The creator of Pixelfed announced an upcoming encrypted messenger for the fediverse that will work across the fediverse - eviltoast

It will be open source, end to end encrypted using Signal’s double ratchet encryption protocol, and he plans to make it easy for fediverse platforms to integrate it. The beta will release later this month.

He’s also the creator of https://fedidb.org btw

  • XaeroDegreaz@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Hm… If they’re not being stored on the cloud, that means offline users would never receive messages, unless Signal is purely P2P. I haven’t looked at the project, or the source, but I find it hard to believe – you can’t really do user lookups without some sort of middleware in the cloud.

    • ᗪᗩᗰᑎ@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You’re right, Signal is not P2P. The way Signals messaging pipeline works is like this - note I’m oversimplifying it for accessibility.


      Sending a message to Bob

      1. You press Send.
      2. The message is encrypted on your device with a key that can only be unlocked by Bob.
      3. The message is then “sealed” so that there’s only a “deliver to” field visible (not a “from”).
      4. The “deliver to” field is addressed with a hashed/salted label for Bob - this means Signal’s server can see its a unique user, but not what their name is.
      5. The message is finally sent to Signal’s servers.
      6. Your message sits on Signals servers until it can be delivered to the intended recipient.

      you can’t really do user lookups without some sort of middleware in the cloud.

      See their blog post about Private Contact Discovery, they’ve spent a long time figuring out how to engineer a method to know as little as possible about you.

    • dinckel@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      All the data they have on any specific user is the account creation date, and the last online timestamp. They’ve already done loops around this topic in the DOJ.

      And I thought it should be obvious that an online service doesn’t work if you’re offline

      • XaeroDegreaz@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yeah, but messengers, such as WhatsApp for instance, will send you missed messages once you’re back online. That’s what I was referring to.