this post was submitted on 20 Aug 2023
129 points (97.8% liked)

Privacy

31997 readers
802 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 37 points 1 year ago (1 children)

DMs on the fediverse (and Lemmy) are posts with a specific visibility that marks them as DMs. They are sent like any other posts, so there's no encryption and instance admins could in theory read them in the database.

[–] [email protected] 13 points 1 year ago* (last edited 1 year ago) (1 children)

Not in theory, in practice, but this is not high need feature.

If you need to keep your sexting private, use another platform. If you have a exhibition fetish, go ahead.

As a coder I can say that e2e encryption is pain in the ass, key generation and exchanging, complex and annoying to do.

[–] [email protected] 4 points 1 year ago (2 children)

e2e encryption is pain in the ass, key generation and exchanging, complex and annoying to do

No, no it's not.

Yes, it's more complex than sending plaintext. But for starters it'd be extremely simple to generate a keypair for every user and publish the public key with their profile. When sending DMs you'd use this public key to encrypt the message.

As for storing the private key you could encrypt it with (a derivative of) the user's password, and store it decrypted possibly just in the user's browser.

This simple measure would prevent simple ways of reading the DMs, though obviously you still need to trust that your instance admins are actually serving you the code they claim they do. But it'd definitely prevent "accidental" misuse.

[–] [email protected] 14 points 1 year ago (2 children)

As for storing the private key you could encrypt it with (a derivative of) the user’s password

And now every time a user forgets their password and does password recovery, they lose all their DMs.

E2EE chat is a difficult problem.

[–] [email protected] 2 points 1 year ago

That's a feature not a bug!
Actually, users should not be required to trust the browser storage or in-app key generation, but be enabled to enter their own pgp key.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I mean you could just store it encrypted in the database for the basics, and for advanced users allow them to back it up.

There are tons of ways to improve it, but there is definitely way more you can do without much inconvenience to the users. I doubt losing old DMs is a huge issue when you forget your password...

[–] [email protected] 1 points 1 year ago

Fediverse adds level of complexity on it, like you mention.

Malicious Lemmy instance could man-in-the-middle by providing it's public key in behalf of the user in other side. Normally this can be mitigated by CA, but CA doesn't fit very well in decentralized system.

You could add AES with users own password, but problem is that same malicious instance could also steal users password.

IMHO false sense of privacy is worst than knowing that stuff is unsecure. Again in my opinion fediverse is comparable to yelling in town square.