There aren’t serious technical obstacles but it may be a poor idea if it turns into a hive of abuse. I got into a discussion about implementing forum software a while back and I said I wanted it to have encrypted DM’s, and several operators jumped in and said it would probably attract more trouble than it was worth. People wanting direct private comms can always use encrypted email. On Reddit whenever I wanted to discuss anything the least bit private, I generally asked to exchange email addresses with the person or similar, and went from there in some cases to a self hosted encrypted chat.
Anyway this feature should be weighed somewhat carefully. Are you going to do the thing with warrant canaries? Any attempt at all to conceal metadata? Etc.
Yeah i am not a fan of services trying to cover all needs that people might ask for. This is a public forum system, if you start adding things like this to it, the protocol will become bloated real fast.
Also idk how they want to implement this, but proper multi client e2ee is complicated as fuck. Are they going to store keys in the browser? How will it work with non official clients? How do keys get transferred between clients?
This is a hugely time intensive project and if you fuck it up, people will be more mad than if you just didnt do it.
It’s less a technical problem than one of attracting bad actors, then law enforcement chasing the bad actors, warrants, subpoenas, seizures, that whole bit. Think of running a Tor exit oode. If that’s what you want to do and you go into it wth your eyes open, then fine, but sleepwalking into it seems like something to avoid.
But it also sounds like a fuller alternative to what the big guys offer. And in the long run it would make it a well rounded space and protocol.
It’s too bad that it sounds like it both isn’t straightforward to implement properly, and attracts heat.
I wish them luck. Privacy and security would be great. People do use these spaces as direct messaging platforms. Even if it’s not the best all around idea. As social spaces evolve, the way people message evolves too. Making it secure earlier in that cycle is good.
Lemmy (at least lemmy.world) has relatively little appetite for edgy content even compared to reddit. Look at the communities and instances that have been banned already.
It may be worthwhile to offer secure deletion of stored DM’s after some interval, even if they are stored in the clear. I posted some code for that a long time ago. Maybe I can dust it off of rewrite it.
I just feel like the obvious choice is to build a system to seamlessly connect from activitypub to an existing secure messaging platform. Reinventing the wheel like this is just a waste of resources imo.
It’s somewhat private. Like when you enter your email address to make a Lemmy account, the address is stored on the server. The admins can see it and it could potentially escape in a server breach, but it is not intentionally made public. So most of us don’t worry. The interest in encrypting pm’s is that they can potentially be more sensitive than email addresses.
There aren’t serious technical obstacles but it may be a poor idea if it turns into a hive of abuse. I got into a discussion about implementing forum software a while back and I said I wanted it to have encrypted DM’s, and several operators jumped in and said it would probably attract more trouble than it was worth. People wanting direct private comms can always use encrypted email. On Reddit whenever I wanted to discuss anything the least bit private, I generally asked to exchange email addresses with the person or similar, and went from there in some cases to a self hosted encrypted chat.
Anyway this feature should be weighed somewhat carefully. Are you going to do the thing with warrant canaries? Any attempt at all to conceal metadata? Etc.
Yeah i am not a fan of services trying to cover all needs that people might ask for. This is a public forum system, if you start adding things like this to it, the protocol will become bloated real fast.
Also idk how they want to implement this, but proper multi client e2ee is complicated as fuck. Are they going to store keys in the browser? How will it work with non official clients? How do keys get transferred between clients?
This is a hugely time intensive project and if you fuck it up, people will be more mad than if you just didnt do it.
It’s less a technical problem than one of attracting bad actors, then law enforcement chasing the bad actors, warrants, subpoenas, seizures, that whole bit. Think of running a Tor exit oode. If that’s what you want to do and you go into it wth your eyes open, then fine, but sleepwalking into it seems like something to avoid.
That really does sound like a bag of hurt.
But it also sounds like a fuller alternative to what the big guys offer. And in the long run it would make it a well rounded space and protocol.
It’s too bad that it sounds like it both isn’t straightforward to implement properly, and attracts heat.
I wish them luck. Privacy and security would be great. People do use these spaces as direct messaging platforms. Even if it’s not the best all around idea. As social spaces evolve, the way people message evolves too. Making it secure earlier in that cycle is good.
Lemmy (at least lemmy.world) has relatively little appetite for edgy content even compared to reddit. Look at the communities and instances that have been banned already.
It may be worthwhile to offer secure deletion of stored DM’s after some interval, even if they are stored in the clear. I posted some code for that a long time ago. Maybe I can dust it off of rewrite it.
I just feel like the obvious choice is to build a system to seamlessly connect from activitypub to an existing secure messaging platform. Reinventing the wheel like this is just a waste of resources imo.
On Lemmy you can’t exchange email addresses though… else you’d be exposing the addresses publicly and that’s also rife for spam
Of course you can PM your email address to someone. It’s not encrypted but it’s not exactly public in the sense that spammers can see it.
I was under the impression it wasn’t even truly private, nevermind encrypted. Not actually sure how it works though
It’s somewhat private. Like when you enter your email address to make a Lemmy account, the address is stored on the server. The admins can see it and it could potentially escape in a server breach, but it is not intentionally made public. So most of us don’t worry. The interest in encrypting pm’s is that they can potentially be more sensitive than email addresses.
So the worry is that people will be abusive in private messages and mods will have no chance to moderate that talk?
Yes basically. And also use the pm system for literal crime, bringing heat on the admins.