I really want a Facebook (the old Facebook timeline) replacement, but end-to-end encrypted, and decentralised so there’s longevity.
Edit for clarity: I’m looking for a way to share things online, end-to-end encrypted to a wide-audience that knows you but doesn’t necessarily know each other.
This is why messaging apps don’t fulfil this requirement, and chat rooms (like Matrix) also don’t fit.
I love Lemmy, I like the idea of Mastodon (twitter-like sites just aren’t my thing. ActivityPub rocks. However, none of them are encrypted.
PixelFed is neato, but I don’t plan sharing my personal photos with the whole of the internet, which seems to be the only choice with ActivityPub.
Signal and other encrypted messaging apps are great, but are for direct messaging. Where are the encrypted social media apps?
Matrix is cool and all, but it’s aimed at groups. Like discord / MS teams replacement.
Someone told me about Futo Circles, which seems to tick all the boxes and built on top of Matrix, but it’s currently abandoned.
Are there any other alternatives? My wallet is open, I would very much like to use such an app. I am no programmer, so sadly cannot take on the mantle of continuing the Futo Circles project.
You must log in or # to comment.
I personally don’t see the value add of e2e encryption to public posts in a federated social media.
DMS are the only place I could see it being beneficial.
Not public posts, rather posts to anyone who you have added. Similar to Facebook
I’m happy with Lemmy and Mastodon as is as it’s a different purpose.
You are looking for https://movim.eu/
Appreciate you taking the time to reply, but this isn’t what I’m looking for
At least I couldn’t find any mention of end-to-end encryption outside messaging.
And it doesn’t appear to be timeline (i.e. you post and anyone who you’ve connected with can see it), it’s fully public blogs, private (but no mention of e2ee) chatrooms, and videoconferencing.
It’s built on XMPP. XMPP provides direct and group (room) communications. If you set up OMEMO, any message you send will be encrypted and only visible to the recipient(s).
What you are calling “timeline” is equivalent to what they are calling “blog”, the concept is the same: sorted feed of events which are published to network.
Are the blogs end-to-end encrypted? It seemed to imply that they are public.
Futo Circles describes what I’m after well: “a good way to share things with lots of people who don’t all know each other, but they all know you.”
This is where going a group is not what I’m after, as that’s what Matrix would be good for.
This is where going a group is not what I’m after, as that’s what Matrix would be good for.
A XMPP room and a Matrix group are equivalent. You can, e.g, create a room, set it to “private” and only add the people you want to see your content.
As a matter of fact, I think you could have what you want even with a basic matrix client. This is actually what I do with my family: I didn’t want to share pictures of my kids on Facebook, so I created a “Family” group and we use to talk and share pictures.
Yes, I’m saying Matrix doesn’t satisfy my requirements of what I’m looking for, sadly :/
And I’m saying that your “end-to-end encryption” and “public timeline” requirements are conflicting. If you want e2ee, you will have to manage the rooms yourself. You can bet that even if you tried the Futo Circles client, you would still have to manage “who-can-access-what”, which implies that the room/group abstraction is still there.
There’s nothing conflicting about it. It’s not a public timeline, it’s “public” only to people you’ve added, no one else, including the server that would host your content.
Basically old Facebook (sharing just to your friends), without the spying, is what I’m asking for.
You would manage who can access what, by allowing/not allowing people to follow you
It’s not a group abstraction, at least for the user, since you’re not asking everyone to join the same group, and see each other’s content. Only yours, and in turn theirs.
Matrix is basically a group chat with bells and whistles, which is really nice, but isn’t what I’m looking for.
No they are not end to end encrypted, but you can restrict access to subscribers only and if you self-host it, e2ee isn’t really needed.
if you self-host it
This is antithetical to mass adoption if to get end-to-end encryption you need to self host :/
I’m not saying the service you’ve shared is bad, just it’s not what I’m looking for
XMPP is a tried and tested e2ee standard.
There is mention of e2ee voice and video chat on the site.
This service seems very fully featured, and I can’t quite tell from reading if it does support what I’m looking for, so I’ll just have to give it a try!
Thanks for sharing it :)
The closest you’d get would be with Hubzilla or (streams). Or Forte if it wasn’t experimental with no public instances yet. They even have file spaces with WebDAV on which you can upload files and then define who is permitted to see/access these files or the folders they’re in.
However:
What you want isn’t their default M.O. You’ll have to get used to and think yourself into something with a learning curve that’s even steeper than Friendica’s. You’ll have to learn and understand the permissions system, including giving nobody permission to see your connections. Ideally, all your connections would have to be smart enough to know how to to hide being connected to you from the public and to actually do so.
Encryption is optional and “uninstalled” by default for everyone, and it isn’t even available on all server instances (it’s up to the admin to activate that add-on, and then the user has to activate it, too). Also, it uses passphrases and not automatically generated key pairs.
Finally, if you insist in using it with a mobile app, you’re completely out of luck. It’s browser or PWA for all of them.
Hubzilla looks interesting, I’ll give it a go, thanks!
For end to end encrypted photo sharing there are these two open source projects that also offer a for pay cloud storage:
The only Fediverse project that offers optional e2ee messages is Hubzilla afaik.
Yeah I’ve seen these photo storage apps, they are neato but not what I’m looking for unfortunately, and I already use Signal for e2ee messaging
Really wish Futo Circles wasn’t abandoned :(
I’m surprised that you are ignoring the XMPP alternatives…
Doesn’t seem to be what they are asking for, but I am also a bit confused about what exactly they are asking for.
A way to share things online, end-to-end encrypted to a wide-audience that knows you but doesn’t necessarily know each other.
This is why messaging apps don’t fulfil this requirement, and chat rooms (like Matrix) also don’t fit.
Pixelfed dev was working on such app, named Sup, but it’s not available anywhere for now as the focus is on pixelfed and Loops for the moment.
Oh neato, thanks for sharing. Hope some other kind soul takes it up (and takes my donation money :3)
With Friendica you have a picture gallery and can set for each picture whether it should be public or private; same with calendars. However, I can’t say how private it will be from a technical point. You can also define contact circles.
Here on the Features list it says “Privacy with military encryption” but I don’t know what that refers to exactly.
The direct messages are definitely more private than with Mastodon (they don’t work with Mastodon). Sharkey / Misskey also have some.
Here is a good video introduction to Friendica : https://peertube.stream/w/p/1e4ebc30-d582-4067-97d8-3de59bdaf330?playlistPosition=1
Yeah I considered Friendica, but I believe it’s not end-to-end encrypted :/
Thanks though!
Hubzilla certainly has the most options for privacy. But it is ‘not perfect’. More detailed here (in German):
"Full disclosure: The encryption that hubzilla uses by default is not absolutely watertight. There are known methods to circumvent it. However, this is very time-consuming and has to be done individually for each channel. And to be clear: Other services store your messages in plain text, so we see this approach as a significant improvement for your privacy. Furthermore, you are always free to use additional encryption and password protection if you wish. To explain this in more detail:
- each channel has its own key pair
- every non-public post is automatically encrypted
- optional password protection for content via crypto javascript, browser-to-browser encryption (must be enabled in settings) Full disclosure: A malicious hub administrator could inject malicious javascript code (e.g. keylogging capabilities) into the code. Encrypt our data with GPG, become a hub administrator yourself, or use other means of communication if that bothers you.
So what is the scope of security? To put it bluntly, it may be great, but it’s not perfect."
I’m gonna investigate hubzilla further, cheers friend!
