the solution to admins reading your DMs is to set up Quantum Key Distribution following the BB84 algorithm and apply OTP to all your posts
Conversation
Notices
-
Embed this notice
Suwul (susul@misskey.heonian.org)'s status on Thursday, 22-Feb-2024 00:55:41 JST 
Suwul
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 00:55:40 JST
SuperDicq
@susul@misskey.heonian.org Or you can just sign up on an instance with an admin that's not an asshole and your DMs won't be read.
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 01:07:51 JST
SuperDicq
@Hyolobrika@social.fbxl.net I disable. Encryption should only exist in places where it makes sense.
Encrypting stuff comes with a lot of drawbacks. Like you need to find a way to exchange keys safely. You need to always keep track of your keys because if you lose them you lose everything you ever did. It's also a nightmare to sync stuff between various devices properly without leaking those keys. And it often makes things a lot slower (depending on application).
Also if you try to apply encryption to everything everywhere you end up with stupid shit like NFTs.
And to use the fediverse you "shouldn't have to trust people". If you don't know anyone who hosts a fediverse instance that you trust you can always host your own instance, no trust required.Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Hyolobrika (hyolobrika@social.fbxl.net)'s status on Thursday, 22-Feb-2024 01:07:52 JST 
Hyolobrika
Fuck no. You shouldn't have to trust people. End-to-end encryption should be everywhere. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 01:21:36 JST
SuperDicq
@Hyolobrika@social.fbxl.net How have humans bonded and formed relations throughout the entire history of mankind?
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Hyolobrika (hyolobrika@social.fbxl.net)'s status on Thursday, 22-Feb-2024 01:21:37 JST
Hyolobrika
How are you supposed to know that your admin's not an asshole anyway? Telepathy? -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 01:29:21 JST
SuperDicq
@Hyolobrika@social.fbxl.net If you wanted to implement encryption on the fediverse how would you implement it?
Would you turn it into an addon like GPG for email? Where you first have to validate each other's keys using another third party service or meeting face to face.
How will you sync your keys between various different sessions and devices in such a way that you can always view your entire message history?
How will you protect other data, that is potentially more sensitive than the contents of your message, such as metadata? How are you gonna make sure the server admin sees any of those?
If you can solve all of these challenges without giving everyone massive inconveniences then you can convince me that encryption on the fediverse is a good idea. -
Embed this notice
Hyolobrika (hyolobrika@social.fbxl.net)'s status on Thursday, 22-Feb-2024 01:29:23 JST
Hyolobrika
By interacting with them over a long period of time face to face. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 05:54:20 JST
SuperDicq
@Haijo7@snac.haijo.eu @Hyolobrika@social.fbxl.net Legally speaking this isn't possible because because all most fediverse software is licensed under the AGPL, so if you run a modified version you will have to give the sourcecode to your users.
But things being illegal hasn't stopped anyone before.Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haijo7 (haijo7@snac.haijo.eu)'s status on Thursday, 22-Feb-2024 05:54:21 JST 
Haijo7
@Haijo7@snac.haijo.eu @SuperDicq@minidisc.tokyo @Hyolobrika@social.fbxl.net this can ofc still be bypassed if an admin modifies the source code, so it's kind of pointless to implement this Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haijo7 (haijo7@snac.haijo.eu)'s status on Thursday, 22-Feb-2024 05:54:23 JST
Haijo7
@SuperDicq@minidisc.tokyo @Hyolobrika@social.fbxl.net it should in theory be possible to store a private key on the server if the key is encrypted using the password of the user. Even tho an admin can take control of someone's account, they wouldn't be able to read any chat history. But that also goes for people who forgot their password -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 06:00:51 JST
SuperDicq
@phnt@fluffytail.org @Hyolobrika@social.fbxl.net @susul@misskey.heonian.org Yeah that's kinda the point I'm trying to make.
Honestly for actual private conversations I would use GNU Jami or Tox instead because they are peer to peer. Unlike XMPP or Matrix where servers could still track your metadata. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 22-Feb-2024 06:00:53 JST 
Phantasm
@Hyolobrika @SuperDicq @susul That's a good point and one of the biggest reasons why any DM system shouldn't be used for private messaging that's not expected to leak someday. If you want to talk to some securely, use XMPP/Signal/Matrix and other options that allow that. No DM system will ever be private, because server/DB breaches can happen.
You could send encrypted messages via a DM, but at that point you are reinventing OpenPGP encryption via email. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 06:26:48 JST
SuperDicq
@Haijo7@snac.haijo.eu @Hyolobrika@social.fbxl.net There's technically no laws on how you have to store passwords, you can store passwords in plaintext as administrator.
But you are liable if this data gets stolen or abused, so nobody stores passwords in plaintext. -
Embed this notice
Haijo7 (haijo7@snac.haijo.eu)'s status on Thursday, 22-Feb-2024 06:26:49 JST
Haijo7
@SuperDicq@minidisc.tokyo @Hyolobrika@social.fbxl.net an admin could also add some kind of proxy that logs passwords when people log in or create an account, which would bypass everything without breaking the law (I think?) -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 07:56:15 JST
SuperDicq
@Hyolobrika@social.fbxl.net Good p2p systems are distributed over nodes like onion routing so yes each node can track metadata but you will never get a complete picture.
-
Embed this notice
Hyolobrika (hyolobrika@social.fbxl.net)'s status on Thursday, 22-Feb-2024 07:56:16 JST
Hyolobrika
Doesn't p2p mean anyone can track metadata? -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 08:14:44 JST
SuperDicq
@Hyolobrika@social.fbxl.net That's true, maybe I bad examples because they do not use onion routing
-
Embed this notice
Hyolobrika (hyolobrika@social.fbxl.net)'s status on Thursday, 22-Feb-2024 08:14:45 JST
Hyolobrika
And those applications use onion routing? I thought the onion routing applications were Session and Briar, not Tox and Jami.
Jami uses a centralised ENS gateway to resolve names last time i checked. https://docs.jami.net/en_US/developer/name-server-protocol.html. So every time you add someone to your list, the server knows about it. -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 08:15:34 JST
SuperDicq
@Hyolobrika@social.fbxl.net Tox does use onion tunnels actually
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 08:17:53 JST
SuperDicq
@Hyolobrika@social.fbxl.net The case of Tox is complicated. It uses temporary DHT for bootstrapping and then switches to onion routing I believe.
Been a while since I looked into this stuff tho. -
Embed this notice
Hyolobrika (hyolobrika@social.fbxl.net)'s status on Thursday, 22-Feb-2024 08:17:54 JST
Hyolobrika
Don't Tox and Jami just use regular DHTs? -
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 08:18:24 JST
SuperDicq
@Hyolobrika@social.fbxl.net I could be saying complete misinformation right now.
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 08:21:01 JST
SuperDicq
@Hyolobrika@social.fbxl.net Also as far as my understanding goes on Jami you can see the IPs of nodes through DHT, but there's not much metadata to be collected as you can't really see who is interacting with who.
-
Embed this notice
SuperDicq (superdicq@minidisc.tokyo)'s status on Thursday, 22-Feb-2024 08:36:43 JST
SuperDicq
@Hyolobrika@social.fbxl.net Only their initial discovery. After that is over the connection is only P2P I think.
Anyway I don't know too much about P2P messengers. There's probably other people who are smarter than me who can talk about the deep fundamental differences between Jami, Tox, Session and Briar. -
Embed this notice
Hyolobrika (hyolobrika@social.fbxl.net)'s status on Thursday, 22-Feb-2024 08:36:44 JST
Hyolobrika
I always thought how DHTs (and P2P in general) worked was that you could see everyone interacting with everyone.
-
Embed this notice
All GNU social JP content and data are available under the