Some fantastic news in Mastodon development land that nobody besides me probably cares about is that we're finally dropping all the never-really-used E2EE code, in favour of the SWICG E2EE Taskforce's work & other projects.
-
@thisismissem Thank you for your work and efforts on Mastodon!
-
@miah this time I'm not the one that's done the bulk of the work here, I just strongly advocated for this.
-
@thisismissem I still greatly appreciate your efforts, even if they were minimal!
-
@thisismissem +25,-1,347 is good work! Nice!
-
@lyda yeah, there was a lot of code added for a feature never truly complete. The main problem was, afaik, the classic "where does the key material come from?"
For all intents and purposes, your Mastodon server knows your password (even though it's stored hashed in the database), so it can't be used to derive key encryption keys, unlike in systems like Proton and 1password, where they don't actually know your password thanks to SRP6a
-
@thisismissem Currently doing a work merge request that's +2,557,-119,081 so I'm a big fan of folks doing cleanup work!
-
@lyda wowzers! That's a big one!
-
Emelia πΈπ»replied to Emelia πΈπ» last edited by
@evan also, Mastodon just removed it's partial implementation of E2EE instead wanting to use the output of the taskforce in the future. (icymi)
-
Michael Stancliftreplied to Emelia πΈπ» last edited by
@thisismissem I care, Emelia, I care.
-
Emelia πΈπ»replied to Michael Stanclift last edited by [email protected]
@vmstan this was something I was advocating for ages for, but as it's just tech debt clean up, it wasn't really something most would care about (I'd assume)
Like I've posts in discord from July and February about this