I just read this post https://lemmy.world/post/1041399 And I wonder if messages here are end to end encrypted, or readable by admins or semi- public like voting? Thanks

  • TiffyBelle@lemm.ee
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    They are not secure, as it states when you try to DM someone:

    This is the same as any other DM service on any site that isn’t end-to-end encrypted, which are the majority. Nothing sensitive should ever be shared via DM.

  • Dr. JenkemA
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    1 year ago

    As far as I know, they’re readable by admins. So at least right now, if you want to use Lemmy for private communications, you have to do it manually with something like GPG. Hopefully e2e encryption on DMs gets implemented at some point.

    • jax@lemmy.cloudhub.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I highly doubt it will, there are many much better solutions available, and as it says when DM’ing someone, you can you Matrix for e2ee. In fact, there is even an option in the profile settings to provide your Matrix username.

      Implanting e2ee within DMs is massive scope creep and also really difficult to do properly.

      The general rule is basically “never implement your own encryption/security, just use what’s already been implemented by people who actually know encryption/security”.

      • Dr. JenkemA
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I agree it’s not a simple change for sure. Not to mention, the apps/frontend UI would require updates to support entering a password (from which you derive the private key) everytime you go to view DM’s.

        The general rule is basically “never implement your own encryption/security, just use what’s already been implemented by people who actually know encryption/security”.

        Doesn’t this generally refer to the implementation of the cryptographic functions? I’m not suggesting the devs implement GPG from scratch, but rather, use a library that provides a GPG implementation. Just as it would be incredibly unwise to implement your own TLS cryptographic functions for connections to instances, but it’s certainly a good idea to use a library that provides this.

        • jax@lemmy.cloudhub.social
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          I don’t think it’s worth the devs’ time to implement e2ee for DMs, there are lot of other things that need to be fixed first. Not only that, but if it’s implemented in Lemmy, it’d make Lemmy non-interoperable to DM users from other federated platforms such as Mastodon or KBin. Which, I’m not sure works right now, but in theory would be possible.

          Also, yes, that is generally the case.

          • Dr. JenkemA
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Good point on the interoperability issue. While I do still think e2ee is something I’d like to see brought to the fediverse, you bring up a good point that it’s a feature larger then Lemmy itself, possibly something that should be specified in ActivityPub. You’re right, probably no point in the Lemmy devs working on that, at least not until it’s part of ActivityPub or if/when the mastodon devs decide to tackle it.

  • ninjan@lemmy.mildgrim.com
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    DMs aren’t secure but there is a great and tight integration to Matrix such that anyone privacy minded should use that feature. No need for Lemmy to reinvent that wheel.

    • taladar@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Can you elaborate how there is any integration between Lemmy and Matrix? I haven’t noticed any feature related to Matrix in Lemmy so far.

        • taladar@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          I see. I have honestly ignored those “Give us all your other accounts” parts in sign up and profile settings on so many websites for so long I barely even see them any more.

          It is a bit of a surprise to see actual functionality attached to that.

          How does it authenticate you and prevent the instance admin from sending Matrix messages in your name though? Or for that matter, how does it prevent the instance admin from reading your messages before encryption or after decryption?

          • ninjan@lemmy.mildgrim.com
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            It doesn’t go through Lemmy at all, it sends you through Matrix if you chose that option. Just carries in the receiver nothing more. The integration is asking you if you want to send securely when that option is available by both of you having Matrix accounts and told Lemmy about them.

            • taladar@sh.itjust.works
              link
              fedilink
              arrow-up
              0
              ·
              1 year ago

              I see, so it basically generates the Matrix equivalent to a mailto: link?

              Sounds like in that case the worst an admin could do is essentially a downgrade or MITM ttack by blocking or modifying the message that tells you about the Matrix address of the other person or the fact that they have Matrix.

              • ninjan@lemmy.mildgrim.com
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Yeah, but anytime you use an instance on Lemmy you need to trust those admins. With this being open source its fairly trivial to change it for nefarious purposes while still maintaining the core functionality. Changing links to point to whatever. JavaScript changes to steal the password entered (since so many reuse passwords) etc.