Make DMs end-to-end encrypted

[CalAlaera]

Requirements

• Is this a feature request? For questions or discussions use https://lemmy.ml/c/lemmy_support
• Did you check to see if this issue already exists?
• Is this only a feature request? Do not put multiple feature requests in one issue.
• Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.

Is your proposal related to a problem?

DMs are a useful tool but they are not in any way secure. This makes it necessary to use an alternative method of communication.

Describe the solution you'd like.

Direct Messages within Lemmy to be end-to-end encrypted.

Describe alternatives you've considered.

There are, of course, secure messengers. Matrix (sometimes known as Element) is a fine choice. However, the process of making use of it involves leaving the platform, creating and maintaining an account on a different service, and messages are in no way integrated with Lemmy.

Additional context

Secure messages federating across servers would be an amazing feature that would further draw users to the platform.

[dullbananas]

Maybe this should also be done with saved posts and drafts

[cperrin88]

This would break DMs with all instances that are not Lemmy. How would you handle that?

Apart from that it would be really hard to create a trustworthy E2E encryption. It might lead to a sense of false security if we don't have the resources to create a truly secure implementation.

I personally would not go that route and instead try to find a way to educate users that DMs are not a secure channel.

[trymeouteh]

Adding E2EE to the private messenger would be good for privacy. I do not expect much else in the private messenger since users can always use Matrix. However an simple encrypted private messenger built into Lemmy will allow Lemmy users to send and receive messages without needing to create or link their Matrix account.

[jeroenhd]

Lemmy already has a field for a Matrix username in the profile settings for secure messaging through different platforms.

Optionally adding a lightweight Matrix frontend such as Hydrogen to the Lemmy frontend could be used to add secure communications to Lemmy users who filled out that field, and possibly alternative servers if they choose to add the necessary JSON to their actor representations. Such a frontend wouldn't need to support all Matrix features such as VoIP/widgets/online status.

This would come with some challenges (i.e. the need to backfill ActivityPub style unsecured messages, dealing with changing Matrix IDs, good UX for encrypted messengers) but it would also allow for opportunities (i.e. adding an optional Reddit-style chat box to communities).

Obviously you would need to add a fallback for other servers, but you can keep the existing UI as long as you make sure the difference between the secure messenger and the fallback messenger are clear.

[lionirdeadman]

Optionally adding a lightweight Matrix frontend such as Hydrogen to the Lemmy frontend could be used to add secure communications to Lemmy users who filled out that field, and possibly alternative servers if they choose to add the necessary JSON to their actor representations. Such a frontend wouldn't need to support all Matrix features such as VoIP/widgets/online status.

This would require a full matrix server... I think that's a bit out of scope

[Nutomic]

This is out of scope for Lemmy

[trymeouteh]

w3c/activitypub#449

[trymeouteh]

swicg/activitypub-e2ee#29

https://github.com/swicg/activitypub-e2ee/

[dessalines]

If someone is willing to implement it, we can re-open.