Encrypted DMs Are Coming to ActivityPub

https://wedistribute.org/2024/05/encrypted-dms-activitypub/

The prospect of making the Fediverse more secure is an ongoing topic, with a number of developers, privacy advocates, and user communities weighing in on how to do it. On Tuesday evening, ActivityPub spec co-author Evan Prodromou announced that he and Tom Coates have received a grant to develop end-to-end encryption (E2EE) for the protocol.

Very happy to announce that @tomcoates and I have been given a #SummerOfProtocols grant to develop an end-to-end encryption (E2EE) protocol for #ActivityPub DMs, including a reference implementation and a report to submit to the W3C SocialCG.

https://forum.summerofprotocols.com/t/sop-2024-pig-and-pog-grantees/1270

In his proposal, Evan calls out that while ActivityPub is encrypted in transit, there is no standard way of keeping it encrypted at rest. While this isn’t a problem for public-facing posts, this is a non-starter for a lot of users when it comes to DMs and will certainly be a welcome addition. Any social web platform could implement E2EE for themselves, but a standardized format will enable users of different Fediverse services to DM each other through the lens of the social platform of their choice.

Independent Efforts

That’s not to say that others haven’t already been trying. Daniel Supernault, creator of Pixelfed, has been working on his own ActivityPub-based DM solution named ‘Sup’. It would be a bring-your-own account service with a promise of being E2EE via the Messaging Layer Security Protocol.

sup. is an open source encrypted fediverse instant messenger, similar to whatsapp, made by pixelfed.

The beta will be launching later this month, and btw most fediverse accounts will work, not just Pixelfed ?

— dansup (@dansup) 2023-08-05T11:38:40.670Z

At this point, E2EE DMs in the Social Web aren’t a question of “if” , but “when”. This is still early stages of this proposal, Sup is still in development, and there’s more research to be done – but, the ability for Fediverse platforms to support encrypted private messages holds immense promise for making the network more secure.

Photo of Anuj Ahooja

Anuj Ahooja

Anuj is an engineering leader, formerly at Flipboard and Amazon, seeking an interoperable future for technology. His investment in the social web began during his time at Flipboard but stems from a greater ideology that platforms should run on interoperable standards to enable competition. Currently, he is working on his own social web projects and is writing at WeDistribute and his own blog, augment.ink.

Back to top button

{
"by": "hn1986",
"descendants": 0,
"id": 40241595,
"score": 7,
"time": 1714685651,
"title": "Encrypted DMs Are Coming to ActivityPub",
"type": "story",
"url": "https://wedistribute.org/2024/05/encrypted-dms-activitypub/"
}
{
"author": "Anuj Ahooja",
"date": "2024-07-25T01:06:44.000Z",
"description": "A recent proposal and grant funding might finally make secure, encrypted private messaging viable for the entire network.",
"image": "https://i0.wp.com/wedistribute.org/wp-content/uploads/2024/05/mail-1.png?fit=780%2C470&ssl=1",
"logo": null,
"publisher": "We Distribute",
"title": "Encrypted DMs Are Coming to ActivityPub - We Distribute",
"url": "https://wedistribute.org/2024/05/encrypted-dms-activitypub/"
}
{
"url": "https://wedistribute.org/2024/05/encrypted-dms-activitypub/",
"title": "Encrypted DMs Are Coming to ActivityPub",
"description": "The prospect of making the Fediverse more secure is an ongoing topic, with a number of developers, privacy advocates, and user communities weighing in on how to do it. On Tuesday evening, ActivityPub spec...",
"links": [
"https://wedistribute.org/2024/05/encrypted-dms-activitypub/",
"https://wedistribute.org/?p=7750"
],
"image": "https://i0.wp.com/wedistribute.org/wp-content/uploads/2024/05/mail-1.png?fit=780%2C470&ssl=1",
"content": "<div>\n\t\t<div>\n\t<article>\n<div><figure><img src=\"https://i0.wp.com/wedistribute.org/wp-content/uploads/2024/05/mail-1.png?resize=780%2C470&amp;ssl=1\" srcset=\"https://i0.wp.com/wedistribute.org/wp-content/uploads/2024/05/mail-1.png?w=780&amp;ssl=1 780w, https://i0.wp.com/wedistribute.org/wp-content/uploads/2024/05/mail-1.png?resize=300%2C181&amp;ssl=1 300w, https://i0.wp.com/wedistribute.org/wp-content/uploads/2024/05/mail-1.png?resize=768%2C463&amp;ssl=1 768w\" /></figure></div>\n\t\t<div>\n<p>The prospect of making the Fediverse more secure is an ongoing topic, with a number of developers, privacy advocates, and user communities weighing in on how to do it. On Tuesday evening, ActivityPub spec co-author <a target=\"_blank\" href=\"https://evanp.me/\">Evan Prodromou</a> announced that he and <a target=\"_blank\" href=\"http://plasticbag.org/\">Tom Coates</a> have received a grant <a href=\"https://cosocial.ca/@evan/112363426896322946\" target=\"_blank\">to develop end-to-end encryption</a> (E2EE) for the protocol.</p>\n <blockquote>\n <p>Very happy to announce that <span><a target=\"_blank\" href=\"https://me.dm/@tomcoates\">@<span>tomcoates</span></a></span> and I have been given a <a target=\"_blank\" href=\"https://cosocial.ca/tags/SummerOfProtocols\">#<span>SummerOfProtocols</span></a> grant to develop an end-to-end encryption (E2EE) protocol for <a target=\"_blank\" href=\"https://cosocial.ca/tags/ActivityPub\">#<span>ActivityPub</span></a> DMs, including a reference implementation and a report to submit to the W3C SocialCG. </p><p><a href=\"https://forum.summerofprotocols.com/t/sop-2024-pig-and-pog-grantees/1270\" target=\"_blank\"><span>https://</span><span>forum.summerofprotocols.com/t/</span><span>sop-2024-pig-and-pog-grantees/1270</span></a></p>\n </blockquote>\n<p><a target=\"_blank\" href=\"https://forum.summerofprotocols.com/t/pig-end-to-end-encryption-in-activitypub/440\">In his proposal</a>, Evan calls out that while ActivityPub is encrypted in transit, there is no standard way of keeping it encrypted at rest. While this isn’t a problem for public-facing posts, this is a non-starter for a lot of users when it comes to DMs and will certainly be a welcome addition. Any social web platform <em>could</em> implement E2EE for themselves, but a standardized format will enable users of different Fediverse services to DM each other through the lens of the social platform of their choice.</p>\n<h2 id=\"h-independent-efforts\">Independent Efforts</h2>\n<p>That’s not to say that others haven’t already been trying. Daniel Supernault, creator of Pixelfed, has been <a target=\"_blank\" href=\"https://wedistribute.org/2023/08/sup-by-pixelfed-is-coming/\">working on his own ActivityPub-based DM solution</a> named ‘Sup’. It would be a bring-your-own account service with a promise of being E2EE via the <a target=\"_blank\" href=\"https://datatracker.ietf.org/doc/rfc9420/\">Messaging Layer Security Protocol</a>.</p>\n <blockquote>\n <p>sup. is an open source encrypted fediverse instant messenger, similar to whatsapp, made by pixelfed.</p><p>The beta will be launching later this month, and btw most fediverse accounts will work, not just Pixelfed ?</p>\n <p>\n — dansup (<a target=\"_blank\" href=\"https://mastodon.social/@dansup\">@<span>dansup</span></a>) \n <a target=\"_blank\" href=\"https://mastodon.social/@dansup/110836811082599292\">2023-08-05T11:38:40.670Z</a>\n </p>\n </blockquote>\n<p>At this point, E2EE DMs in the Social Web aren’t a question of “if” , but “when”. This is still early stages of this proposal, Sup is still in development, and there’s more research to be done – but, the ability for Fediverse platforms to support encrypted private messages holds immense promise for making the network more secure.</p>\n\t\t</div>\n\t</article>\n\t<div>\n\t\t\t\t\t\t\t\t<p><a target=\"_blank\" href=\"https://wedistribute.org/author/quillmatiq/\">\n\t\t\t\t\t\t\t<img alt=\"Photo of Anuj Ahooja\" src=\"https://secure.gravatar.com/avatar/19fbba9d1ba2fde3ad0665f2b3d8023f?s=180&amp;r=g\" srcset=\"https://secure.gravatar.com/avatar/19fbba9d1ba2fde3ad0665f2b3d8023f?s=360&amp;r=g 2x\" />\t\t\t\t\t\t</a>\n\t\t\t\t\t</p>\n\t\t\t<div>\n\t\t\t\t\t\t\t\t\t\t\t<h3><a target=\"_blank\" href=\"https://wedistribute.org/author/quillmatiq/\">Anuj Ahooja</a></h3>\n\t\t\t\t<p>\n\t\t\t\t\tAnuj is an engineering leader, formerly at Flipboard and Amazon, seeking an interoperable future for technology. His investment in the social web began during his time at Flipboard but stems from a greater ideology that platforms should run on interoperable standards to enable competition. Currently, he is working on his own social web projects and is writing at WeDistribute and his own blog, augment.ink.\t\t\t\t</p>\n\t\t\t\t\t\t\t</div>\n\t\t</div>\n</div>\n\t\t<p><a target=\"_blank\" href=\"https://wedistribute.org/2024/05/encrypted-dms-activitypub/#go-to-tie-body\">\n\t\t\t<span></span>\n\t\t\t<span>Back to top button</span>\n\t\t</a>\n\t\t</p></div>",
"author": "Anuj Ahooja",
"favicon": "https://i0.wp.com/wedistribute.org/wp-content/uploads/2024/09/cropped-favicon-redone.png?fit=192%2C192&ssl=1",
"source": "wedistribute.org",
"published": "2024-07-25T01:06:44+00:00",
"ttr": 79,
"type": "article"
}