I just read this post https://lemmy.world/post/1041399 And I wonder if messages here are end to end encrypted, or readable by admins or semi- public like voting? Thanks

  • Dr. Jenkem@lemmy.blugatch.tube
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 year ago

    As far as I know, they’re readable by admins. So at least right now, if you want to use Lemmy for private communications, you have to do it manually with something like GPG. Hopefully e2e encryption on DMs gets implemented at some point.

    • jaxA
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I highly doubt it will, there are many much better solutions available, and as it says when DM’ing someone, you can you Matrix for e2ee. In fact, there is even an option in the profile settings to provide your Matrix username.

      Implanting e2ee within DMs is massive scope creep and also really difficult to do properly.

      The general rule is basically “never implement your own encryption/security, just use what’s already been implemented by people who actually know encryption/security”.

      • Dr. Jenkem@lemmy.blugatch.tube
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I agree it’s not a simple change for sure. Not to mention, the apps/frontend UI would require updates to support entering a password (from which you derive the private key) everytime you go to view DM’s.

        The general rule is basically “never implement your own encryption/security, just use what’s already been implemented by people who actually know encryption/security”.

        Doesn’t this generally refer to the implementation of the cryptographic functions? I’m not suggesting the devs implement GPG from scratch, but rather, use a library that provides a GPG implementation. Just as it would be incredibly unwise to implement your own TLS cryptographic functions for connections to instances, but it’s certainly a good idea to use a library that provides this.

        • jaxA
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I don’t think it’s worth the devs’ time to implement e2ee for DMs, there are lot of other things that need to be fixed first. Not only that, but if it’s implemented in Lemmy, it’d make Lemmy non-interoperable to DM users from other federated platforms such as Mastodon or KBin. Which, I’m not sure works right now, but in theory would be possible.

          Also, yes, that is generally the case.

          • Dr. Jenkem@lemmy.blugatch.tube
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Good point on the interoperability issue. While I do still think e2ee is something I’d like to see brought to the fediverse, you bring up a good point that it’s a feature larger then Lemmy itself, possibly something that should be specified in ActivityPub. You’re right, probably no point in the Lemmy devs working on that, at least not until it’s part of ActivityPub or if/when the mastodon devs decide to tackle it.