mastodon-e2ee-specification
matrix-spec-proposals
mastodon-e2ee-specification | matrix-spec-proposals | |
---|---|---|
11 | 48 | |
195 | 950 | |
- | 1.1% | |
10.0 | 7.6 | |
over 1 year ago | 6 days ago | |
GNU Affero General Public License v3.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mastodon-e2ee-specification
-
The Apes Shitstorm Shelter (ASS) - the censorship state of reddit and subreddits - Part 2
No end to end encryption in mastodon: https://github.com/soatok/mastodon-e2ee-specification
- Mozilla’s setting up shop on Mastodon and trying to reinvent content moderation
- Discussion Thread
- Is that all you need?
-
Towards End-to-End Encryption for Direct Messages in the Fediverse
What Moxie wrote was about his decisions with Signal. It's not that relevant to this post for distinct two reasons:
1. One of the stated anti-tenets of what I'm proposing is competing with Signal. https://github.com/soatok/mastodon-e2ee-specification#anti-t...
2. Cryptography has matured greatly since Moxie wrote that post.
I feel confident about rolling out a v1 E2EE protocol for the Fediverse in 2023, and then a v2 in 2024 or later.
Migration is a two-putt, but it's tractable. I've worked on similar message format migrations before.
1. Roll out read-only support for v2.
2. Enable writing. Now people can start using v2.
3. Later, once the new version is ubiquitous for the scope of your concern, disable v1.
It's not as fast as if you own the whole stack (like Signal does).
-
AMA with Eugen Rochko, Founder and lead developer of Mastodon, a decentralized, open-source social media platform based on open web protocols. Ask your questions here!
This is a very hard problem to solve. I know it's being worked on by some smart people though, see https://soatok.blog/2022/11/22/towards-end-to-end-encryption-for-direct-messages-in-the-fediverse/
-
End-to-end encrypted messages need more than libsignal
Related: https://soatok.blog/2022/11/22/towards-end-to-end-encryption...
-
tankies mad about sites that actually have ToS
The good news is that because Mastodon is open source, and development is done in the open, anyone with the needed skills and interest could implement it right, and there is a project spearheaded by cryptography experts to do just that. https://github.com/soatok/mastodon-e2ee-specification
matrix-spec-proposals
-
The Matrix Trashfire
Not only are they actually very closely linked, in that Element operates matrix.org, but to a new user (told to try Matrix -- what is this Element thing?) there's no difference.
I onboarded a family member onto my Matrix server with FluffyChat as the client. This person is a power user, fairly technical, yet still refers to the chat as "FluffyChat" and although I've explained several times that choosing FluffyChat was maybe a mistake and they should use Element, it never seems to really click that multiple clients are possible.
And really, they aren't possible. They have different subsets of features.
If you want to see a trash can fire, just try to follow the discussion for adding custom emoji to Matrix: https://github.com/matrix-org/matrix-spec-proposals/pull/195...
it's been going on for years. It's a feature the competitors have had for half a decade, as long as this discussion has been ongoing. I've been watching this issue for half a decade thinking "surely they'll decide on something" but mostly all I've been convinced of is this: Matrix is design by committee in all of the worst aspects and at every level of design. If anything gets done at all, it's a convoluted mess, and it's a miracle that it even happens.
I wish community software developers would focus their attention.. somewhere else.
-
Bluesky and the at Protocol
So Matrix also has account portability (almost) - https://github.com/matrix-org/matrix-spec-proposals/blob/keg... and https://github.com/devonh/matrix-spec-proposals/blob/cryptoI..., implemented in Dendrite. Unfortunately dev is paused on it currently thanks to lack of $ though.
The AP approach (prioritising portable identities over portable account data) is cute though, and perhaps we should have prioritised that as an alternative to fullblown cryptographic IDs & account portability.
-
Non-profit Matrix.org Foundation seems to be moving funds to for-profit Element
Luckily, it doesn't matter what individuals expect. There is written documentation on what the foundation is supposed to do or not to do: https://github.com/matrix-org/matrix-spec-proposals/blob/mai...
Notably, "Code Core Team members must arrange their own funding for their time", which I understand as such that the Foundation does not pay directly the developers (same as other standards organizations like IETF).
Main tasks of Matrix.org Foundation is maintaining the spec, documentation, owning IP, promotion and the matrix.org home server. The home server is "generously hosted" by UpCloud (i.e. is not using New Vector EMS), at least according to the matrix.org website.
Looking again at MSC1779, I noticed it says that one function of The Matrix.org Foundation is "Owns the copyright of the reference implementations of Matrix (i.e. everything in https://github.com/matrix-org). By assigning copyright to the Foundation, it’s protected against New Vector ever being tempted to relicense it." That protection apparently wasn't very effective, but also notably, New Vector and their leadership clearly have shown to not stand behind the goals of the Foundation. As the leadership of New Vector is also part of the leadership of the Foundation, I see some huge potential for COI here.
- Possible to set a message retention period?
-
Matrix 2.0: The Future of Matrix
The main remaining Nebuchadnezzar issue is mitigating server-controlled group membership. The first step has been to kill off the 1st gen E2EE implementations, which were responsible for the implementation vulns found by RHUL - and we should hopefully conclude that next week by moving everything into the matrix-rust-sdk crypto create implmentation: https://github.com/vector-im/element-web/issues/21972#issuec... is the tracker.
Then, we can address the harder server-controlled group membership issue in one place. First step will be to improve device verification & trust so that trust is the default, not the exception, to make it easier to spot and warn about unexpected devices in the room. The full solution is then either MSC3917 (https://github.com/matrix-org/matrix-spec-proposals/blob/fay...) - or potentially to switch everything to MLS.
We're working on MLS anyway in parallel to RHUL mitigation work; you can see the progress at https://arewemlsyet.com, and it's looking good.
I'm guessing you're not interested in doing a podcast on "yay we converged our crypto implementations on a single robust Rust implementation so we can fix the remaining bugs in one place", but as soon as the server-controlled group membership thing is solved we'll be in touch. Work has also gone much slower than hoped on this, thanks to the joys of funding open source.
-
Conduit: Simple, fast and reliable chat server powered by matrix
https://github.com/matrix-org/matrix-spec-proposals/blob/keg... is how we’re doing it, and it’s being implemented currently in Dendrite.
-
Databag – tiny self-hosted federated messenger for the decentralized web
Matrix already has key-based identity in the works at https://github.com/matrix-org/matrix-spec-proposals/blob/keg... (and implemented in Dendrite at https://github.com/matrix-org/dendrite/pulls?q=is%3Apr+is%3A...). Matrix is set up to let folks go wild and change fundamentals like this; basically every Matrix Spec Change (MSC) is a small fork, which then gets merged into the main spec if it can be proven to work well in the wild.
-
Discord Is Not Documentation
Gitter seems to have moved to being a Matrix instance (or maybe it always has? it didn't look like Matrix when I used it circa 2016), but matrix feels half-baked and is just a bunch of hacks put together. For example
- Can't "mark all as read" on a space. probably because rooms within a space are only tangentially related,
- No custom emojis or sticker packs (their proposal for this is to create rooms to house custom emojis/sticker packs[0])
Not a great bet to go to keybase with the Zoom acquisition https://news.ycombinator.com/item?id=28814210
0: https://github.com/matrix-org/matrix-spec-proposals/pull/195...
-
The problem with federated web apps
We’re currently working on account portability (https://github.com/matrix-org/matrix-spec-proposals/pull/401...) and experimenting with glueing bluesky style DIDs onto it (so as to provide DMs for bluesky via Matrix, should they want them)
-
2FA on matrix.org
slow moving but there is discussions https://github.com/matrix-org/matrix-spec-proposals/pull/1998
What are some alternatives?
mastodon - A glitchy but lovable microblogging server
whatsapp - A Matrix-WhatsApp puppeting bridge
GpgFrontend - A free, open-source, robust yet user-friendly, compact and cross-platform tool for OpenPGP encryption. It stands out as an exceptional GUI frontend for the modern GnuPG (gpg).
matrix-synapse-shared-secret-auth - Shared Secret Authenticator password provider module for Matrix Synapse
mls-architecture - MLS architecture
matrix-room-element
user_pinger_2 - Bot + accessory services for pinging groups on a subreddit
element-call - Group calls powered by Matrix
joinmastodon - The official Mastodon project homepage
nnnoiseless - Recurrent neural network for audio noise reduction
mastodon-block-tools - An attempt to list as many different projects/tools/scripts related to Mastodon & fediverse block management as possible
matrix-js-sdk - Matrix Client-Server SDK for JavaScript