 Has anyone made a DMs-only fediverse client? Like something that looks more or less like iMessage or Signal but you address people via their fediverse handles and it handles DMs as first class (and only-class) content? Has anyone made a DMs-only fediverse *server*? Like if I want to join fedi but only to direct message people and be in group chats I could join a server and it would have a nice client view like the one in the previous paragraph? 65 comments
I'm thinking no discovery of topics or people. No hashtag support. None of that shit. Basically just email-over-activitypub. You give it addresses for people you want to talk to and then it happens. Just like with phone numbers and SMS/MMS. Make it e2e encrypted if you like, or not. The difference from email is I could have my nice iMessage like experience over here, and you can be stuck in Mastodon DM user experience hell on your end if you so choose. Choice!  @mcc are there matrix clients that look like signal/imessage? every client I've seen is some horrible irc variant If you went the e2e route in the current ecosystem you'd have some kind of Signal-style lock-in where you'd need people running the same client on both ends, but you'd be bouncing around encrypted messages via activitypub, I guess? idk. just spitballin here people  @darius Mastodon actually used to have API endpoints for E2EE messaging https://github.com/mastodon/mastodon/pull/13820 which has been dropped due to the lack of clients: https://github.com/mastodon/mastodon/pull/14283. It maybe worthwhile looking into the code for how it looked like. (I'm afraid I'm not an expert :P But also, in response to all the "what about e2e encryption" -- I would like that but I would *also* like a nice dedicated user interface for my activitypub DMs as they exist today. Would a custom client be more secure than my current DMs? no. would it be LESS secure? also no!  Further (and now I am ranting, sorry), I used email as an analogy specifically because it is insecure as shit but we use it every day I probably should have pitched it in the original post as an idea for insecure messaging @darius Yeah. I’m in favor of a better UX. I’m even more in favor of fixing the glaring safety hole before encouraging new adoption. I’m a thoughtful server admin, but even I don’t trust me with your DMs. (And yes, I totally had the “I read your emails” sticker back in the day.)   @darius i'm not sure what the point of such a *server* would be, but as a *client*, i imagine it would make some sense. i'm thinking generic activitypub server and then an activitypub client that just shows you your inbox. i mean, everything is a "direct message" on the spec level, right? just, you're dealing indirectly with resources. perhaps you could have a separate Message activity, but it is also conceivable to add certain objects to a certain collection. maybe even both of these ideas.  @darius FWIW email is a lot more secure, on average, than people give it credit for. It doesn't break in the nice clean way that e.g. spoofed TLS would, but in practice if you try to blast out plaintext SMTP forged from: headers these days, you get blackholed into oblivion 99% of the time. servers are also using TLS between each other and so grabbing messages off the wire is not trivial either. @glyph right, and ActivityPub has similar protections built in for forged from fields and the like. The core insecurity of "Google can hand your plaintext email to the cops" is analogous to "admins can read your DMs" that people on here are always bringing up
[DATA EXPUNGED]
@josh yeah I 100% want to see this stuff happen over activitypub specifically and not the mastodon API  @darius XMPP has a pretty decent end to end 2 entity chat system. XMPP has a pretty rich system for creating gateways and there's some thoughts about trying to build an ActiivityPub / XMPP gateway. https://nlnet.nl/project/Libervia/ Though beats me how all the keys would get moved around the different protocols. @darius There is e2e encryption for open/federated protocols. XMPP has PGP, OTR and OMEMO, Matrix has Olm/Megaolm, Email has PGP, IRC has (had?) FiSH, probably more stuff that I forget. All these protocols allow you to use all kinds of clients and they are able to talk to each other with e2e encryption.  @darius Isn’t this (except for E2E) just a UI issue? Several of the iOS clients I’ve used offer a choice of conversation threads vs. stream of messages for DMs. I actually have no idea how the default web UI for Mastodon does it, even when I use the web, I tend to use Elk or some other web client.  @darius I feel like it’d be real tough to make this with the knowledge that mastodon DMs are about as secure as sending the message on an airplane with a banner hanging off the back @MrNuclearMonster see my followup post. it's analogous to email. we use email every day  I feel like encrypted DMs is kind of base requirements for anyone interested in building a modern DM client and I don’t think ActivityPub has any provisions for that in the spec? @anthracite no there is no provision for that in the spec. I suppose you could build a client and have a weird Signal situation where you need the same client on both ends but the servers don't matter (Since you are e2e encrypting *clientside* via some kind of PGP style prior agreement) @darius @anthracite I think there’s a gap we can close with Matrix/MLS with some time and resources. It’s on the list, but not quite yet. I think it starts with something like iMessage/SMS where you can fall back if either/any party doesn’t have an appropriate account configured. This doesn’t need to be the same ID as your Fediverse handle. But it could be! @darius Do fediverse DMs support end-to-end encryption? If not, I suspect it would be difficult to make a client that is DM-first without leading folks into an insecure pattern. @darius Yep, and I think the UX benefits could be big. I thought I heard that Mastodon DMs can’t support e2e, though. Which means it’s missing an “end” unless you only interact in the same client (like Signal iirc)
[DATA EXPUNGED]
@Delib SMTP also has these abilities -- I am asking about fediverse/activitypub. It is frustrating to say "has anyone done X with Y technology?" and to get responses that are "Z technology does this" @darius fediverse/activitypub is currently being bridged to #xmpp/jabber (which is focused on the use-case you describe), including 'real' DM's, not just the kind transmitted and stored in open text as in mastodon. These efforts are very close to being ready for the public. My hunch is that Movim.eu might be the best first-use server for users to watch for a future gateway. BTW I would not recommend using mastodon for personal messages. #libervia @Delib I think it is fine for someone to use Mastodon to send any message that they would also feel comfortable sending over unencrypted email. For some people that is "basically nothing" and for some people that is "basically anything". @darius I do agree, if by 'fine' you mean people have the freedom to share personal information in those ways. But that's different than recommending it. Most mastodon-instance introductions I have read, explicitly warn users against sharing personal information in direct-messages (DM). #activitypub #xmpp #movim  @darius  Smithereen right now is the exact opposite of that — it's a public-posts-only server :D @darius This may not be what you want but the closest I know of is XMPP messaging like Jabber. There are Fedi servers that serve these apps. See https://fedi.directory/tag/instant-messaging/ *imagines an AP client that shows people you logged in* *is struck dead mentally by the concept of a mIRC-styled interface for a specific AP server that only federates internally* 😱  @darius This is not a bad idea so long as e2e could be done in an open way. I'd like to see oauth2 client support in ActivityPub apps too, I shouldn't have to create an account for every server. An AP compat identity server that others could auth against would be ideal.  @reconbot no but the post inspired this??? https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html  @darius I just came across this post in a reference in this draft on what encryption over ActivityPub might look like by @bifurcation: https://bifurcation.github.io/mimi-aim/draft-barnes-mimi-aim.html#name-authors-address  |
Gregory's Server
@darius could that be done as a matrix server that uses mastodon for auth?