LemmyNet / lemmy

🐀 A link aggregator and forum for the fediverse
https://join-lemmy.org
GNU Affero General Public License v3.0
13.28k stars 884 forks source link

Make DMs end-to-end encrypted #3319

Closed CalAlaera closed 1 year ago

CalAlaera commented 1 year ago

Requirements

Is your proposal related to a problem?

DMs are a useful tool but they are not in any way secure. This makes it necessary to use an alternative method of communication.

Describe the solution you'd like.

Direct Messages within Lemmy to be end-to-end encrypted.

Describe alternatives you've considered.

There are, of course, secure messengers. Matrix (sometimes known as Element) is a fine choice. However, the process of making use of it involves leaving the platform, creating and maintaining an account on a different service, and messages are in no way integrated with Lemmy.

Additional context

Secure messages federating across servers would be an amazing feature that would further draw users to the platform.

dullbananas commented 1 year ago

Maybe this should also be done with saved posts and drafts

cperrin88 commented 1 year ago

This would break DMs with all instances that are not Lemmy. How would you handle that?

Apart from that it would be really hard to create a trustworthy E2E encryption. It might lead to a sense of false security if we don't have the resources to create a truly secure implementation.

I personally would not go that route and instead try to find a way to educate users that DMs are not a secure channel.

trymeouteh commented 1 year ago

Adding E2EE to the private messenger would be good for privacy. I do not expect much else in the private messenger since users can always use Matrix. However an simple encrypted private messenger built into Lemmy will allow Lemmy users to send and receive messages without needing to create or link their Matrix account.

jeroenhd commented 1 year ago

Lemmy already has a field for a Matrix username in the profile settings for secure messaging through different platforms.

Optionally adding a lightweight Matrix frontend such as Hydrogen to the Lemmy frontend could be used to add secure communications to Lemmy users who filled out that field, and possibly alternative servers if they choose to add the necessary JSON to their actor representations. Such a frontend wouldn't need to support all Matrix features such as VoIP/widgets/online status.

This would come with some challenges (i.e. the need to backfill ActivityPub style unsecured messages, dealing with changing Matrix IDs, good UX for encrypted messengers) but it would also allow for opportunities (i.e. adding an optional Reddit-style chat box to communities).

Obviously you would need to add a fallback for other servers, but you can keep the existing UI as long as you make sure the difference between the secure messenger and the fallback messenger are clear.

lionirdeadman commented 1 year ago

Optionally adding a lightweight Matrix frontend such as Hydrogen to the Lemmy frontend could be used to add secure communications to Lemmy users who filled out that field, and possibly alternative servers if they choose to add the necessary JSON to their actor representations. Such a frontend wouldn't need to support all Matrix features such as VoIP/widgets/online status.

This would require a full matrix server... I think that's a bit out of scope

Nutomic commented 1 year ago

This is out of scope for Lemmy

trymeouteh commented 4 months ago

https://github.com/w3c/activitypub/issues/449

trymeouteh commented 4 months ago

https://github.com/swicg/activitypub-e2ee/issues/29

https://github.com/swicg/activitypub-e2ee/

dessalines commented 4 months ago

If someone is willing to implement it, we can re-open.