Email or username:

Password:

Forgot your password?
Neil's posts Post Back to profile
Top-level
Neil Brown

@dequbed

> I would personally have loved a fediverse in which *everything* is e2e encrypted.

I am interested in how you’d see that working:

- I presume it would mean eliminating “open follow” accounts (like mine), and requiring people to approve follow requests, as otherwise any adversary could follow and obtain access to (future) posts. But…

- if A posts something and B boosts it, C, who follows B but not A, could see it? Does e2ee add anything?

1 Jul 2023 at 5:49 | Open on mastodon.neilzone.co.uk
6 comments
nadja

@neil I don't think open follow accounts like your have the threat model of trying to prevent randos from seeing your posts. To you it would mostly add enforced encryption at rest.

For public/unlisted it would mostly add enforced encryption at rest, but follower-only posts can't be boosted. And it protects those against bad actor servers that e.g. index or publicize them.

1 Jul 2023 at 5:55 | Open on mastodon.chaosfield.at
Neil Brown

@dequbed

I can see how it would work in the context of follower-only posts from restricted follow accounts. Absolutely.

And, just in case, I didn’t mean to be dismissive of those who choose or need to engage in that way - not at all.

In other, more public, contexts, I am less sure it would work at all!

1 Jul 2023 at 5:59 | Open on mastodon.neilzone.co.uk
nadja

@neil oh no worries, I didn't read you as dismissive. Just as honestly curious about a topic that's outside of your domain of expertise, and I can apprechiate that :blobcatcomfy:

1 Jul 2023 at 6:03 | Open on mastodon.chaosfield.at
Neil Brown

@dequbed Thank you! I love how I can engage with actual experts on so many things :)

1 Jul 2023 at 6:04 | Open on mastodon.neilzone.co.uk
Dragon

@neil @dequbed I can’t see how it would work for public posts.

Or why you’d even need to encrypt those as given they’re meant to be public.

1 Jul 2023 at 11:20 | Open on toast.dragon2611.net
Joël de Bruijn
@neil @dequbed
Just an adjacent thought:
With CryptPad I see the irony of being e2ee without identification/authentication users.
Super encrypted meanwhile anyone with a link can collaborate.
1 Jul 2023 at 5:57 | Open on t.joeldebruijn.nl
Go Up