Privacy

32784 readers

886 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Can a mashup of Fediverse and Signal protocols be used to create a truly federated yet secure e-mailing service? (lemmy.world)

submitted 1 day ago by Maroon@lemmy.world to c/privacy@lemmy.ml

5 comments fedilink hide all child comments

I'm sure those who have run and maintained a mail server, and cryptologists, would probably want to throw something at me for spouting crap, but please bear with me.

Firstly, the Fediverse appealed to me because I knew it was the true answer to these centralised social media platforms. But the problem is that cross server encryption is difficult. For example, I hear that Mastodon servers cannot federate with each other properly if end-to-end encryption was rigorously implemented.

Secondly, there are EU laws that are proposing that messenger services should be interoperable. So in theory, Signal users can chat with WhatsApp user and Telegram users. They say it is possible with open protocols and API tooling.

So together, I wanted to know if this was possible for email. I know that some of the ancient protocols (in computing timelines) don't lend themselves very well for the hostile encryption heavy requirements of the modern internet, but I think it is possible to envision an grassroots alternative.

Am I completely missing something super critical? or are there already federated, end-to-end encrypted emailing services that can be easily spun up?

top 5 comments

sorted by: hot top controversial new old

[–] mox@lemmy.sdf.org 10 points 1 day ago* (last edited 1 day ago)

Signal is fundamentally centralised. It's not going to become a distributed system like the fediverse, because the protocol's design doesn't work that way. (Also, its maintainers haven't shown any interest in adopting that approach.)

If e2ee email is really what you want, you can already have it with PGP. Various email clients exist that make using PGP possible for a mortal. Good luck getting many of your contacts to use it.

If you also want modern encryption guarantees, like forward secrecy, then consider Matrix instead of email. It already does e2ee and is already decentralised.

[–] MangoPenguin@lemmy.blahaj.zone 10 points 1 day ago

Email is already federated and can be end to end encrypted with various methods.

[–] UnfortunateShort@lemmy.world 6 points 1 day ago

You know there is Matrix, right?

[–] JubilantJaguar@lemmy.world 6 points 1 day ago

DeltaChat is an E2EE messaging app that runs over email infrastructure. But it's a clever fix more than a real solution.

In theory, as I understand it, the anointed future solution to this whole conundrum is still Matrix.

[–] GravitySpoiled@lemmy.ml 3 points 1 day ago

Sound like some sort of xy-problem here.

There is encrypted email, look into tuta or proton. It's just that "no" (I just don't know any) other service implemented their encryption standard. But it is there. People would just need to use it.

Moreover, matrix is encrypted and federated.