Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The foundations for E2EE were merged into Mastodon, there's a merged pull request for it elsewhere in this thread.


Go look at that PR and read the details and ask yourself who you have to trust with a list of device keys you're encrypting your dm for.

You might be surprised to discover that you're still trusting an instance admin.

It does improve some things, potentially, in terms of intermediaries being able to read things, but there are a lot of things that are still reliant on trusting your admin, or are outright unclear how they'll work in practice.

That said, I take back that "no one has begun to explain..." - they've begun. But so far they've kinda just thrown some well established protocols at it but not done much to explain how it really helps the "trust your admin" problem.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: