Great to hear folks are working on e2ee private messaging in AP! Kudos!
Will e2ee group messaging be supported? It would open up major possibilities, such as secure FB-like private posting-- the group for each post and its replies would be the OP’s friends or a subset thereof (I realize the bilateral “friend” relationship is another topic of discussion). It can be done efficiently, where only one copy of an encrypted post/reply needs to be uploaded, along with that decryption key encrypted for each recipient.
Is anything like this planned with the e2ee messaging support? It would be good from a security standpoint if users didn’t have to trust all the servers with their content.
First Fediverse Messenger contains comprehensive thoughts how to do e2ee in the Fediverse. My personal opinion is that this will require a hard split away from how ActivityPub is currently done.
Second, as far as I can tell, group messaging is both less secure and infinitely more complicated than Double Ratchet (which is already quite complicated), so implementing it is probably quite far away.
Third, for big enough groups, hosting your own servers should be the answer to not wanting the server admin to read the content.
Well, requiring users to run their own server is a major barrier, plus it wouldn’t solve the problem, unless you give up federation with other servers. The problem is that currently, you have to trust not just your home server, but the home servers of everyone who sees your posts, some of which could easily be malicious. The goal here is to be able to safely use untrusted infrastructure.
Yes, secure group messaging is more complicated than secure 1-to-1 messaging, but it can be done and has been done elsewhere, and I think it’s worth considering given the huge potential benefits, and the systems that could be built on top of it (like secure private posting)…
Isn’t double ratchet for when there is just one node in between sender and recipient, like Signal is? If so, I wonder if it’s possible to generalize DR to be multi-hop, for the fediverse. In any case, I think that’s separate from the 1-to-many aspect-- to send a message to a group, you just send the same message encrypted for each recipient, regardless of how the key for that recipient is negotiated. Or do I misunderstand?
In which case why not use matrix instead? They’ve already figured out a Double Rachet for groups with MegOlm. Or even XMPP and group OMEMO, with a system like Snikket. Or even email protocols and Autocrypt with an app like Delta.Chat. SSO with something like Authentik so the same login credentials can be used with an AP app and a matrix app (or an xmpp/muc/omemo app, or an email/autocrypt app), with a consistent styling across all UI those credentials can access. Now you’ve got a suite of of integrated services, without doing any radical new implementations of E2EE.
Requiring every person to run their own server would be a barrier. Some people would be happy to learn to run servers. Others insist on being able to at least run the one they use. Between those latter two groups, we seem to end up with enough multi-user servers to host everyone who wants an account.
It’s not E2EE that needs to be different to be used with ActivityPub, it’s how ActivityPub is used. You can basically reused double ratched.
I consider the benefits of E2EE for the instance owner higher than for the user. It essentially splits the content into:
Can be moderated as public, or including instance owner / proxy of owner such as a moderator
Is encrypted
These thoughts of course do not apply to mega instances having tens of thousands of users.
Finally: Implementing E2EE for cases, where the instance owner is assumed to want to compromise the communication, is much harder. This goes into “supply chain security” considerations.
Good to hear Matrix does double ratchet for groups; I did not know that. I’m thinking in terms of having secure private posting on the fediverse, i.e. using ActivityPub, but perhaps a Matrix-ActivityPub bridge could provide this. I think private posts are one of the main features FB supports (though insecurely) that the fediverse doesn’t yet AFAICT, and I know some people (including me) stay on FB just for private posts. I’d like to see a good parallel feature in the fediverse.
Regarding the barrier of running a server-- even if someone uses a server they trust, they’re currently trusting all of their followers’/friends’ servers with their content, not just the server they use. This seems wildly insecure to me.
Also, for my previous project I assumed users could usually find a server run by someone they trust, but we found this doesn’t happen, and people were using untrusted servers anyway. Our target user base was activists and other vulnerable communities in censored countries, who are likely to be targets of surveillance by actors who can afford to run malicious servers. So for such a user base, I do think it would be much safer to have a system that doesn’t require trust of the servers. But it’s not just for them-- I would like to see security baked in to the infrastructure, so it protects everybody by default, and users don’t have to think about it.
This doesn’t even touch on metadata security (e.g. who all your friends are), which is important but is probably incompatible with AP.
I’m all for adding native E2EE to Direct posts in the fediverse, and to group posts so that private groups are possible. But groups are a beta feature in the 'verse, and E2EE implementations haven’t even begun yet. Even at my most optimistic, I can see it being years before all of this reaches a stable 1.0 state where it could be trusted by…
After living in China, and especially after spending time in Hong King, finding robust solutions for people in these situations is an even higher priority for me. But it’s critical to remember that the Adversaries in this context are very powerful and absurdly well-funded. People’s freedom - and even their lives - can depend on the software they use consistently keeping its security promises.
Sure, that’s the use case I was addressing when I said;
BTW I agree with your points on server trust, and my apologies for replying out of context. The idea that hosting your own server is a viable replacement for E2EE is a hangover from non-federated groupware (eg Crabgrass).
I’m all for adding native E2EE to Direct posts in the fediverse, and to group posts so that private groups are possible. But groups are a beta feature in the 'verse, and E2EE implementations haven’t even begun yet. Even at my most optimistic, I can see it being years before all of this reaches a stable 1.0 state where it could be trusted
That may be, but if we put it off it will take even longer. I think it’s worth considering group e2ee as the protocols are being designed.
After living in China, and especially after spending time in Hong King, finding robust solutions for people in these situations is an even higher priority for me. But it’s critical to remember that the Adversaries in this context are very powerful and absurdly well-funded. People’s freedom - and even their lives - can depend on the software they use consistently keeping its security promises.
Yes, I understand that well from my work, thus my desire to make the fediverse more secure. It’s also why I wish we had metadata security. People will use / are using the fediverse even if it’s not secure, so we should make it as secure as possible, right? And educate people in the ways it’s not secure.
I agree with everything you say here, especially your point on factoring E2EE into the design of AP groups. But for the sake of clarity…
Agreed. But while adding E2EE makes a comms platform more private, it doesn’t automatically make it more secure, for two reason. One, it adds a huge new attack surface, in which security flaws are only going to be visible to a smaller group of skilled encryption practitioners. Two, it adds an assumption of greater security, which encourages people to drop the security practices they’d use in a plaintext medium. Which is why you’re right that persistent user education about all this is key.
Glad to be here.
|