been around. It comes on top of Hubzilla's permissions system which already makes Hubzilla inherently more private and secure than Mastodon.
Downside: Hubzilla's encryption only works within Hubzilla where it is an official, optional add-on. I'm not even sure if it works beyond the Zot6 protocol. But still, one can't say that the Fediverse doesn't have any encryption anywhere.
CC: @ Ben Ramsey @ Emanuele Panz
# Long # LongPost # CWLong # CWLongPost # FediMeta # FediverseMeta # CWFediMeta # CWFediverseMeta # Fediverse # Hubzilla # Encryption
That’s very cool.
How much work is happening on Hubzilla now? Is there a chance that we could implement this same MLS-based protocol on it?
I think the server-side work is minimal. And, you could even use my Typescript code as a starting point…
@ Ben Pate 🤘🏻 Well, we're kind of in the aftermath of the recent Hubzilla 11 release. And I think the devs still have fresh plans.
# FediMeta # FediverseMeta # CWFediMeta # CWFediverseMeta # Hubzilla
Double-replying to add: congratulations on the release, BTW.. I think I saw a presentation on this at FOSDEM.
🎉🎉🎉
You. I hear you. The “to do” list is always too long…
Well, Once I have a handle on the work involved, I’ll try to write up a guide for implementing this.
If you already support the C2S API, the server end should be next to nothing. E2EE means 97% of the work is on the client.
Yes. And so are @Bonfire and I. Check out https://emissary.dev/e2ee
Sorry for being obtuse :)
We have chatted with @soatok (should I say, Mr. Tok?) about the project a bit, and welcomed his advice.
@benpate There’s not a lot stopping this from being added at the client level today, but the 500-character default restrictions set by the Mastodon (and other) server software makes it difficult to fit into a single post.
On a technical level, yes. But you’d need a highly customized client or the UX would be atrocious.
We do have an effort going on now - not with Mastodon, but on the Fediverse in general - that’s aiming to launch mid-year.
So, it’s not a “what if” but really a “pretty likely to happen”
I love when open tech leads!
@ramsey @benpate I was able to do it a decade ago with Twitter DMs - although that had a 10k character limit.
https://shkspr.mobi/blog/2015/09/pgp-encrypt-twitter-dms-with-keybase/
@ramsey @benpate I was able to do it a decade ago with Twitter DMs - although that had a 10k character limit.
https://shkspr.mobi/blog/2015/09/pgp-encrypt-twitter-dms-with-keybase/
@benpate I wonder if the Fediverse can build on the back of the Signal Protocol. I think that protocol is non-federated, so folks would need to figure out a way to federate it, which is probably really tricky.
@benpate @ramsey @soatok is working on federated public key exchange specification and an example implementation (it's in PHP): https://github.com/fedi-e2ee .
@benpate @ramsey @thomas_shone The reference implementations are in PHP, but there's nothing preventing a Go or Rust implementation from materializing later on.
https://soatok.blog/2026/01/15/software-assurance-that-warm-and-fuzzy-feeling/ explains the testing methodology behind this project.
https://publickey.directory offers at-a-glance project status
@soatok @benpate @thomas_shone Since PHP is my primary programming language, that’s good for me.
We are. 😳
To be more helpful and specific, we are using the MLS protocol, which is an open standard inspired by the signal protocol.
I’ve written up my description of the project here, with links to the official announcements and specifications: https://emissary.dev/e2ee
@benpate
The @HolosSocial project i mentioned after Your talk at #Fosdem does implement the e2ee with the signal protocol:
https://mastodon.social/@HolosSocial/115986023918493823
Maybe they are interested in collaboration on the e2ee activities.
@ramsey
Very cool! And thanks for the link.. I’ll check this out and see what I can learn 😀
We’re not using the Signal protocol exactly. Technically is the “MLS” protocol, which was inspired by Signal, but makes some important changes to the ways that encryption keys are generated and shared.
It’s complicated, but MLS makes it possible to efficiently create very large groups (like thousands of people) — something that gets very cumbersome with Signal.