cross-posted from: https://lemmy.ml/post/1874605
A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.
Lemmy promotes using Matrix, which is a separate service, so instance admins don’t need to be in the business of hosting private conversations.
Matrix is end-to-end encrypted so even the admins of your Matrix server could not provide your chats to law enforcement.
I wish Lemmy was as well. Ah well.
It’s not really possible as long as Lemmy is a website. E2EE works on Matrix because it’s an app, and therefore it can manage your encryption keys in ways a browser cannot do for you. (You can save things in the client, but not in a reliable enough way for something like the master key for every communication you ever had that if you lose you get locked out of all your chat history.) In the case of Lemmy, the signing keys for your federated actions are handled by the server, which is perfectly fine for 99% of what you use Lemmy for (public posts and comments), but it also means that even if they implemented E2EE for chats, the keys to decrypt the convo would be right on the same server.
That’s why Lemmy actively pushes you to set up a Matrix account, because Matrix makes better tradeoffs for the purposes of messaging, while Lemmy’s tradeoffs are more relevant to a link aggregator style social media.
Matrix is also a website and you don’t need an app to use it. The first time I used Matrix, I didn’t use an app, I merely signed in on a browser window (in my case, Mozilla’s instance). I first signed up on my work laptop, then later signed in on my desktop and had to confirm the new account on my laptop before my desktop would work with the same account.
The more devices it’s on the better, but it’s totally usable with just one web client. I now also have the phone app, but I didn’t at first.
If Matrix can do that, lemmy can as well. It would probably degrade the user experience because you’d need a decryption step for every post and comment you load (just like loading a new Matrix room), but it is technically possible.
I’m not necessarily asking for every comment to be encrypted, I just think it would be a good idea for DMs to be encrypted using keys the admin doesn’t have access to. It would be cool for communities to allow encryption as an option as well (i.e. all posts and comments would be E2E encrypted to all members, and not viewable unless you join), but it shouldn’t be the default everywhere.