Johannes Ernst
Good call this morning about adding end-to-end encryption to the ActivityPub ecosystem. Thanks @evan for spearheading this!
IMHO we should use the latest and greatest open E2E protocols (that's probably the IETF's MLS), be as widely interoperable with other secure messaging systems as possible, invent as little as possible, but make the user experience as seamless as DMs in Twitter.
Evan Prodromou
@J12t so, I think the rough architecture will be that we adapt an abstract protocol using ActivityPub as a low-level layer.
That would mean adding new ActivityPub types and properties that would be transmitted over the network. It might also mean additional collections or other properties, probably discoverable through the actor, with fallbacks using the default API.
Evan Prodromou
@J12t I think the three leading candidates for the abstract protocol are:
- OpenPGP. Very straightforward, easiest to implement.
- Signal. Much more complex, not a formal standard, but very widely used for messaging.
- MLS. Also complex. A formal standard. Much less widely used.
My big concern is that if we choose a complex abstract protocol, very few developers will implement it. I'd rather have something less featureful and widely implemented than something fancy that nobody uses.
Evan Prodromou
@J12t I don't think that's the case. I believe at least WhatsApp has said that they're sticking with Signal protocol, and will only interop with systems that implement it. So going with MLS will shut that door for us.
Johannes Ernst
@evan MLS is new, so of course it's less implemented. I would expect that adoption grows and assume that due to EU impact it ends up being the most widely used interop protocol for secure one-and-one and group messaging. (That's a bet/belief at this point, we can't know.)
I would expect that developers should not really implement it anyway, but use well-reviewed libraries. Too easy to get security wrong.
Evan Prodromou
@thisismissem @J12t no, it's not. It abstracts out the lower layer for delivery.
Emelia 👸🏻
@J12t @evan if I understand MLS correctly, it's a binary protocol?
Evan Prodromou
@J12t https://engineering.fb.com/2024/03/06/security/whatsapp-messenger-messaging-interoperability-eu/
Evan Prodromou
@J12t yeah, I also don't think it's possible for them to switch easily.
MLS does handle groups better, agreed.
I guess I feel like giving up that opportunity to have end-to-end messages bridged to so many platforms is something we need to do very carefully, and definitely not because MLS is newer.
I've got a do with a breakdown of some key abstract protocols and how they can work on top of AP. I will push it next week.
Johannes Ernst
@evan I read this as "this is what we do to make the EU happy [right now]" rather than a statement of direction. On the other hand, due to network effects it might actually get "stuck" there which would support your point.
My understanding is that MLS adds a few features to what Signal can do, such as supporting large groups. But it might not be in the business interest of Meta to make interop as capable as possible...
jokeyrhyme
locked/non-public posts are only viewable by people who are following me, and I can set my account so that new followers have to be approved by me first, right?
end-to-end encryption for this use case (1-to-n-approved-followers) does close an important gap where users currently have to trust server operators
or is this discussion about 1-1 private messages?
Evan Prodromou
@jokeyrhyme @J12t private message
Evan Prodromou
https://swicg.github.io/activitypub-e2ee/integration-models.html
jokeyrhyme
1-1 private messages (with end-to-end encryption) seems like it would be good for folks expecting a Twitter experience
I can see this being a valuable feature in a social media app, but I'm a little ambivalent about 1-1 features fitting/belonging in the Activity Pub specification
Could social media apps not cohesively implement both Activity Pub for the 1:n features and some other protocol (Signal, Whisper, etc) for the 1:1 features?
jokeyrhyme
Evan Prodromou
@jokeyrhyme @J12t thanks! I've been working on this issue for a couple of months now.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.