Egregoros

@phnt @benpate

> E2EE
> Fediverse

Complete and utter bullshit. Explain how they manage private keys. Not gonna happen. Their document skips this step and only discusses how to discover public keys. They're waiting until the last minute to solve this piece because it's the hardest part. How can you securely distribute them across every browser/session and app that people use to access Mastodon etc? If they were gonna copy Matrix's SSSS they'd have mentioned it

https://github.com/swicg/activitypub-e2ee/blob/main/architectural-variations.md

@feld @benpate I wonder what Soatok thinks of this after trying for years to wedge E2EE into ActivityPub. But ultimately, they went the easy route and chose MLS and AP as a dumb transport protocol.

They probably won't bother with proper key management and instead make it device-to-device, or copy the way OMEMO does it. Maybe with only publishing a new public key being possible by approving it from a device with an already published key.

I don't think any of this matters anyway as the whole concept is kinda useless when you already have 10+ secure messaging apps at your disposal.

@phnt @benpate good question. I think the reality will be more like

- flawed implementation, terrible rollout

- Mastodon and maybe Pixelfed support it (seems like something dansup would jump on)

- all the logic has to be in the client (or frontend)

alright. Now we've got an app store with a ton of shady looking fedi clients (we're that popular guys).

How long before any of those are modified to exfiltrate your keys? How long before the first incel server admin that wants to spy on some female account so they backdoor the FE to steal their keys next time they login?

As soon as one of those events happens, now trust is gone. So Mastodon has to restrict access to this feature to the official Mastodon app and the official Mastodon servers.

UHOH SPAGHETTI-O