Email or username:

Password:

Forgot your password?
Darius's posts Post Back to profile
Top-level
Darius Kazemi

I'm thinking no discovery of topics or people. No hashtag support. None of that shit. Basically just email-over-activitypub. You give it addresses for people you want to talk to and then it happens. Just like with phone numbers and SMS/MMS. Make it e2e encrypted if you like, or not.

The difference from email is I could have my nice iMessage like experience over here, and you can be stuck in Mastodon DM user experience hell on your end if you so choose. Choice!

10 Mar 2023 at 0:37 | Open on friend.camp
31 comments
mcc

@darius At this point I feel like it would be more useful to simply make a mastodon-to-matrix bridge.

10 Mar 2023 at 0:38 | Open on mastodon.social
Darius Kazemi

@mcc are there matrix clients that look like signal/imessage? every client I've seen is some horrible irc variant

10 Mar 2023 at 0:39 | Open on friend.camp
ailepet
Darius Kazemi

@hellpe @mcc @krille oh hell yeah I might finally use matrix

10 Mar 2023 at 0:47 | Open on friend.camp
mcc

@darius @hellpe @krille I found it unusable for a long time but some kind of threshold was reached in the last few years and Element is REALLY good right now. Ready to replace Discord honestly

10 Mar 2023 at 2:31 | Open on mastodon.social
Darius Kazemi

If you went the e2e route in the current ecosystem you'd have some kind of Signal-style lock-in where you'd need people running the same client on both ends, but you'd be bouncing around encrypted messages via activitypub, I guess? idk. just spitballin here people

10 Mar 2023 at 0:44 | Open on friend.camp
Chris Radcliff

@darius heh i think we’re agreeing, yes

10 Mar 2023 at 0:47 | Open on spaceup.city
zunda

@darius Mastodon actually used to have API endpoints for E2EE messaging github.com/mastodon/mastodon/p which has been dropped due to the lack of clients: github.com/mastodon/mastodon/p. It maybe worthwhile looking into the code for how it looked like. (I'm afraid I'm not an expert :P

10 Mar 2023 at 0:48 | Open on mastodon.zunda.ninja
Darius Kazemi

But also, in response to all the "what about e2e encryption" -- I would like that but I would *also* like a nice dedicated user interface for my activitypub DMs as they exist today. Would a custom client be more secure than my current DMs? no. would it be LESS secure? also no!

10 Mar 2023 at 0:51 | Open on friend.camp
Glyph

@darius you could also have explicit support for bootstrapping into more secure messengers if you were doing this as a first-class thing. a lot of people (myself included) _mostly_ use social DMs as a way of getting off-platform onto Signal or similar

10 Mar 2023 at 0:54 | Open on mastodon.social
Darius Kazemi

Further (and now I am ranting, sorry), I used email as an analogy specifically because it is insecure as shit but we use it every day

10 Mar 2023 at 0:55 | Open on friend.camp
Darius Kazemi

I probably should have pitched it in the original post as an idea for insecure messaging

10 Mar 2023 at 0:59 | Open on friend.camp
Chris Radcliff

@darius Yeah. I’m in favor of a better UX. I’m even more in favor of fixing the glaring safety hole before encouraging new adoption. I’m a thoughtful server admin, but even I don’t trust me with your DMs. (And yes, I totally had the “I read your emails” sticker back in the day.)

10 Mar 2023 at 1:21 | Open on spaceup.city
Ted Han ★ 韓聖安
infinite love ⴳ

@darius i'm not sure what the point of such a *server* would be, but as a *client*, i imagine it would make some sense. i'm thinking generic activitypub server and then an activitypub client that just shows you your inbox. i mean, everything is a "direct message" on the spec level, right? just, you're dealing indirectly with resources. perhaps you could have a separate Message activity, but it is also conceivable to add certain objects to a certain collection. maybe even both of these ideas.

10 Mar 2023 at 3:57 | Open on mastodon.social
Misty

@darius See, I half thought this was nerd sniping to attract replies about security

10 Mar 2023 at 16:54 | Open on digipres.club
Darius Kazemi

@misty lol no I'm just a dumbass who forgot where I was posting

10 Mar 2023 at 17:01 | Open on friend.camp
Glyph

@darius FWIW email is a lot more secure, on average, than people give it credit for. It doesn't break in the nice clean way that e.g. spoofed TLS would, but in practice if you try to blast out plaintext SMTP forged from: headers these days, you get blackholed into oblivion 99% of the time. servers are also using TLS between each other and so grabbing messages off the wire is not trivial either.

10 Mar 2023 at 1:13 | Open on mastodon.social
Darius Kazemi

@glyph right, and ActivityPub has similar protections built in for forged from fields and the like. The core insecurity of "Google can hand your plaintext email to the cops" is analogous to "admins can read your DMs" that people on here are always bringing up

10 Mar 2023 at 1:26 | Open on friend.camp
Jason Petersen (he)

@darius @glyph how is all of this that you’ve described not jus Matrix. Yes, it’s not activity pub. But it’s mostly what you mean, and it’s federated.

10 Mar 2023 at 3:27 | Open on logoff.website
Darius Kazemi

@jason @glyph it is frustrating to ask "has anyone built a bridge out of paper?" and to get a bunch of replies about how plenty of bridges are built from steel

10 Mar 2023 at 3:28 | Open on friend.camp
waferbaby
Gracious Anthracite

@darius

My main thought with regards to "are fediverse DMs at all secure" was that the kind of people who seem to be interested in building IM clients always seem to be super into making it secure, and thus would probably prefer to go off and make a client for a more secure federated protocol, or make their own protocol because surely what the world needs is a 47th IM protocol that makes a slightly different set of choices than the preceding 46 that nobody's using. :ds_wink:

Getting all chat, public or private, on the same publicly-owned protocol is not a bad aim in and of itself. I just feel like "omg NO PRIVACY" is a thing everyone who makes these types of clients is going to be screaming about.

@darius

My main thought with regards to "are fediverse DMs at all secure" was that the kind of people who seem to be interested in building IM clients always seem to be super into making it secure, and thus would probably prefer to go off and make a client for a more secure federated protocol, or make their own protocol because surely what the world needs is a 47th IM protocol that makes a slightly different set of choices than the preceding 46 that nobody's using. :ds_wink:

10 Mar 2023 at 19:46 | Open on dragon.style
[DATA EXPUNGED]
Darius Kazemi

@josh yeah I 100% want to see this stuff happen over activitypub specifically and not the mastodon API

10 Mar 2023 at 0:56 | Open on friend.camp
Diane 🕵

@darius XMPP has a pretty decent end to end 2 entity chat system.

XMPP has a pretty rich system for creating gateways and there's some thoughts about trying to build an ActiivityPub / XMPP gateway. nlnet.nl/project/Libervia/

Though beats me how all the keys would get moved around the different protocols.

10 Mar 2023 at 0:58 | Open on octodon.social
FAP

@darius There is e2e encryption for open/federated protocols. XMPP has PGP, OTR and OMEMO, Matrix has Olm/Megaolm, Email has PGP, IRC has (had?) FiSH, probably more stuff that I forget. All these protocols allow you to use all kinds of clients and they are able to talk to each other with e2e encryption.

10 Mar 2023 at 1:24 | Open on mastodon.social
Kee Hinckley

@darius Isn’t this (except for E2E) just a UI issue? Several of the iOS clients I’ve used offer a choice of conversation threads vs. stream of messages for DMs. I actually have no idea how the default web UI for Mastodon does it, even when I use the web, I tend to use Elk or some other web client.

10 Mar 2023 at 1:45 | Open on infosec.exchange
waferbaby
Go Up