The creator of Pixelfed announced an upcoming encrypted messenger for the fediverse that will work across the fediverse (mastodon.social)
from nix@merv.news to technology@lemmy.world on 05 Aug 2023 14:38
https://merv.news/post/82405

It will be open source, end to end encrypted using Signal’s double ratchet encryption protocol, and he plans to make it easy for fediverse platforms to integrate it. The beta will release later this month.

He’s also the creator of fedidb.org btw

#technology

threaded - newest

PineapplePartisan@lemmy.world on 05 Aug 2023 16:57 collapse

I’m not leaving Signal until someone implements keeping data at rest encrypted on both ends and requires multi factor unlock (bio+pin is my choice).

So sick of E2E clients that leave the data in plaintext on the devices and then back it up in plaintext to the cloud.

outdated_belated@lemmy.sdf.org on 05 Aug 2023 19:09 collapse

Does Signal back up in plaintext in the cloud? (If so that doesn’t sound like E2E encryption… unless the ‘ends’ are uh… also constituted as the cloud itself which is… defeating the purpose).

Where do the pub/ private keys live, exactly, tbh. (Assuming it is asymmetric encryption that they use?)

Edit: ah, misread. I thought you said that you were not joining it due to it storing plain text in the cloud.

dinckelman@lemmy.world on 05 Aug 2023 19:14 collapse

Signal doesn’t store any of your chats at all. They’re all on-device by design

XaeroDegreaz@lemmy.world on 06 Aug 2023 10:33 collapse

Hm… If they’re not being stored on the cloud, that means offline users would never receive messages, unless Signal is purely P2P. I haven’t looked at the project, or the source, but I find it hard to believe – you can’t really do user lookups without some sort of middleware in the cloud.

KLISHDFSDF@lemmy.ml on 07 Aug 2023 05:16 collapse

You’re right, Signal is not P2P. The way Signals messaging pipeline works is like this - note I’m oversimplifying it for accessibility.


Sending a message to Bob

  1. You press Send.
  2. The message is encrypted on your device with a key that can only be unlocked by Bob.
  3. The message is then “sealed” so that there’s only a “deliver to” field visible (not a “from”).
  4. The “deliver to” field is addressed with a hashed/salted label for Bob - this means Signal’s server can see its a unique user, but not what their name is.
  5. The message is finally sent to Signal’s servers.
  6. Your message sits on Signals servers until it can be delivered to the intended recipient.

you can’t really do user lookups without some sort of middleware in the cloud.

See their blog post about Private Contact Discovery, they’ve spent a long time figuring out how to engineer a method to know as little as possible about you.

InfiniteStruggle@sh.itjust.works on 17 Feb 2024 15:10 collapse

Thanks for the explanation.