this post was submitted on 03 May 2024
384 points (99.5% liked)

Fediverse

27732 readers
412 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
384
Encrypted DMs Are Coming to ActivityPub (wedistribute.org)
submitted 4 months ago by [email protected] to c/[email protected]
41 comments fedilink hide all child comments
top 41 comments
sorted by: hot top controversial new old
[–] [email protected] 60 points 4 months ago (3 children)

There aren't serious technical obstacles but it may be a poor idea if it turns into a hive of abuse. I got into a discussion about implementing forum software a while back and I said I wanted it to have encrypted DM's, and several operators jumped in and said it would probably attract more trouble than it was worth. People wanting direct private comms can always use encrypted email. On Reddit whenever I wanted to discuss anything the least bit private, I generally asked to exchange email addresses with the person or similar, and went from there in some cases to a self hosted encrypted chat.

Anyway this feature should be weighed somewhat carefully. Are you going to do the thing with warrant canaries? Any attempt at all to conceal metadata? Etc.

[–] [email protected] 31 points 4 months ago (1 children)

Yeah i am not a fan of services trying to cover all needs that people might ask for. This is a public forum system, if you start adding things like this to it, the protocol will become bloated real fast.

Also idk how they want to implement this, but proper multi client e2ee is complicated as fuck. Are they going to store keys in the browser? How will it work with non official clients? How do keys get transferred between clients?

This is a hugely time intensive project and if you fuck it up, people will be more mad than if you just didnt do it.

[–] [email protected] 18 points 4 months ago (1 children)

It's less a technical problem than one of attracting bad actors, then law enforcement chasing the bad actors, warrants, subpoenas, seizures, that whole bit. Think of running a Tor exit oode. If that's what you want to do and you go into it wth your eyes open, then fine, but sleepwalking into it seems like something to avoid.

[–] [email protected] 12 points 4 months ago* (last edited 4 months ago) (2 children)

That really does sound like a bag of hurt.

But it also sounds like a fuller alternative to what the big guys offer. And in the long run it would make it a well rounded space and protocol.

It’s too bad that it sounds like it both isn’t straightforward to implement properly, and attracts heat.

I wish them luck. Privacy and security would be great. People do use these spaces as direct messaging platforms. Even if it’s not the best all around idea. As social spaces evolve, the way people message evolves too. Making it secure earlier in that cycle is good.

[–] [email protected] 7 points 4 months ago

Lemmy (at least lemmy.world) has relatively little appetite for edgy content even compared to reddit. Look at the communities and instances that have been banned already.

It may be worthwhile to offer secure deletion of stored DM's after some interval, even if they are stored in the clear. I posted some code for that a long time ago. Maybe I can dust it off of rewrite it.

[–] [email protected] 6 points 4 months ago

I just feel like the obvious choice is to build a system to seamlessly connect from activitypub to an existing secure messaging platform. Reinventing the wheel like this is just a waste of resources imo.

[–] [email protected] 4 points 4 months ago (1 children)

On Lemmy you can't exchange email addresses though... else you'd be exposing the addresses publicly and that's also rife for spam

[–] [email protected] 1 points 4 months ago (1 children)

Of course you can PM your email address to someone. It's not encrypted but it's not exactly public in the sense that spammers can see it.

[–] [email protected] 3 points 4 months ago (1 children)

I was under the impression it wasn't even truly private, nevermind encrypted. Not actually sure how it works though

[–] [email protected] 2 points 4 months ago

It's somewhat private. Like when you enter your email address to make a Lemmy account, the address is stored on the server. The admins can see it and it could potentially escape in a server breach, but it is not intentionally made public. So most of us don't worry. The interest in encrypting pm's is that they can potentially be more sensitive than email addresses.

[–] [email protected] 1 points 4 months ago (1 children)

So the worry is that people will be abusive in private messages and mods will have no chance to moderate that talk?

[–] [email protected] 1 points 4 months ago

Yes basically. And also use the pm system for literal crime, bringing heat on the admins.

[–] [email protected] 35 points 4 months ago (1 children)

finally. cant wait to receive dozens of P U S S Y I N B I O messages

[–] [email protected] 7 points 4 months ago

Gotta love protected sex

[–] [email protected] 30 points 4 months ago (2 children)

Make it so users can opt out and not be sent messages at all. I have a feeling spam thats harder to moderate is coming.

[–] [email protected] 14 points 4 months ago* (last edited 4 months ago) (2 children)

If it's with asymmetric encryption, wouldn't it be possible for the report button to generate a key based on their private key which can only be used to decrypt the given message?

[–] [email protected] 4 points 4 months ago (1 children)

Sounds like you know more about encryption than I do, I would hope they can do that but I still think a full off switch for users would be wise though.

[–] [email protected] 7 points 4 months ago (1 children)

Yeah, end to end encryption means its not possible for someone to intercept the message between person A and person B. Nothing stops person B then forwarding the message to person C to report it.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (1 children)

Yeah as long as theres an (practically) unfalsifiable way to forward the message that sounds very useful, which sounds like there is based on the response to my first comment.

[–] [email protected] 3 points 4 months ago (1 children)

Typically end to end encryption includes digital signing of the message so you can verify who the sender was.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (2 children)

Been forever since I did any work with cryptography, but if my memory is correct:

Alice needs Bob’s public key to verify a signed message from Bob haven’t been altered;

Bob needs Alice’s public key to encrypt a message that can only be decrypted by Alice;

If Bob sends Alice a message encrypted with Alice’s public key, signed with Bob’s private key, containing “Hello, how are you?” ; this message could be verified as authentic by Charlie using Bob’s public key but Charlie cannot see the contents of the message as Charlie does not have Alice’s private key.

Without Alice disclosing their private key, how can Charlie review the content of a reported message from Alice claiming Bob sent them something inappropriate?

I.e. how can Charlie be certain if Alice claims Bob sent “cats are evil” when Charlie cannot decrypt the original message, only verify the original message have not been altered via Bob’s public key.

[–] [email protected] 2 points 4 months ago

Aha! Something just clicked — been thinking continuously since before the original reply. The answer is … more signing and maybe even more keys!

A message would be signed multiple times.

If Bob wants to send Alice “Hello, how are you?” the plain text would be signed with Bob’s general private key that could be verified with Bob’s general public key. This would allow Alice to forward this message to anyone while they could still verify it did indeed came from Bob.

The plain text and signature is then encrypted with one of Alice’s public keys, so only Alice could decrypt it to see the message and signature. This may be a thread specific key pair for Alice so they’re not re-using same keys between different threads.

The encrypted message is then again signed by Bob, using one of Bob’s private key, so that Alice can know the encrypted message has not been altered. This here could also be the thread specific key as noted above.

If Alice were to report Bob, Alice will need to include both the plaintext and the internal signature. This way the internally signed message could be reviewed if the plaintext and signature were forwarded to moderation for review by Charlie (just need to verify the signature against plaintext with Bob’s public key), while the exchange should be secure to only Alice and Bob.

Et voila!

[–] [email protected] 2 points 4 months ago (1 children)

It's been a while since I've had to touch it too. But couldn't Alice provide Charlie with both the plain text and her public key. Charlie could then encrypt the text and see it came out the same as blob Bob sent Alice?

[–] [email protected] 1 points 4 months ago

I think this might work, I haven’t done it for too long to know for certain if two same plain text encrypted with two same public key would yield two identical encrypted blobs.

I’ve self replied another possible implementation, that I’m pretty proud of figuring out literally 1AM. If you have time, please do give it a glance and see if you can spot any weakness.

[–] [email protected] 1 points 4 months ago (1 children)

Or just send them the message in plain text, since you're showing it to somebody else anyway.

But I think the issue is there's no way for your instance to stop you getting the spam as they've no idea what it is until you unlock it.

I guess the best they could do is block messages from a certain user/instance but since you can generate as many accounts as you want, it's hard to tell how effective that could be.

[–] [email protected] 3 points 4 months ago* (last edited 4 months ago) (1 children)

If you send them the message in plain text they have no way of verifying you aren't just making it up to get someone you don't like banned. Keeping it encrypted means they know the sender wrote it.

[–] [email protected] 2 points 4 months ago (1 children)

Only if the sender signed it. I presume the system does that anyway so you can be sure who sent something.

It could be sent plaintext as long as the senders signature was intact.

[–] [email protected] 3 points 4 months ago

That's a good idea. Send message > Message signed and sent > Receiver opens message, signature bits are hidden, but clicking report sends plaintext with signature included. Only ends up in report queue if signature is valid.

[–] [email protected] 3 points 4 months ago

Yeah, it would be nice to not end up like Reddit, where every day brought a new crypto scam my way.

[–] [email protected] 13 points 4 months ago

That seems good.

[–] [email protected] 10 points 4 months ago* (last edited 4 months ago)

Here's to hopping lemmy implements it cause frankly the using matrix idea isn't to my liking . Reasons : I don't wanna connect another id to an internet forum where any troll can get it, Its easier and better and would solve a major security issue lemmy has, i think matrix is a hot mess for now .

[–] [email protected] 9 points 4 months ago

Finally I can accept pictures of all my e friends dinguses

[–] [email protected] 6 points 4 months ago (1 children)

I think they should use matrix

[–] [email protected] -2 points 4 months ago

Agreed. There's no need to reinvent the wheel.

Anti Commercial-AI license

[–] [email protected] 5 points 4 months ago

Hallelujah

[–] [email protected] 4 points 4 months ago

The real question is whether Evan & Tom will take sup's way of working into account when researching this, or go in a completely different direction.

[–] [email protected] 1 points 4 months ago

I really hope this would end up as just security extension, to additionally encrypt something because we can. And not another reinventing of the chat network.

[–] [email protected] 0 points 4 months ago (1 children)

"Encrypted DMs"

isn't that just a longer way of saying "PM"?

[–] [email protected] 15 points 4 months ago

PMs today aren't really private as in E2EE. They're private as in only you, the receiver and the "trust me bro" company can see them. In special data breach cases, the attacker as well.

[–] [email protected] 0 points 4 months ago

Keeping messages is a recipe for backdoors. There's a reason signal does not store DMs long term.

[–] [email protected] -1 points 4 months ago

please just offer good matrix integration and be done with it