Home Projects Blog Contact

For the love of god, don't bother with end-to-end encrypted DMs for the Fediverse

Published

Tags: rant technology programming fediverse

So, I am extremely out of date for this kind of conversation, this topic reached its peak in 2022, and I kept my mouth shut for its entirety. Now that the roaring waves of discourse have calmed down into neat tides, I’ll shout why I think end to end encrypted direct messages should never be adopted for the Fediverse.

I remember shortly after Elon Musk bought out Ex-Twitter, that there were tons of people migrating to Mastoodn, Pleroma and other platforms. One of the pain spots about this migration, besides the lack of an algorithm1, was the fact that people were surprised to hear their instance administrator could read their direct messages to other users.

People demanded encrypted messages! But I am here to argue that this is something we, all of us, should NEVER consider. I am prepared for the wave of people to call me a fed but I think this is one the thing we should never, ever do.

Is this even a problem worth fixing?

Most (all?) Fediverse software stores direct messages between two individuals as simple unencrypted posts2. This does mean that the owners of the instance you’re using can read your messages, even if they’re tagged as “private”. “Private” on the Fediverse means hidden out of public view, but it’ll always be accessible in some way.

Most people are afraid that their instance administrator will comb through their message history and track them or creepily read their messages with other users. Which only shows that people are irrationally afraid of their administrator, and I don’t understand why? Like yes, they can read messages but the administrator of my instance is a human being, they don’t have time to creepily read DMs or do whatever else you imagine them to do.

I think actually direct messages are less private on a commercial platform such as Twitter, where there is a lot of incentive for actually harvesting your messages to tailor advertising to it. On the Fediverse, there’s no such commercial incentive3. And beyond that, you can always just message people to let them discuss on a different, actually encrypted platform.

Yeah! You don’t need encrypted messages if you just let people know “We ought to move this conversation to Signal”, so no! This is not a real problem worth fixing! But sadly, people are lazy, and they want to cram such a complex feature to satiate such a needless craving. So let’s actually talk about what fixing this problem would take.

Alright, let’s assume that this is a problem worth fixing (even though it isn’t)

The question then becomes, what will be the sacrifice?

I am nowhere near qualified to talk about this topic but cryptography is a pain, small minute details such as timing differences and how much electricity is used can reveal information that was otherwise meant to be hidden4. End-to-end encryption is a massive Rube Goldberg machine that sacrifices user convenience for privacy, and I am not convinced we really should let this machine infiltrate every single Fediverse implementation.

And yes! end-to-end encrypted direct messages come at a cost! Technology isn’t magic!

You either have to force a single-device model on people, or you have to sacrifice security to allow multiple devices to read encrypted messages. Again, I am not qualified to explain any of this, and so here’s an article by someone else explaining the various user convenience sacrifices that would have to done to make end-to-end encrypted direct messages a reality5.

Note: The author of that article isn’t exactly opposed to end-to-end encrypted direct messages on the Fediverse, they just advocate for making it difficult to enable. But I advocate not even proposing it in the first place.

There’s too much diversity for a single, secure implementation.

End-to-end encryption will result in one of two realities: Either one where most people run a single, well-tested server program or one where most implementations of end-to-end encryption are insecure. Both scenarios, as you’d imagine, are awful but for different reasons.

Scenario A: Everyone runs horrible, insecure cryptography.

Developers are sloppy, and there are so, so many Fediverse programs out there. I hate pointing out if something is or isn’t impossible, because honestly you never know when you’ll be surprised. But even an optimist like me has to point out that enforcing such a security-sensitive feature across so many implementations is basically impossible.

The likely result will either be a few good implementations (and a dozen non-existent ones), or a dozen of awful implementations (with few good ones).

An awful implementation will be vulnerable to all the weird and subtle attacks on it, such as the timing stuff. But it might also legitimately just have a flaw that leaks keys or god knows what at this point. You really shouldn’t force such a sensitive feature on such a broad spectrum of programmers.

Scenario B: Everyone runs Mastodon.

I need you to understand the concept of Vendor lock-in, the idea that once you gain a significant chunk of the market share, you can choke out competition by locking people out of your ecosystem. The Fediverse is especially fragile to this, the comfortable and integrated UI casts an illusion, that all servers are the same as yours. But in reality, different servers run different programs based on their need, and this kind of diversity is exactly what a lot of us strive for in the Fediverse.

The last thing we need in the Fediverse is more Mastodon servers, and end-to-end encryption is such a huge feature that it’ll basically choke out all implementations. It’s the monopoly move that is guaranteed to kill off independent programs, simply because they can’t afford to securely implement such a sensitive feature. People will flock from niche programs into the mainstream ones that have properly and securely implemented this, which will only rob us of diversity and innovation.

This is the primary reason why I stand against end-to-end encryption at all costs, when you introduce or even propose something so exclusionary, it basically screams that you place pointless gimmicks far above technical diversity. And technical diversity is the one thing that is stopping the Fediverse from just turning into BlueSky, where all conversations are dominated by one company.

I cannot, with all due honesty, ever support a feature so nightmarishly complex such as this one. And I encourage you to also treat end-to-end encryption as a deal-breaker, no matter what.

It’ll only kill independent servers and starve us of the technical diversity we so desperately need. Ses…

  1. Which is a feature, not a bug. We don’t need to fix this either. ↩︎

  2. Yes, literally as “posts”. A lot of Fediverse software just treats direct messages as normal posts, with the only difference being that direct messages have their visibility settings set so that only the recipients and sender can read it. (And also instance administrator, obviously) ↩︎

  3. At least, until Meta decides it’s time to make some… ↩︎

  4. Side note, but if you want to fall down a depressing rabbit hole about how we can’t actually encrypt our messages privately then feel free to look up TEMPEST or “Rubber-hose cryptanalysis” ↩︎

  5. No, they’re not a cryptograper either but they’ve read a couple papers on the topic (or so they claim), I can’t vouch that the cryptography stuff is accurate but I can vouch that the user-experience sacrifices are! Using Matrix and Signal is not the same as using Discord or a plain unencrypted instant messaging platform! There’s a lot more complex stuff involved! ↩︎