The prospect of making the Fediverse more secure is an ongoing topic, with a number of developers, privacy advocates, and user communities weighing in on how to do it. On Tuesday evening, ActivityPub spec co-author Evan Prodromou announced that he and Tom Coates have received a grant to develop end-to-end encryption (E2EE) for the protocol.
Very happy to announce that @tomcoates and I have been given a #SummerOfProtocols grant to develop an end-to-end encryption (E2EE) protocol for #ActivityPub DMs, including a reference implementation and a report to submit to the W3C SocialCG.
https://forum.summerofprotocols.com/t/sop-2024-pig-and-pog-grantees/1270
In his proposal, Evan calls out that while ActivityPub is encrypted in transit, there is no standard way of keeping it encrypted at rest. While this isn’t a problem for public-facing posts, this is a non-starter for a lot of users when it comes to DMs and will certainly be a welcome addition. Any social web platform could implement E2EE for themselves, but a standardized format will enable users of different Fediverse services to DM each other through the lens of the social platform of their choice.
Independent Efforts
That’s not to say that others haven’t already been trying. Daniel Supernault, creator of Pixelfed, has been working on his own ActivityPub-based DM solution named ‘Sup’. It would be a bring-your-own account service with a promise of being E2EE via the Messaging Layer Security Protocol.
sup. is an open source encrypted fediverse instant messenger, similar to whatsapp, made by pixelfed.
The beta will be launching later this month, and btw most fediverse accounts will work, not just Pixelfed ?
— dansup (@dansup) 2023-08-05T11:38:40.670Z
At this point, E2EE DMs in the Social Web aren’t a question of “if” , but “when”. This is still early stages of this proposal, Sup is still in development, and there’s more research to be done – but, the ability for Fediverse platforms to support encrypted private messages holds immense promise for making the network more secure.