GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 15-Feb-2026 01:56:10 JST Soatok Dreamseeker Soatok Dreamseeker

    Is End-to-End Encryption Optional For Large Groups?

    One of the recent topics in Messaging App Discourse is whether it makes sense to prioritize End-to-End Encryption when searching for an alternative to Discord. Who's Saying "No"? I'm going to quote 0xabad1dea here, because she is awesome and explains my "opposition" position better than anyone else: So You Want To Write An Open Source Discord Replacement Things you don’t need:

    http://soatok.blog/2026/02/14/is-end-to-end-encryption-optional-for-large-groups/

    In conversation about 5 months ago from furry.engineer permalink
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 15-Feb-2026 03:40:40 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Klay

      @nycki Absolutely not.

      In conversation about 5 months ago permalink
    • Embed this notice
      Klay (nycki@critters.gay)'s status on Sunday, 15-Feb-2026 03:40:44 JST Klay Klay
      in reply to

      @soatok@furry.engineer caveat: E2EE needs to be transferrable or off by default. OMEMO is very secure and also completely unusable because every time I transfer devices all my old messages are lost forever. I'm not going to keep using a system that routinely shoots my foot! I always end up turning it off.

      If there was a "history import" that decrypted and then re-encrypted my messages from another device, that would be a pretty good compromise I think.

      In conversation about 5 months ago permalink
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 15-Feb-2026 03:52:45 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to

      By the way, I've edited in a few more bits of information.

      My hope is that this blog post can make these discussions end and the work begin.

      In conversation about 5 months ago permalink

      Attachments


    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 15-Feb-2026 03:56:27 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Klay

      @nycki My stance is that history import/export is fucking trivial compared to the engineering work needed to make E2EE safe and ubiquitous, so I'm going to focus on the harder problem.

      In conversation about 5 months ago permalink
    • Embed this notice
      Klay (nycki@critters.gay)'s status on Sunday, 15-Feb-2026 03:56:29 JST Klay Klay
      in reply to

      @soatok@furry.engineer if history imports were a feature then I would agree, but until then I think E2EE will continue to be a footgun. So I guess I'm saying: yes, E2EE should be the standard but I'm not going to use or recommend a service that adds those before adding history import/export.

      In conversation about 5 months ago permalink
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 15-Feb-2026 06:34:14 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Björn Gohla
      • Klay

      @6d03 @nycki See: https://github.com/fedi-e2ee/public-key-directory-specification?tab=readme-ov-file#our-guiding-principles

      In conversation about 5 months ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
        GitHub - fedi-e2ee/public-key-directory-specification: Specification for a Fediverse Directory Server for Public Keys
        Specification for a Fediverse Directory Server for Public Keys - fedi-e2ee/public-key-directory-specification
    • Embed this notice
      Björn Gohla (6d03@mathstodon.xyz)'s status on Sunday, 15-Feb-2026 06:34:15 JST Björn Gohla Björn Gohla
      in reply to
      • Klay

      @nycki @soatok For a system designed from scratch, e2ee should be the only option.

      Bringing it to an existing heterogeneous systems with legacy participants, is harder, but possible; https is a case in point, email is the polar opposite.

      In conversation about 5 months ago permalink
    • Embed this notice
      Tom Bortels (tbortels@infosec.exchange)'s status on Sunday, 15-Feb-2026 06:40:49 JST Tom Bortels Tom Bortels
      in reply to

      @soatok

      I have an even simpler reason for why E2EE should simply be mandatory table stakes:

      Security is habits. If you consistently do things securely - you don't need to worry as much about mistakes causing an issue.

      I've historically done audit work in AWS. When someone says "do we encrypt EBS?" - the answer is yes. Always. "But what if we don't need it?" - irrelevant. If you always encrypt, it turns a week of audit questions about why you didn't encrypt into "yes it's all encrypted".

      If you use secure communications mechanisms with audited implementations and full end-to-end encryption - certain failure modes are greatly reduced or disappear entirely. Certain questions never need to be answered again. The impact of human mistakes on the part of the user are significantly reduced.

      If doing the right thing is a habit, it makes it harder to do the wrong one.

      I can't drive without a seatbelt. Feels weird. So "I forgot to put my seatbelt on" isn't a failure mode I need to think about. Habits. It's good to feel weird when you do the wrong thing.

      In conversation about 5 months ago permalink
    • Embed this notice
      Litchralee_v6 (litchralee_v6@ipv6.social)'s status on Sunday, 15-Feb-2026 11:57:08 JST Litchralee_v6 Litchralee_v6
      in reply to

      To be abundantly clear, E2EE doesn't magically avoid copyright claims, and Section 230 protests the host whether they do moderation or don't (due to E2EE, for example). And physical theft would be addressed by encryption-at-rest.

      But my point is that I drafted the threat model wrong, having missed other threats in addition to political targeting. I have more homework to do before committing to a plan.

      @soatok's post today reminds me to be humble in my designs.

      In conversation about 5 months ago permalink
    • Embed this notice
      Litchralee_v6 (litchralee_v6@ipv6.social)'s status on Sunday, 15-Feb-2026 11:57:10 JST Litchralee_v6 Litchralee_v6
      in reply to

      @soatok After your earlier post, I was dead-set on drafting a plan to transition my friends' Discord group to a self-hosted service. Convinced that this group's threat model was not particularly heavy, I didn't think E2EE was necessary.

      Then I thought about how the host would deal with aspects like copyright claims, Section 230, ISP meddling, and physical theft.

      Then I saw this latest post today, and find it persuasive that E2EE is necessary after all. I must redraft the threat model now.

      In conversation about 5 months ago permalink
      Soatok Dreamseeker repeated this.
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 15-Feb-2026 13:36:00 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Bloo (they/she) 🍓 🏳️‍⚧️ 🍉

      @QueerMatters Encrypted search isn't as doomed as you think!

      https://soatok.blog/2023/03/01/database-cryptography-fur-the-rest-of-us/#searchable-encryption

      In conversation about 5 months ago permalink
    • Embed this notice
      Bloo (they/she) 🍓 🏳️‍⚧️ 🍉 (queermatters@mstdn.social)'s status on Sunday, 15-Feb-2026 13:36:02 JST Bloo (they/she) 🍓 🏳️‍⚧️ 🍉 Bloo (they/she) 🍓 🏳️‍⚧️ 🍉
      in reply to

      @soatok Yess!!! Couldn't agree more. I guess the biggest downside is the search limitations. But honestly? This is no deal breaker for me.

      As you noted: I don't want server operators to be at risk for this stuff.

      I think the challenge with a Discord clone thats fully E2EE would be one of UX: how do we avoid users taking a false sense of security from the E2EE in public chats etc.

      My hopes are that Fluxer may fit this bill eventually.

      In conversation about 5 months ago permalink

      Attachments


    • Embed this notice
      James M. (jamesmarshall@sfba.social)'s status on Sunday, 15-Feb-2026 15:14:35 JST James M. James M.
      in reply to

      @soatok "Secure end-to-end encryption needs to become table stakes for communication software."

      Exactly! I've been trying to advocate for this for a decade. E2ee should just be baked into everything by default, because we can and there's no reason not to.

      In conversation about 5 months ago permalink
    • Embed this notice
      abadidea (0xabad1dea@infosec.exchange)'s status on Sunday, 15-Feb-2026 17:17:19 JST abadidea abadidea
      in reply to

      @soatok it was very kind of you not to tag me 😂

      (in all seriousness, it’s a lot more pleasant to be disagreed with by an actual expert who wants to converge on the best outcome for users in general than by random ideological puritans)

      In conversation about 5 months ago permalink
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Sunday, 15-Feb-2026 17:17:19 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • abadidea

      @0xabad1dea Agreed <3

      In conversation about 5 months ago permalink
    • Embed this notice
      👽🐦🦇🐉💻 (loganer@mastodon.social)'s status on Monday, 16-Feb-2026 00:25:47 JST 👽🐦🦇🐉💻 👽🐦🦇🐉💻
      in reply to

      @soatok
      even if you have end-to-end encryption, you can still be quite vulnerable.

      it doesn't protect the data or the ends themselves, only the transportation of the data.
      if you're really serious you'll want to encrypt the data itself seperately from the encryption for the transportation.

      In conversation about 5 months ago permalink

      Attachments


    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Monday, 16-Feb-2026 00:25:47 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • 👽🐦🦇🐉💻

      @loganer Uh, that's what I'm proposing

      In conversation about 5 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.