
Mastodon: Add end-to-end encryption API - sohkamyung
https://github.com/tootsuite/mastodon/pull/13820
======
gargron
This work-in-progress feature is meant to replace the current DM system. The
Olm library is being used in production by Matrix, although I believe app
developers could use the libsignal library in their apps all the same. Please
mind that neither Olm nor libsignal are actually included in the PR or used
server-side in any way. The API is just key exchange and passing encrypted
blobs.

Message franking is a technique used by Facebook in their own E2EE chats that
allows them to trust user reports about E2EE messages, otherwise someone could
claim they received something abusive and there would be no way to know it's
true. Believe it or not, "just block the sender" is not a sufficient solution
because while it works for the individual, when a spammer is allowed to run
rampant and thousands of users receive spam messages from different spammers
regularly it brings the quality of user experience for the whole platform down
significantly.

------
M2Ys4U
From the Mastodon creator:

>For once am not happy about Mastodon being on the HN frontpage. Someone
submitted a work-in-progress pull request there. Half the comments are
circlejerking about free speech as always, the other half gives opinions
without understanding the context of the feature (which is not surprising
given that it's a work-in-progress pull request on GitHub and not a goddamn
press release).

[https://mastodon.social/@Gargron/104233739773528179](https://mastodon.social/@Gargron/104233739773528179)

~~~
kabacha
Funny to see this thread to be complete opposite with a lot of praises, e2e
discussions and mastodon onboarding.

I feel that Mr. Gargron has been his own worst enemy at times. Mastodon.social
instance is notoriously bad, overmoderated and often down-right abusive. While
Mastodon itself in many ways a brilliant project with great dev team and
direction it's that just they seem somewhat socially inept/extreme at times.

~~~
S-E-P
I agree, Pleroma is better though. Just use that.

Gargron has shown that they do not care much for the community or the greater
fediverse at large.

Pleroma also is cleaner code-wise so there's that, more active dev and
lightweight relative to mastadon.

not paid by Pleroma btw, i just use it daily and I love it wayyy more then
Mastadon

~~~
robobro
Agree entirely, I've managed several Pleroma servers in the past. Incredibly
easy to set up and configure.

~~~
S-E-P
And you have the guarantee that the dev will actually keep working and
refining instead of all the drama mastodon finds themselves in

Pleroma does what Mastodon’t

------
novok
What does this E2EE API achieve with something that is public publishing? Is
it for private messages? Private reporting to the mods? I saw something in the
description about moderation.

Looking at the linked issue, it's for PMs:
[https://github.com/tootsuite/mastodon/issues/1093](https://github.com/tootsuite/mastodon/issues/1093)

------
sneak
> _specifically the Olm implementation developed by Matrix -- but it should be
> roughly the same as libsignal_

I'm all for "many eyes make bugs shallow", but this is somewhat-widely
deployed software, and I have approximately 0% confidence (based on my
previous experiences with Mastodon releases and code quality) that this will
be strong and safe for its first public release. (Happy to be proven wrong,
mind you.)

Perhaps this could be done in an official testing fork, and merged back in
when actual cryptographers are more confident about it?

The idea of shipping this in the standard Mastodon release cycle is
terrifying, and I _really_ hope they don't intend to do that.

Ultimately, from a design perspective, I'd much rather see ActivityPub
implementations support good profile deep linking to existing (read: safe)
messengers rather than trying to graft e2e onto a federated messaging protocol
that happens to support DMs-do one thing and do it well, and all that. (Also:
backwards-compatibility downgrade attacks, anyone?) We all know how well
previous attempts at e2e encryption of federated protocols went (spoiler: they
didn't).

The modern day version of Zawinski's Law of Software Envelopment seems to be
that apps will always attempt to expand until they can send and receive DMs.
The consequence of this should not be that every app bundles key generation,
key encipherment, key backup, secure key distribution, federated key
authentication, _and a message cryptosystem_ simply to support e2e DMs. That's
(dangerous) madness.

~~~
megameter
At the heart of the issue in the complexity of these protocols is that we want
to both broadcast widely and address someone specifically. This is a quandary
intrinsic to discussion forums, chat rooms and social media.

And the default is to mash both of them together and make it public.
Unsurprisingly, it's a source of toxicity and needs intensive moderation,
because a broadcasted address is mostly employed in a narrative sense, with
the person at the other end reduced to a character in the story. A timeline
creates a space, but in a shared timeline, whether it's a Twitter hashtag or a
comments section on a small blog, the space is made by spamming your narrative
more often.

With a decentralized, privacy-enabled solution like ActivityPub, there are
many tools to reshape the extent of the narrative so that you always own your
own space, but the tools themselves are quite complex and pressure our
engineering and UX capabilities.

And yet - broadcast by itself is not hard, if done in pull-orientation like
RSS. And secure messaging is challenging but mostly solved. I have some
unfinished thoughts that perhaps simpler is possible by changing the system's
orientation further, because I don't think the current designs are quite it.

~~~
apatters
> A timeline creates a space, but in a shared timeline, whether it's a Twitter
> hashtag or a comments section on a small blog, the space is made by spamming
> your narrative more often.

Why isn't this solved fairly easily via a digest metaphor? One can imagine
many different implementations, but something as simple as "your recent
updates appear in a group and that group can't be bumped to the top of
people's feeds more than twice a day" already seems better than the barrage of
puke hiccups that is Twitter today.

------
badrabbit
Is there a mastodon server that doesn't require email for signup? Throw away
providers did not work for me, free email providers require a phone number.
It's like signal, the benefits are contrasted against metadata exposure.

~~~
gargron
I'm not aware of one. Unfortunately any server not requiring e-mail
confirmation for sign-up would be overrun by spammers (we don't want to add
CAPTCHAs because 1) they are unpleasant for real humans and 2) they require
loading external resources which is minus points for the user's privacy).

~~~
robobro
You are lying. I have ran many Pleroma servers that do not require email to
sign up, and have used Pleroma servers that do not require email to signup.
None of them are overran by spammers.

You have forgotten your origins, James, and it bums me out. Email sucks.
Requiring email to join a site sucks. Let's cite a popular essay from our old
community:

[http://wakaba.c3.cx/shii/](http://wakaba.c3.cx/shii/)

* Registration keeps out good posters. Imagine someone with an involving job related to your forum comes across it. This person is an expert in her field, and therefore would be a great source of knowledge for your forum; but if a registration, complete with e-mail and password, is necessary before posting, she might just give up on posting and do something more important. People with lives will tend to ignore forums with a registration process.

* Registration lets in bad posters. On the other hand, people with no lives will thrive on your forum. Children and Internet addicts tend to have free time to go register an account and check their e-mail for the confirmation message. They will generally make your forum a waste of bandwidth.

* Registration attracts trolls. If someone is interested in destroying a forum, a registration process only adds to the excitement of a challenge. One might argue that a lack of registration will just let "anyone" post, but in reality anyone can post on old-type forum software; registration is merely a useless hassle.

------
honksillet
Does Mastodon not have a way to search for instances?

~~~
austinheap
Most of the ActivityPub-based networks have a "join<service>.org" index of
instances --

[https://joinmastodon.org/](https://joinmastodon.org/)

[https://joinpeertube.org/](https://joinpeertube.org/)

Hopefully this is helpful!

------
JamesGTP
Look good

------
snvzz
e2e encryption isn't something you add as an "optional feature", but rather,
something that should be in the design from day one, for all communications
(mandatory).

~~~
carterklein13
I feel like this is the goal, but as unfortunate as it is now - that's not the
case, and adding E2E encryption of any sort should be celebrated to perpetuate
the idea that it's not an option, but a need just like adding authentication
isn't an optional feature.

~~~
snvzz
>just like adding authentication isn't an optional feature.

As an added note, authentication can be and should, for most cases, be done on
a session basis, when establishing the session key (which should also, by the
way, be generated with care to provide forward secrecy).

The idea is that if individual messages aren't signed, there's the advantage
of plausible deniability to third parties. You know who you're talking to, but
you can't take a message go to a third party and claim "hey, this person has
said this. See? This message is signed by his key.".

This is the level of privacy generally expected in a conversation conducted
within the same room in meatspace, and most people would be uncomfortable with
any less than that.

------
numpad0
Could it be why mstdn.jp is shutting down? Official reason is lack of resource
to handle anticipated legal requests but that sounded weird.

~~~
throwaway1997
I was assuming it was due to the sheer volume of loli being posted on that
instance. Most instances block / mute it for this reason.

~~~
jack1243star
The whole blocking situation turns me away from Mastodon. Short of maintaining
my own instance, there's no way to be sure I can follow anyone I'd like to, or
communicate with them. There's no way to find out from the outside if an
instance is defederated.

~~~
young_unixer
I left Mastodon because the big "traditional"/sanctioned instances started
banning other instances they didn't like, specifically Gab (instance full of
right-wing people that allows basically anything that isn't illegal).

I had high hopes for Mastodon but whatever, this whole social network thing
isn't worth the trouble. Now HN and Youtube are the only websites I visit for
entertainment.

~~~
DarkWiiPlayer
I had a quick look at mastodon a while ago and saw a few more problems with
the model, but I wasn't aware instances could block each other. Maybe some day
there will be an even more decentralized alternative (Looking at you,
indieweb) where it is up to the user whom they block. I'm also not a huge fan
of how mastodon is an implementation, more than a protocol.

~~~
vertex-four
I, as a user, am still going to demand that I can join a community where of
likeminded people and moderation so I don't have to deal with the overwhelming
spam of the internet myself. That's the bit that a number of decentralisation
projects don't get - I don't want to have messages by anyone on the whole
internet forced into my view (because have you seen how much that sucks?). I
want moderation if the day-to-day use of the tool involves coming across a
largely random group of people - otherwise it's just a platform for harassment
and spamming people with child porn, a la Matrix - and I don't want to perform
that moderation 100% by myself.

~~~
jack1243star
Then what is the point of federation? You just described a centralized
forum/microblogging server.

~~~
vertex-four
I can pick and choose who my community and moderation team is - that's why I
am on the fediverse and not Twitter. I am strongly opposed to having extreme
right-wing views (along the lines of "you should be dead for who you are")
forced into my conversations? I can pick an instance/moderation team which
proactively blocks other instances which refuse to moderate their users
according to such basic social norms.

Fact of the matter is that I don't really want to talk to most people on the
internet, and I don't want to see what they have to say about me every time I
want to see what my friends are up to. I want to talk to my friends, maybe
have our wider communities able to chime in, and occasionally discover new
people through that. It's not my job to convince random assholes on the
internet that I deserve to exist, and it's not useful in any way to see their
messages. Blocking extremist free speech instances which promote harassment as
a normal part of their operation is... a feature, not a bug.

~~~
jack1243star
That is a fair point, but what happens when the moderation team deviates from
your beliefs? What happens if your instance is declared not-safe? You're
effectively exiled from the fediverse, people you follow will never see your
toots again.

~~~
vertex-four
Then I move instance (probably well before my instance is declared not safe,
tbh). It's a feature in Mastodon, assuming my moderation team hasn't decided
to disable it - basically, I send a protocol message to my followers saying
"I'm over here" and they automatically follow me over there. In a future p2p
protocol that's designed by people who actually realise that people exist who
don't want everyone on the internet to have a direct line to their inbox (aka
none of the current ones), I could simply move moderation team and keep my
identity.

It's incredibly unlikely that tomorrow, my instance pushes the needle so far
that everyone blocks it immediately. More likely a series of changes in the
moderation team gradually pushes things that way and I can change instance
before things get bad enough that anyone would block it - and I'd do that
because it wouldn't be a community I want to be part of any more, rather than
any particular fear about being blocked.

~~~
jack1243star
I had no idea account migration landed. Your description actually sounds quite
reasonable. I guess I was too shocked and burnt by the instance blocking
incident. Maybe I should give Mastodon another try.

Just need to find an instance that doesn't block...

~~~
vertex-four
Finding an instance that doesn't block other instances, but also actually
moderates its users and thus doesn't get blocked, is going to be pretty hard -
and also a rather harassment-filled experience unless you fit in with the Gab
crowd, I imagine. You could always run your own instance.

Note that the majority of instances that are "blocked" are actually soft-
blocked by most instances, meaning you can still talk to people on them if you
follow them, you're just not going to find posts from their users otherwise.

------
robobro
Pleroma does what mastodon't

~~~
fenwick67
Last I checked Pleroma doesn't even have moderation tools, let alone message
franking.

~~~
dependenttypes
This is incorrect. AdminFE exist.

------
Hitton
>An additional layer on top of it is so-called message franking, which allows
encrypted messages to be reported to content moderators without compromising
keys or message contents ahead of time while also preventing fake reports.

That sounds like the encryption isn't deniable. Personally I would prefer
deniable encryption to ability to report wrongthink.

~~~
mdszy
What about spam and legitimate abuse? Do you think these things should be
allowed to run rampant just because you believe that an admin's decision to
not communicate with you is that terrible?

~~~
Hitton
> _What about spam and legitimate abuse?_

You can block the spammer yourself. I'm not sure if the feature is about only
private communication between two users or in channel, but if it's in channel,
there can be bot logging messages. That way the bot's owner still knows who
posted what and can ban/moderate as needed.

> _Do you think these things should be allowed to run rampant just because you
> believe that an admin 's decision to not communicate with you is that
> terrible?_

I have no idea what are you talking about. Are you reacting to what I wrote or
to your own projections about my beliefs?

~~~
progval
If the spammer spams thousands of people, it's a better use of everyone's time
if an admin bans it once and for all.

~~~
macieklaskus
There are other solutions to this problem that don't require 3rd party
intervention. For example, users could follow each other's block lists.

If Bob spams thousands of accounts he'd quickly get on multiple block lists.

~~~
loceng
Is Bob a verified, known identity, or does he simply create unlimited accounts
and continue the spamming or abuse?

