This is a most excellent place for technology news and articles.
Direct link: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
And as you might guess from the actual title, this is about user-to-user messages. I'm not sure how useful this is, because a thoroughly secure implementation is unlikely. A server operator could easily MITM your messages, if you don't establish trust through a separate trusted channel.
Thank you. Exhausted and posted the wrong link. Appreciate it.
I'd be confused as to how it would work since most of the fediverse is accessed through webpages or APIs. How do you E2EE for whichever device will connect?
If I really want I can send the key to a friend I guess, but getting that to work on the various devices I may use seems a difficult task.
ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.
But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.
Is E2EE end to end encryption?
Yes!
Kind of strange that they abbriviated "to" with "2".
Even stranger that I still got it right. Unless you're messing with me. In which case, fair play. I'm totally clueless sometimes.
It's a fairly common thing when it comes to abbreviations. B2B, B2C immediately come to mind.
And, to top it off - don't beat yourself too hard. You're one of today's lucky ten thousand!
There is even an IANA RFC for three-letter acronyms (TLAs) (RFC5513), which says:
"For our usage, we also allow digits within a TLA. Thus, P2P is an
acronym meaning Purchase to Pay [URL-P2P]. The digits 2 and 4 are
specially used by clever people who have noticed that, when spoken,
they sound like the words 'to' and 'for'. Whether this is helpful
may be left as an exercise for the user considering the brief
conversation, below.
A - Do you use the Internet Streams Protocol?
B - Yes. Do you use ST, too?
A - No, I use ST2.
B - That's interesting. C uses ST2, too.
A - I have a car horn application called Toot-toot.
B - Really? Do you use ST2 to Toot-toot, too?"
I‘m not sure how this is handled in other places but since the Fediverse is a public forum I think you wouldn‘t have any rights to privacy on your Fediverse account in Germany. Any instance hosted there would likely still need to access your DMs if authorities order them to.
Still neat, though!
The Fediverse is anything and everything. Yes, in general it's a public forum, but if you run your own, you can still connect to others, have private conversations, etc. Until it really gets a groundswell and is tested in courts, I'd say we don't honestly know at this point.
Is email considered a public forum? I can make a DM on my GoToSocial similarly as I can send emails specifically directly to people or an entire mailing list.
Only time will tell though.
I thought Germany was cool. 🫤 Considering Tuta is based there.
I am sorry to tell you that nowhere is "cool". Or at least nowhere the main online services are located.
That sucks.
So this will apply to shitjustworks as well?
I think shitjustworks is Lemmy or Piefed. So those apps could implement encryption and then yup!
