Important progress has been made regarding bringing MLS end-to-end encryption to the ActivityPub protocol, with developers already building implementations and providing feedback to a future version of the protocol spec.

you are viewing a single comment's thread
view the rest of the comments

[–] blah3166@piefed.social 11 points 1 week ago (1 children)

why? because it would be cool if only intended recipients are able to view sent messages.

[–] RIotingPacifist@lemmy.world 2 points 1 week ago (1 children)

That's not really going to be the case if you're using a website instead of an audited app like signal/matrix.

[–] blah3166@piefed.social 10 points 1 week ago (1 children)

that argument doesn't hold. you're letting perfect be the enemy of good-and if you truly believe that, then you wouldn't be recommending Matrix which has web clients, see https://app.element.io/

[–] RIotingPacifist@lemmy.world 3 points 1 week ago* (last edited 1 week ago) (1 children)

Any we client including Matrix webclient is incredibly vulnerable to the server just injecting JS and reading your messages.

Like there is no point of E2E encryption in Twitter, Musk can read your messages if you open them on any device he can execute arbitrary code on.

[–] blah3166@piefed.social 4 points 1 week ago

Any we client including Matrix webclient is incredibly vulnerable to the server just injecting JS

That doesn't preclude fediverse clients from enabling E2EE. A web-client isn't a requirement.

Like there is no point of E2E encryption in Twitter, Musk can read your messages if you open them on any device he can execute arbitrary code on.

Agreed, nobody should trust twitter, but I would trust most mastodon clients to send encrypted messages, if/when implemented correctly. Does it guarantee that messages will never be read? No, but it does an extra layer that wasn't there before.