I personally don't see the value add of e2e encryption to public posts in a federated social media.
DMS are the only place I could see it being beneficial.
this post was submitted on 16 Jan 2025
37 points (84.9% liked)
Fediverse
28996 readers
2748 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
Not public posts, rather posts to anyone who you have added. Similar to Facebook
I'm happy with Lemmy and Mastodon as is as it's a different purpose.
I remember thinking about this long time ago and even asking some hackers about it to get blank stares back. Basically, there are multiple problems around data access.
Take the simple scenario of a unfriending. Let's say you have 12 friends, but Susie turned out to be a real bitch and you unfriended her. You don't want Susie to have access to your photos, messages, and basically anything anymore! That means the encryption key has to change -->
Where is all the data hosted and who is going to reencrypt all the entire history from the point Susie became your friend until you unfriended her? The most secure would be that you have all your data and that you re-encrypt it. Great, you are data-frugal and have maybe 10MB you have to re-encrypt. But Karl, your photography pal paid for gigabytes of storage and now has to rencrypt a good chunk of that if he unfriends somebody.
You could of course say "fuck it, the asshole friend probably made a copy and re-encrypting is pointless", but then your ex-friend can just share the private key with the world and TADA, everybody has access to the files you shared with said friend.
And that's just one problem I can think of right now. When you take more time to think about it, you'll run into more and more stuff.
I'm not saying it's impossible, but it definitely isn't easy. Add to that that many people don't care and it's less likely. The closest I get to that is Signal.
Once you share a file with someone, they already have it. There's no point in trying to make them unable to view it after the fact.
Sharing != downloading forever. When you browse it, yes, technically it's in your cache, but that's why it's called a cache. Most people won't install a client that puts their browsing into long-term storage (unless Microsoft takes a screenshot for them and promises never to upload it somewhere). Regardless, it is still a security issue (as I just described with releasing the encryption key). You can choose to ignore it, until someone comes along and exploits it. Then you have a bunch of angry people screaming at you because you "didn't close an obvious security hole".
You realize you can download it forever at any point, right? Your threat model should be "anyone you share things to has saved them forever"
Once you give up trying to unshare things, then encrypted group chats make a lot of sense.
I'm not sure if you're intentionally missing the point or not. We're not talking about encrypted group chats. We're talking about encrypted Facebook. The amount and type of data involved is very different, so is how long the data will be retained.
But sure, if you want to ignore unsharing things, go ahead. Let's see how that'll work out for you 🤷
It will unshare the thing in the UI only, which is enough for regular people. Again, once you share it, it's out there
Damn, thank you for this response, I really appreciate it. This does make sense, and I do not understand a lot of the technical details, or how this problem would be solved. I just wish it was haha
The circles project, at least claims, to be built on top of Matrix, where everyone who you accept to follow you essentially joins a seperate matrix room with your content in it, and the "timeline" compilation is done via UI.
Can't say I understand what happens technically when someone is kicked from a matrix room, so what what happen with the encryption keys I dunno.
This does make sense, and I do not understand a lot of the technical details, or how this problem would be solved. I just wish it was haha
:D same. I think the solutions could be applied elsewhere too. They'd be very interesting.
Can’t say I understand what happens technically when someone is kicked from a matrix room, so what what happen with the encryption keys I dunno.
That depends on the client. Some clients will exit, some will stay in the room. Encrypted matrix rooms use "perfect forward secrecy", meaning new people can't read the past, and old people removed from the group/chain/chat cannot read new messages. So, being kicked from a room would still allow you to see all the chat history you stored. Or if you sign in with a device that didn't get the "kick" message yet, the server could still send you all the messages up until the point of the kick message.
I'm not sure how Matrix implements it and server + client implementations can differ.
Perfect backwards secrecy what be a trade-off I'd personally be fine with. To speculate a bit, the fact it's a 2 person room in the Futo Circles case inplifies things a bit. Your keys are different with every single person. It's like sending a mass e2ee message to every single contact you have, just that it's only fetched from the server if they go looking.
Having to re-encrypt stuff does seem like the biggest downfall here (if this understanding is even correct 😅)
This is indeed a complicated question, thanks for taking the time to respond :)
You are looking for https://movim.eu/
Appreciate you taking the time to reply, but this isn't what I'm looking for
At least I couldn't find any mention of end-to-end encryption outside messaging.
And it doesn't appear to be timeline (i.e. you post and anyone who you've connected with can see it), it's fully public blogs, private (but no mention of e2ee) chatrooms, and videoconferencing.
It's built on XMPP. XMPP provides direct and group (room) communications. If you set up OMEMO, any message you send will be encrypted and only visible to the recipient(s).
What you are calling "timeline" is equivalent to what they are calling "blog", the concept is the same: sorted feed of events which are published to network.
Are the blogs end-to-end encrypted? It seemed to imply that they are public.
Futo Circles describes what I'm after well: "a good way to share things with lots of people who don't all know each other, but they all know you."
This is where going a group is not what I'm after, as that's what Matrix would be good for.
This is where going a group is not what I’m after, as that’s what Matrix would be good for.
A XMPP room and a Matrix group are equivalent. You can, e.g, create a room, set it to "private" and only add the people you want to see your content.
As a matter of fact, I think you could have what you want even with a basic matrix client. This is actually what I do with my family: I didn't want to share pictures of my kids on Facebook, so I created a "Family" group and we use to talk and share pictures.
Yes, I'm saying Matrix doesn't satisfy my requirements of what I'm looking for, sadly :/
And I'm saying that your "end-to-end encryption" and "public timeline" requirements are conflicting. If you want e2ee, you will have to manage the rooms yourself. You can bet that even if you tried the Futo Circles client, you would still have to manage "who-can-access-what", which implies that the room/group abstraction is still there.
There's nothing conflicting about it. It's not a public timeline, it's "public" only to people you've added, no one else, including the server that would host your content.
Basically old Facebook (sharing just to your friends), without the spying, is what I'm asking for.
You would manage who can access what, by allowing/not allowing people to follow you
It's not a group abstraction, at least for the user, since you're not asking everyone to join the same group, and see each other's content. Only yours, and in turn theirs.
Matrix is basically a group chat with bells and whistles, which is really nice, but isn't what I'm looking for.
it’s “public” only to people you’ve added
Which means that you have a protected room!
You mentioned you are not a programmer, so maybe you are missing one key information: it only makes sense to talk about "end-to-end encryption" when the sender knows the recipient a priori. You can not simply broadcast a message to any unspecified "wide-audience" and have it "end-to-end encrypted".
It’s not a group abstraction, at least for the user, since you’re not asking everyone to join the same group,
Yes, you are. If you want the messages to be e2ee encrypted and which can not be spied by the server owner, you are in effect asking people "come join me on this room where we will have a shared secret to exchange messages privately".
I understand that you are thinking in terms of an unified view, but this is an UX matter. If you want only a selection of people to be able to decrypt your message, you will have to add them to a group that you will have to manage it, and Matrix/XMPP already provide these mechanisms.
decrypt your message, you will have to add them to a group that you will have to manage it
Yeah, I'll convince them to join a service/download an app, join a server etc, but not necessarily the same group (in the sense that they won't see each other's stuff, just mine and whoever else they add). The wide audience I'm talking about is all the people I add, not the whole internet.
I'm essentially proposing a mass e2ee encryption messaging service, with a UI that amalgamates it into a single feed AND that people can customise what they're notified for. (This is the concept upon with Futo circles is built, I'm not making this up our of whole cloth)
Like what Facebook is. Except, end to end encrypted.
Or hell, what WeChat moments is, except end-to-end encrypted.
Ok, I don't know how else to explain. What you are asking ("A public timeline that anyone can follow, except end-to-end encrypted") is physically impossible.
Like, really impossible. See if you spot the issue:
they won’t see each other’s stuff, just mine and whoever else they add
The wide audience I’m talking about is all the people I add
How would keep a single timeline where the messages you sent are only visible to your friends, but not visible to your friends' friends?
The answer is: you don't. You can not do that. You need to have a separate room for the contacts that you want to make your pictures available. Your contacts need each to have their own room for the contacts that they need to have available.
I’m essentially proposing a mass e2ee encryption messaging service, with a UI that amalgamates it into a single feed
To view the feed, yes you can consolidate all posts into one single view. But when you post something, you will need to define which rooms will see the content, and the message will be duplicated across the different rooms. You can bet that Futo does not gets rid of this abstraction.
Ok, I don't know how else to explain. What you are asking ("A public timeline that anyone can follow, except end-to-end encrypted") is physically impossible.
I never even said what you're quoting. I said a timeline anyone who you've connected with can follow. You're correcting me for something I haven't once asked for. I only tried correcting your misunderstanding of what I asked for.
How would keep a single timeline where the messages you sent are only visible to your friends, but not visible to your friends' friends?
The same way you can mass text people, and only the people you sent messages can see it but not each others responses? Unless they forward your messages, which there is no workaround, save for making it difficult with the UI. There doesn't need to be a way to prevent sharing your stuff. You choose to trust the people you add, there's no way around that.
The answer is: you don't. You can not do that. You need to have a separate room for the contacts that you want to make your pictures available. Your contacts need each to have their own room for the contacts that they need to have available.
Yes, I agree, in the backend. As mentioned, this is how Circles says it tackles the issue. And as mentioned, they will have a room each for every contact they add (in the backend).
To view the feed, yes you can consolidate all posts into one single view. But when you post something, you will need to define which rooms will see the content, and the message will be duplicated across the different rooms. You can bet that Futo does not gets rid of this abstraction.
No, I agree, Futo doesn't get rid of this abstraction, it's exactly how they do it in the back end.
I am asking for Facebook, but without the spying from Facebook, this is technically possible. It's been made, just sadly abandoned.
I don't know why you want to prove me wrong so badly: https://github.com/circles-project
Sorry, I think we were talking past each other.
When you were talking about "Matrix is not a good" , I was understanding that you meant that the protocol was not suitable for it. Now I see that your issue is not with matrix itself, but with its most popular clients, because none of them (unlike Futo circles) provide any sort of unified view of the different rooms.
I understand how it could be interesting to have this type of unified view if you really care about emulating "the Facebook experience", and perhaps it wouldn't be that difficult to implement that. In practice though, I think that you'd come up with the following conclusions:
- even if Futo Circles was still around, you'd still have a major challenge in convincing the people to create an account on a Matrix server.
- even if Futo Circles was still around, most people are not interested in getting all their social connections sorted in all these different buckets.
- even if Futo Circles was still around, you'd quickly realize that most people prefer the UX of separate group chats. There simply aren't that many "circles" for most users. You'd have a circle for your close friends, another for work/school colleagues, another for some common activity like gym/chess/book club, maybe a bigger circle for your neighborhood, etc... so it doesn't really provide a lot of helping when filtering things out in a timeline. The whole thing with "Circles" is interesting (and one of the most interesting features of Google+) but one of the reasons that Google+ failed was because and the UX of "browsing through the list of groups with new messages" is good enough for most people.
No worries, appreciate you taking the time to engage.
Yeah, getting people to adopt something new is challenging, but I've had some success with Signal, and this is sadly a problem no matter what
The social connections wouldn't have to be in different buckets, the app would give you a timeline of all your contacts posts by default (default behaviour on Facebook and Instagram, with public posts and ads baked in), and sorting into various buckets would be a choice users would make. As we discussed under the hood every contact would be technically in a separate matrix room with you, but the user is just presented with a unified timeline of posts they can interact with.
In terms of group chats, this is a subjective question. I'd argue the fact people post on their pages formally on Facebook and more commonly now on Instagram is evidence that people don't only want to use group chats. To me, group chats are mostly useful in a small group, and I already have signal and other messengers for this purpose.
The idea here, and what I wish was still being maintained, is a way to connect with people on social media without being forced to invite people into specific groups, just add them, and then they can see whenever you post, and comment on your posts etc. Without the requirement for you to filter anything if they don't want to, nor join specific groups of people.
i.e. I add 10 different people, they make posts, I see said posts from all 10 people in chronological order.
The app could optionally provide ways to sort your friends however you like (a feature which also used to be present on Facebook, not sure if it still is), but it's the optionality that is attractive.
It's much lower friction to say: "Hey, add me on XYZ social media app". Rather than, "join this specific group", which may not be suitable. Which is exactly how Facebook and Instagram work (and people frequently ask to add me on there still).
I realise the demand for this to be e2ee is not large, hence the lack of clients. But I'd argue the demand for this style of social media is huge, evidenced by the existence of Facebook and Instagram, which largely sees people posting things only to their followers/friends - just with Meta data mining you and advertising to you.
It’s much lower friction to say: “Hey, add me on XYZ social media app”.
only because of network effects. People are used to ask you to add them on FB or IG because literally a third of the world have an account there. Now go around asking them to add you on friendica or movim, they will probably just give you a blank stare.
Indeed, getting the network effect on your side is the hardest part.
But at least if something exists, we can make a start on converting people. And for me to be able to sell the experience, it'd be nice if I can say: hey join me on this network, it's like Facebook/Instagram, but the only people who will see your posts are your friends. Not even the server can see it.
(And ideally there's a sliding scale of how much it costs and various ways to host the content).
Currently, I haven't yet found an app that fits the description. I signed up for Movim, but encryption isn't default, and it's not entirely clear what exactly is being encrypted. Friendica is not e2ee either :/
No they are not end to end encrypted, but you can restrict access to subscribers only and if you self-host it, e2ee isn't really needed.
if you self-host it
This is antithetical to mass adoption if to get end-to-end encryption you need to self host :/
I'm not saying the service you've shared is bad, just it's not what I'm looking for
XMPP is a tried and tested e2ee standard.
There is mention of e2ee voice and video chat on the site.
This service seems very fully featured, and I can't quite tell from reading if it does support what I'm looking for, so I'll just have to give it a try!
Thanks for sharing it :)
The closest you'd get would be with Hubzilla or (streams). Or Forte if it wasn't experimental with no public instances yet. They even have file spaces with WebDAV on which you can upload files and then define who is permitted to see/access these files or the folders they're in.
However:
What you want isn't their default M.O. You'll have to get used to and think yourself into something with a learning curve that's even steeper than Friendica's. You'll have to learn and understand the permissions system, including giving nobody permission to see your connections. Ideally, all your connections would have to be smart enough to know how to to hide being connected to you from the public and to actually do so.
Encryption is optional and "uninstalled" by default for everyone, and it isn't even available on all server instances (it's up to the admin to activate that add-on, and then the user has to activate it, too). Also, it uses passphrases and not automatically generated key pairs.
Finally, if you insist in using it with a mobile app, you're completely out of luck. It's browser or PWA for all of them.
Hubzilla looks interesting, I'll give it a go, thanks!
For end to end encrypted photo sharing there are these two open source projects that also offer a for pay cloud storage:
The only Fediverse project that offers optional e2ee messages is Hubzilla afaik.
Yeah I've seen these photo storage apps, they are neato but not what I'm looking for unfortunately, and I already use Signal for e2ee messaging
Really wish Futo Circles wasn't abandoned :(
I'm surprised that you are ignoring the XMPP alternatives...
Doesn't seem to be what they are asking for, but I am also a bit confused about what exactly they are asking for.
A way to share things online, end-to-end encrypted to a wide-audience that knows you but doesn't necessarily know each other.
This is why messaging apps don't fulfil this requirement, and chat rooms (like Matrix) also don't fit.
Pixelfed dev was working on such app, named Sup, but it's not available anywhere for now as the focus is on pixelfed and Loops for the moment.
Oh neato, thanks for sharing. Hope some other kind soul takes it up (and takes my donation money :3)
With Friendica you have a picture gallery and can set for each picture whether it should be public or private; same with calendars. However, I can't say how private it will be from a technical point. You can also define contact circles.
Here on the Features list it says "Privacy with military encryption" but I don't know what that refers to exactly.
The direct messages are definitely more private than with Mastodon (they don't work with Mastodon). Sharkey / Misskey also have some.
Here is a good video introduction to Friendica : https://peertube.stream/w/p/1e4ebc30-d582-4067-97d8-3de59bdaf330?playlistPosition=1
Yeah I considered Friendica, but I believe it's not end-to-end encrypted :/
Thanks though!
Hubzilla certainly has the most options for privacy. But it is ‘not perfect’. More detailed here (in German):
"Full disclosure: The encryption that hubzilla uses by default is not absolutely watertight. There are known methods to circumvent it. However, this is very time-consuming and has to be done individually for each channel. And to be clear: Other services store your messages in plain text, so we see this approach as a significant improvement for your privacy. Furthermore, you are always free to use additional encryption and password protection if you wish. To explain this in more detail:
- each channel has its own key pair
- every non-public post is automatically encrypted
- optional password protection for content via crypto javascript, browser-to-browser encryption (must be enabled in settings) Full disclosure: A malicious hub administrator could inject malicious javascript code (e.g. keylogging capabilities) into the code. Encrypt our data with GPG, become a hub administrator yourself, or use other means of communication if that bothers you.
So what is the scope of security? To put it bluntly, it may be great, but it's not perfect."
I'm gonna investigate hubzilla further, cheers friend!