"Posts on Mastodon are not end-to-end encrypted." Neither are email messages or SMS.
Conversation
Notices
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Wednesday, 15-Mar-2023 08:56:13 JST 
Evan Prodromou
-
Embed this notice
mcc (mcc@mastodon.social)'s status on Wednesday, 15-Mar-2023 10:04:03 JST 
mcc
@evan maybe there should be a warning message on those too
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Wednesday, 15-Mar-2023 10:04:03 JST
Evan Prodromou
@mcc ¯\_(ツ)_/¯
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Wednesday, 15-Mar-2023 10:08:29 JST
Evan Prodromou
I will say that some of the smartest people working on Mastodon and the fediverse right now are working on this very problem, and I'm pretty excited to see it become part of the stack.
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Wednesday, 15-Mar-2023 10:49:33 JST
Evan Prodromou
-
Embed this notice
Gabe Kangas (gabek@social.gabekangas.com)'s status on Wednesday, 15-Mar-2023 10:49:35 JST 
Gabe Kangas
@evan I use Fediverse direct (mentioned only) messages for authentication in Owncast. Having these messages e2e encrypted would be a huge plus for this particular case. How do I get involved with this on a Fediverse (not Mastodon) level? At least I'm hoping it's not Mastodon only thing. Evan Prodromou repeated this. -
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Wednesday, 15-Mar-2023 12:12:07 JST
Evan Prodromou
@tk any day now
-
Embed this notice
tk (tk@f.kawa-kun.com)'s status on Wednesday, 15-Mar-2023 12:12:10 JST 
tk
@evan We should all be using PGP for e-mail. -
Embed this notice
Phillip Hallam-Baker (hallam@infosec.exchange)'s status on Wednesday, 15-Mar-2023 12:56:56 JST 
Phillip Hallam-Baker
@gabek @evan I think I have something that can fit your requirements.
I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.
Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.
I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.
The Mesh is an open service so anyone can run a Mesh service, users of one service can interact with users of any other service just like with SMTP email. It is also possible for users to switch from one provider to another without switching costs. All the specs are open and the reference code is open source.
The protocol suite currently supports 2FA, contact exchange, bookmarks and password management, all completely E2E secure with a 2120 or better work factor throughout. It is not currently PQC but that can be added later.
My long term goal is to allow each Internet user to obtain permanent personal identifiers which do not expire or require any renewal fees. It is not possible to do this for free at a global level and do it right. But I can do it to an absurd degree of fidelity for $0.10 per name which seems fair in comparison to the cost of ICANN names. We will have to spin up a not for profit to manage that and stop people turning it into another yacht buying fund.
-
Embed this notice
IllTemperedCaviar (cswalker21@mastodon.online)'s status on Thursday, 16-Mar-2023 01:48:37 JST 
IllTemperedCaviar
@evan someone ELI5 why I would need to encrypt my post to a public forum?
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Thursday, 16-Mar-2023 01:48:37 JST
Evan Prodromou
@cswalker21 if you're sending a direct message to another person that you don't want others to read.
-
Embed this notice
GNU Too (gnu2@gnusocial.jp)'s status on Thursday, 16-Mar-2023 05:08:57 JST 
GNU Too
@evan i have to admit that I've been surprised how many tooters automatically assumed any direct messaging service was. -
Embed this notice
Dr. Matt Lee ?:verified: (mattl@social.mat.tl)'s status on Saturday, 18-Mar-2023 08:21:15 JST 
Dr. Matt Lee ?:verified:
@evan They are if you embrace secrets
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Saturday, 18-Mar-2023 08:29:37 JST
Evan Prodromou
@mattl if you what what
-
Embed this notice
Dr. Matt Lee ?:verified: (mattl@social.mat.tl)'s status on Saturday, 18-Mar-2023 08:49:41 JST
Dr. Matt Lee ?:verified:
@evan ?
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Saturday, 18-Mar-2023 08:55:13 JST
Evan Prodromou
@mattl WHAAAAAAAAT
-
Embed this notice
Dr. Matt Lee ?:verified: (mattl@social.mat.tl)'s status on Saturday, 18-Mar-2023 09:01:42 JST
Dr. Matt Lee ?:verified:
@evan Jdjdedhshdjejdhhsjakkdshrhahdhhdhswufysushwhwjsjdjjweyyehehzhzhjskeihshaj (this just says hi, not a perfect system)
-
Embed this notice
Evan Prodromou (evan@prodromou.pub)'s status on Sunday, 19-Mar-2023 01:00:03 JST
Evan Prodromou
-
Embed this notice
:heart_pan: jo (jph@mstdn.social)'s status on Sunday, 19-Mar-2023 01:00:04 JST 
:heart_pan: jo
Uryyb pna lbh urne zr guvf vf irel frperg cyf qba’g gryy
-
Embed this notice
All GNU social JP content and data are available under the