Wouldn’t be great if ActivityPub supported something like E2EE private chats between any user from any instance of any project.
I believe the possibility to find and chat with anyone in facebook and Instagram is what have made them have a monopoly in the social media verse.
This could be done through P2P technology or through the integration of an xmpp server. so that you don’t have to use another service to safely chat with new acquaintances. and you can rest sure that your conversation is private and can’t be read by the instance admins.
I’ve read that mastodon devs are thinking about ways to add this. but I don’t think it will b interoperable.
I know It will be hard to bring fediverse projects to agree on a common standard. but I try and keep my hopes high.

I’d better see Matrix integration, there’s something happening https://jasonrobinson.me/content/9db6bef7-e001-4de1-960a-6a24b59e5609/

@dragonX
creator
4
edit-2
4M

Apparently, Matrix is working on a micro blogging solution on top of the Matrix protocol called Cerulean.
My point is for these projects to come together an draft a secure E2EE private chat as an extension to activityPub. not scattered experiments here and there.
Maybe a consortium can help bring these projects to an agreeable solution. but knowing how fragmented open source world the possibility is quite slim.

From what I understand, Cerulean is more a proof of concept rather than in the works, tons of other more important things to implement. It first needs to have a proper spec on the Matrix side, then maybe an ActivityPub bridge, but the spec first. The answer anyway is - you want, you do, that’s open source.

@dragonX
creator
34M

Not a developer sorry, just an overtly hyped user ! :-(

So then just wait when someone implements what you want, as I do.

@koalp
7
edit-2
4M

I think that each software should do one thing (and provide interopérability). I don’t think that copying solutions of big companies are a good solution as they have the people to maintain huge monolith that do a lot of things but I don’t think community maintained projects can maintain such softwares, nor do I think it’s a good way to welcome new developers.

I would rather like a simple link to matrix username in the bio or an integration with an existing solution with a unique identity.

Therefore I hope it won’t happen because it would complexify the protocol when e2ee private chats already exist.

@dragonX
creator
3
edit-2
4M

Your point is valid. even though having a unified solution will help more people migrate.
If you provide a matrix handle, someone else will prefer Jami, another one Session, and so on … in this case people will feel the need to go back to facebook, instagram and whatsapp to communicate because installing 20 apps is not worth the hassle.
If matrix could get integrated with the use of bridges, It will be a good compromise too so you can bridge your mastodon account and have your messages sent directly to your matrix account and answer directly from mastodon without having to open Matrix! something like how messenger is integrated inside facebook!

@dragonX
creator
1
edit-2
4M

interopérability

  • dois-je comprendre que tu parle français ?
@koalp
24M

Oups. Oui, effectivement 🙃

poVoq
74M

Given that you can set-up an XMPP server using the same webfinger addresses as used by Mastodon etc. this is very much already possible and rather a question of coming up with an easy implementation.

Pleroma at least already has an relatively easy to use integration with an XMPP server and a tighter integration seem feasible given that Pleroma also uses Erlang similar to Ejabberd.

The alternative is using Movim.eu (although it does not have e2ee yet). It basically does the reverse, i.e. adding a social media website to your XMPP chat app. There are also some (very early) ideas to bridge it to ActivityPub.

E2EE doesn’t really make sense if you are using it through a website. The website could trivially send 3 lines of JS that steal all of your private keys and past messages once and then delete itself, without leaving any trace. E2EE encryption in the web browser only brings superficial security.

@dragonX
creator
34M

If I understood well, This exploit is still possbile with services like protonmail, tutanota and mega ??

Yep, as well as numerous password managers for example. It’s not really as much an exploit as it is a crappy security model.

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org

  • 0 users online
  • 41 users / day
  • 60 users / week
  • 155 users / month
  • 496 users / 6 months
  • 3315 subscribers
  • 1079 Posts
  • 3134 Comments
  • Modlog