Back

@evan I like your suggestion for handling secret keys. (in your blog post on the topic)

For the love of all that is sacred, don't drop the idea of user-controlled secret keys. =)

@panos please comment! I think it helps.

@evan Alright! So, I think e2ee is ideal for fedi. Many people who choose to be on fedi are privacy-conscious, and many activists/anticapitalists also need secure communication, and currently mostly use Signal. But a chat feature -and especially a secure chat feature- ideally should be part of a social network. I mean, if I want to chat with someone online, chances are we are close enough that I would like to also follow their social feed. And if I'm following someone on social media, there is a chance I'll want to chat with them at some point. This has worked great on facebook. Signal seems to understand this and has added Stories, in an attempt to engage users more and become more of a social network than just a chat app. There is also an attempt to build a decentralized social network on the Matrix protocol. And I'm talking about chat because DMs are not always practical enough for this. E2EE DMs would be welcome, but far less useful than a signal/matrix style chat.

Anyway, I was talking about activists because while Signal is great, many people don't feel great using a centralized, US-based company for this. Most alternatives leave a lot to be desired - for example Matrix sometimes fails to decrypt messages, and reveals more metadata than Signal. But if fedi provided something as private as Signal, then it could be a reason for more people to use it as social media/antireport tool as well. Not to mention that it would be useful for people already on fedi, obviously, but I think it can make it more attractive to more people who aren't here yet.

Some notes on what would be important IMO:
1. Group chats. I've seen chat apps with e2ee struggle with encrypted group chats. It's one of the (many) things Signal got right, supporting group chats with up to 1000 members! Having them all on the same server probably helps though, to be fair.
2. Multi-device support. I use signal from my phone when I'm out, from my desktop when I'm at home. So there needs to be some verification among devices. For example Facebook (which recently added e2ee in Messenger) asks you to set a 6-digit PIN in order to make sure you're the same person from a different device.
3. As less metadata available as possible.
4. I know fedi is built on servers, but P2P might be good to at least consider for something like that. You might want to check out Briar chat, which seems to be doing this the best so far.
5. This is not directly about E2EE, but if this is designed like a chat in the vein of Matrix, it would be great if there was technically room for public (unencrypted) chatrooms as well. You might think this is out of scope for the #Fediverse but I don't think that's true - practically all fedi projects keep public chatrooms on matrix/irc/discord (or self-hosted) for support, dev coordination etc. I only use Matrix to talk with people from fedi. Ideally, we should be able to do it all on fedi.

I'm not a dev so I can't help more with the technical aspect of things, but I'm very interested in this and I'm more than willing to discuss more about possible design choices on this, or/and for testing. One last thought, you don't need to reinvent the wheel here, there are many similar tools already out there and many are open source. I'd recommend checking out Signal and Briar first.

@evan one more thing, ideally there should also be some standard for voice and video calls. Perhaps P2P would be more suitable for something like that (to avoid load on the servers too). Again, this might seem out of scope for some, but it's an actual communication need, and it's bound to be implemented by some projects. Having a proposed standard way to do all of this would really help to not (further) fragment fedi.