Bonfire and Ben Pate’s Emisaary (which powers Bandwagon) are the first two to implement.
I‘m not sure how this is handled in other places but since the Fediverse is a public forum I think you wouldn‘t have any rights to privacy on your Fediverse account in Germany. Any instance hosted there would likely still need to access your DMs if authorities order them to.
Still neat, though!
I thought Germany was cool. 🫤 Considering Tuta is based there.
Direct link: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/
And as you might guess from the actual title, this is about user-to-user messages. I’m not sure how useful this is, because a thoroughly secure implementation is unlikely. A server operator could easily MITM your messages, if you don’t establish trust through a separate trusted channel.
Thank you. Exhausted and posted the wrong link. Appreciate it.
ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.
But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.
Is E2EE end to end encryption?
Yes!
Kind of strange that they abbriviated “to” with “2”.
Even stranger that I still got it right. Unless you’re messing with me. In which case, fair play. I’m totally clueless sometimes.
It’s a fairly common thing when it comes to abbreviations. B2B, B2C immediately come to mind.
And, to top it off - don’t beat yourself too hard. You’re one of today’s lucky ten thousand!
There is even an IANA RFC for three-letter acronyms (TLAs) (RFC5513), which says:
"For our usage, we also allow digits within a TLA. Thus, P2P is an
acronym meaning Purchase to Pay [URL-P2P]. The digits 2 and 4 are
specially used by clever people who have noticed that, when spoken,
they sound like the words ‘to’ and ‘for’. Whether this is helpful
may be left as an exercise for the user considering the brief
conversation, below.A - Do you use the Internet Streams Protocol?
B - Yes. Do you use ST, too?
A - No, I use ST2.
B - That’s interesting. C uses ST2, too.
A - I have a car horn application called Toot-toot.
B - Really? Do you use ST2 to Toot-toot, too?"
So this will apply to shitjustworks as well?
I think shitjustworks is Lemmy or Piefed. So those apps could implement encryption and then yup!
