Encrypted DMs Are Coming to ActivityPub

Secure messaging may be within reach.

Photo of Anuj Ahooja Anuj AhoojaMay 2, 2024
4 14 1 minute read

The prospect of making the Fediverse more secure is an ongoing topic, with a number of developers, privacy advocates, and user communities weighing in on how to do it. On Tuesday evening, ActivityPub spec co-author Evan Prodromou announced that he and Tom Coates have received a grant to develop end-to-end encryption (E2EE) for the protocol.

Very happy to announce that @tomcoates and I have been given a grant to develop an end-to-end encryption (E2EE) protocol for DMs, including a reference implementation and a report to submit to the W3C SocialCG.

forum.summerofprotocols.com/t/

— Evan Prodromou (@evan) 2024-05-01T02:17:09.357Z

In his proposal, Evan calls out that while ActivityPub is encrypted in transit, there is no standard way of keeping it encrypted at rest. While this isn’t a problem for public-facing posts, this is a non-starter for a lot of users when it comes to DMs and will certainly be a welcome addition. Any social web platform could implement E2EE for themselves, but a standardized format will enable users of different Fediverse services to DM each other through the lens of the social platform of their choice.

Independent Efforts

That’s not to say that others haven’t already been trying. Daniel Supernault, creator of Pixelfed, has been working on his own ActivityPub-based DM solution named ‘Sup’. It would be a bring-your-own account service with a promise of being E2EE via the Messaging Layer Security Protocol.

sup. is an open source encrypted fediverse instant messenger, similar to whatsapp, made by pixelfed.

The beta will be launching later this month, and btw most fediverse accounts will work, not just Pixelfed ?

— dansup (@dansup) 2023-08-05T11:38:40.670Z

At this point, E2EE DMs in the Social Web aren’t a question of “if” , but “when”. This is still early stages of this proposal, Sup is still in development, and there’s more research to be done – but, the ability for Fediverse platforms to support encrypted private messages holds immense promise for making the network more secure.

ShareOpenly logo Share
Tags
Photo of Anuj Ahooja Anuj AhoojaMay 2, 2024
4 14 1 minute read
Photo of Anuj Ahooja

Anuj Ahooja

Anuj is an engineering leader, formerly at Flipboard and Amazon, seeking an interoperable future for technology. His investment in the social web began during his time at Flipboard but stems from a greater ideology that platforms should run on interoperable standards to enable competition. Currently, he is working on his own social web projects and is writing at WeDistribute and his own blog, augment.ink.

4 Comments

  3. @news Federated encrypted messages is a crowded space. In addition to sup and this new effort, prior art includes Matrix and the encrypted flavor of XMPP. That's why I'm especially intrigued by "finding out more about how other protocols achieve E2EE without overburdening the end user" from the proposal: perhaps increases the chance that we'll have some serious thought about why there are so many protocols out there and how we can get interoperability one way or another.

  4. Pingback: Secure DMs on ActivityPub – Complaint Hub

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button