Some fantastic news in Mastodon development land that nobody besides me probably cares about is that we're finally dropping all the never-really-used E2EE code, in favour of the SWICG E2EE Taskforce's work & other projects.
-
Some fantastic news in Mastodon development land that nobody besides me probably cares about is that we're finally dropping all the never-really-used E2EE code, in favour of the SWICG E2EE Taskforce's work & other projects.
This was a huge amount of technical debt that was just never really used.
And it's now merged! 馃コ
Remove unused E2EE messaging code by mjankowski 路 Pull Request #31193 路 mastodon/mastodon
Not quite a full revert of #13820 - but close to it. Sort of a first pass which removes the bulk of what I think can safely be removed. There were a few areas where the underlying code changed a bi...
GitHub (github.com)
-
@thisismissem Thank you for your work and efforts on Mastodon!
-
@miah this time I'm not the one that's done the bulk of the work here, I just strongly advocated for this.
-
@thisismissem I still greatly appreciate your efforts, even if they were minimal!
-
@thisismissem +25,-1,347 is good work! Nice!
-
@lyda yeah, there was a lot of code added for a feature never truly complete. The main problem was, afaik, the classic "where does the key material come from?"
For all intents and purposes, your Mastodon server knows your password (even though it's stored hashed in the database), so it can't be used to derive key encryption keys, unlike in systems like Proton and 1password, where they don't actually know your password thanks to SRP6a
-
@thisismissem Currently doing a work merge request that's +2,557,-119,081 so I'm a big fan of folks doing cleanup work!
-
@lyda wowzers! That's a big one!
-
@evan also, Mastodon just removed it's partial implementation of E2EE instead wanting to use the output of the taskforce in the future. (icymi)
-
Michael Stancliftreplied to Emelia 馃懜馃徎 last edited by
@thisismissem I care, Emelia, I care.
-
Emelia 馃懜馃徎replied to Michael Stanclift last edited by [email protected]
@vmstan this was something I was advocating for ages for, but as it's just tech debt clean up, it wasn't really something most would care about (I'd assume)
Like I've posts in discord from July and February about this