i should stress that no development has been made to this since last month and the only recent development was the sole contributor suggesting the idea to the official ActivityPub repo last week.
the contributor proposed sending an E2EE message as follows, using PGP keys that are stored with password encryption on the instance's server:
- It requests the recipents public key
- If there is a recipent public key, it sends the recipents public key to the sender
- If there is a recipient public key, it encrypts the message
- If there is no recipient public key, it will warn the user that this message will send unencrypted and the user can reject sending the message or continue sending the message with encryption.
- The message is sent to the user
currently, fediverse services just use existing E2EE services (Matrix, XAMPP, etc.) and while the demand isn't big i think it would be really convenient. especially as a part of ActivityPub, E2EE messages would work over different fedi services to any fedi account, as opposed to separate, incompatible implementations maintained by each fedi service.
what do you guys think about this idea? cool or no?
edit: btw if you don't know, "private" messaging on fediverse is equivalent to mentioned-only posting, meaning the instance admins can read them as plaintext. this is why Lemmy has a disclaimer warning that your messages aren't private, has a Matrix account field on your profile to securely message with and why virtually no fedi services have tried implementing E2EE encryption