potential progress on adding E2EE (end-to-end encryption) messaging to ActivityPub (github.com)

submitted 2 months ago* (last edited 2 months ago) by asante@hexbear.net to c/technology@hexbear.net

6 comments fedilink hide all child comments

i should stress that no development has been made to this since last month and the only recent development was the sole contributor suggesting the idea to the official ActivityPub repo last week.

the contributor proposed sending an E2EE message as follows, using PGP keys that are stored with password encryption on the instance's server:

It requests the recipents public key
If there is a recipent public key, it sends the recipents public key to the sender
If there is a recipient public key, it encrypts the message
If there is no recipient public key, it will warn the user that this message will send unencrypted and the user can reject sending the message or continue sending the message with encryption.
The message is sent to the user

currently, fediverse services just use existing E2EE services (Matrix, XAMPP, etc.) and while the demand isn't big i think it would be really convenient. especially as a part of ActivityPub, E2EE messages would work over different fedi services to any fedi account, as opposed to separate, incompatible implementations maintained by each fedi service.

what do you guys think about this idea? cool or no?

edit: btw if you don't know, "private" messaging on fediverse is equivalent to mentioned-only posting, meaning the instance admins can read them as plaintext. this is why Lemmy has a disclaimer warning that your messages aren't private, has a Matrix account field on your profile to securely message with and why virtually no fedi services have tried implementing E2EE encryption

you are viewing a single comment's thread
view the rest of the comments

[-] asante@hexbear.net 1 points 2 months ago* (last edited 2 months ago)

generally, hacks that manipulate public keys are mitigated by the fact that they aren't compatible with already-existing signatures and signed messages as well as the corresponding private key stored on the user's device. it's the same way that expired/wrong certificates on HTTPS websites prevent the website from being accessed in the case that there is an attack (key manipulation, man-in-the-middle attack).

if a signature was also stored on the user's device, then a manipulated public or private key could be verified every time private messages are created or accessed, appending to an error log (useful for identifying a server breach) and requiring a new PGP public-private key pair to send future private messages.

this post was submitted on 21 Jul 2024

56 points (100.0% liked)

technology

23238 readers

251 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

Jadzia_Dax@hexbear.net

blashork@hexbear.net

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net