this post was submitted on 25 Feb 2026
476 points (97.4% liked)

Fediverse

40550 readers
655 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
476
Federated End-to-End Encrypted Messaging is Coming Soon (wedistribute.org)
submitted 1 day ago by deadsuperhero@lemmy.world to c/fediverse@lemmy.world
97 comments fedilink hide all child comments
 

Important progress has been made regarding bringing MLS end-to-end encryption to the ActivityPub protocol, with developers already building implementations and providing feedback to a future version of the protocol spec.

you are viewing a single comment's thread
view the rest of the comments
[–] iltg@sh.itjust.works 40 points 1 day ago* (last edited 1 day ago) (11 children)

this is misleading and sensationalistic. if emissary implements e2ee, it's not "e2ee for the fediverse", it's " e2ee for emissary users". did mastodon talk about e2ee? did lemmy?

also the MLS draft (supposedly "better than signal ") proposes for trusted key exchange either " trust the server" (lmao), use a centralized key authority (wow) or have users manually verify their keys out of band (so basically use matrix to assure your chat is encrypted). source: https://swicg.github.io/activitypub-e2ee/architectural-variations.html#validating-end-to-end-encryption

fedi devs need to stop clickbaiting, and fedi users should learn a bit more about their protocol to avoid getting misled this way

[–] Abundance114@lemmy.world 20 points 1 day ago (4 children)

I felt like a 90 year old grandma reading this.

[–] gajahmada@awful.systems 9 points 1 day ago* (last edited 1 day ago) (2 children)

You and me both.

But after pondering the orbs for a minute I think they're saying, that it's just Emissary trying to get E2EE working and not Fediverse as a whole.

And they follow with some objection with the proposed draft. I can only comment on the 3rd one, it basically mean you need other channel of communication to manually compare fingerprint (i.e via Matrix/Signal) to make sure your activities on Emissary is actually encrypted, maybe lol.

[–] WhyJiffie@sh.itjust.works 0 points 9 hours ago (1 children)

but wouldn't you also need to verify the matrix/signal contact? both of them gives you the option to verify the other, but its very rarely used by people. so, you need either an already verified secure channel, or meeting on the street.

but then again we don't actually know each other. so if we meet, how would you know it's actually me, and not someone impersonating me?

[–] gajahmada@awful.systems 2 points 8 hours ago

how would you know it's actually me, and not someone impersonating me?

Well, yeah the assumption here is that we both already knew and trust each other IRL and you personally give me this contact info and the check is there to make sure I was actually connected to you.

We as layman didn't do this but I would assumed someone who is a high profile target actually do this kinds of checks.

load more comments (1 replies)
load more comments (7 replies)