Eric Moritz (he/him) is a user on social.coop. You can follow them or interact with them if you have an account anywhere in the fediverse.
Eric Moritz (he/him) @ericmoritz

Is there a social network that encrypts posts so that only the people in your network can read them. i.e. not even the admins of the server can read them.

For instance, if I wanted to run a private Mastodon instance for friends, I could read their PMs. Basically I want a social network where friends exchange keys and posts are encrypted between us. Surely this isn't a new idea.

Ooo. This maybe what is needed to build that. The properties described in the background are perfect for storing encrypted federated social network posts.

@ericmoritz Not only isn't this new, library support is stellar these days; most major languages have bindings to NaCl, which makes it really easy to make keys, encrypt, decrypt, etc: offers clear threat models and makes it hard to screw up. It's never been easier to do crypto correctly.

@cathal Yeah, I am aware of NaCL. What I was wondering about is if there was a social network that was entirely private. A copy of your post is encrypted for each friend and only that friend can read the post. Making it impossible for a 3rd party to use that data.

@cathal If that doesn't exist. I'm curious if something like that can be built on the foundation of matrix. Using matrix as a way to replicate encrypted posts to friends.

@cathal If privacy is the goal, maybe social networks are not the appropriate tool. Perhaps an Asynchronous End-To-End encrypted chat platform is more appropriate.

@ericmoritz have you looked at Secure Scuttlebutt? I'm not sure that functionality is currently available yet, but IIRC e2ee group messages are planned and can now send e2ee messages to one recipient.

This podcast has an overview. Its a bit old but I think most stuff is still correct/relevant.

Oktahedron: OH004 – Secure Scuttlebutt oktahedron.diskordia.org/?podc

@dazinism @ericmoritz I've been working up a design for such a network. Basic version would just use a shared file server (S3, WebDAV, FTP for crying out loud) and clients would upload and download encrypted posts, metadata, and indices. More advanced version would actually involve an application server for low latency, more advanced features, etc.

@varx
Yeah, if designed well the delivery infrastructure could be anything.

If all messages are encrypted for only the receiver to read they could be placed onto IPFS or something else public.

The biggest challenge I see is hiding the sender and receiver metadata for privacy reasons.
@dazinism

@ericmoritz @dazinism There's other metadata to consider when shuttling encrypted stuff around, even besides the server owner's view. For example, if you have a single index of posts, a technically savvy friend may notice that they can't access many of the posts. They must be off of some of your filters! Or if you have one index per friend, named by their public key hash, they can see that their index file is smaller or larger than your other friends' index files. Possibly drama source. >_>

@ericmoritz @dazinism But even without the spectre of metadata analysis for surveillance or social intrigue purposes, there's the simple matter that the hardest encrypted file to crack is the one you can't access.

So ideally you'd have encryption + access control: Each index file also requires a (static?) access token conveyed in the URL, possibly like https:// alice-token @ some server .net / username / indexes / alice-pubkey

That could be done by configuring existing server software.

@ericmoritz @dazinism If you're interested in pursuing this idea, I've been writing down goals and implementation ideas as well as just starting to build out an exploratory client. Let me know if you're interested in contributing to the design discussion or playing with the client.

(I suspect an application server is inevitable, by the way, but it would still only pass around encrypted blobs.)