Home | Notifications | New Note | Local | Federated | Search | Logout
Note Detail
Phantasm@phnt@fluffytail.org (2026-04-14 22:11:01)
@benpate So what they are building is actually a way to later enforce censorship of a decentralized network by state actors.
image.png
image.png
RT: https://mastodon.social/users/benpate/statuses/116403046724832335
---Attachments---
image: https://upload.fluffytail.org/media/37/71/a1/3771a1963f1fa200ad8ea50bbd94a0da9bc44827d91095abdfd9016c4dfe806d.png?name=image.png
image: https://upload.fluffytail.org/media/62/68/64/626864e3f172c2dbcd1727f0a1476d5798b7ee200e04de24bbe320ccc2eb1eae.png?name=image.png
---Reply---
feld@feld@friedcheese.us (2026-04-15 00:32:06)
@phnt @benpate
> E2EE
> Fediverse
Complete and utter bullshit. Explain how they manage private keys. Not gonna happen. Their document skips this step and only discusses how to discover public keys. They're waiting until the last minute to solve this piece because it's the hardest part. How can you securely distribute them across every browser/session and app that people use to access Mastodon etc? If they were gonna copy Matrix's SSSS they'd have mentioned it
https://github.com/swicg/activitypub-e2ee/blob/main/architectural-variations.md
Reply
---Replies---
Phantasm@phnt@fluffytail.org (2026-04-15 00:41:27)
@feld @benpate I wonder what Soatok thinks of this after trying for years to wedge E2EE into ActivityPub. But ultimately, they went the easy route and chose MLS and AP as a dumb transport protocol.
They probably won't bother with proper key management and instead make it device-to-device, or copy the way OMEMO does it. Maybe with only publishing a new public key being possible by approving it from a device with an already published key.
I don't think any of this matters anyway as the whole concept is kinda useless when you already have 10+ secure messaging apps at your disposal.