Adding #e2ee to DMs on the fediverse sounds relatively simple, but is actually more complicated than I initially thought.
A property for a public key could be added to the object contains info about a user (name, pfp, inbox, etc).
This public key can then be used to encrypt the contents of a message/note, except for the recipient.
The remote server will still be able to see what server the message came from and who the message is for.
The recipient's client then needs to decrypt this message, but where is the decryption key stored?
Perhaps it can be stored on the server encrypted using the user's password?
Upon logging in, the encrypted decryption key would be sent to the user.
This wouldn't actually work, a server admin can always modify the server code to log passwords.
Encryption would have to be implemented client side separately.
The private key can't be stored on the server securely. The user needs a way to create a key pair, then send the public key to the server and store the private key.
On browsers this would require JavaScript that needs to be downloaded from the server, which can be modified to add a backdoor. On apps this would work a lot better.
But when a user just installed a new app/client, they won't be able to see their older DMs.
The only realistic way of implementing this is as an extension to the mastodon api, it's too easy to backdoor on browsers by either server admins, malicious browser plugins or network admins.
Add comment