out of personal curiosity, would you rather be able to report DMs (like you can currently do) or have them truly secure (readable only by you and their recipients, and not even your respective instance admins, as is currently the case)?



Now that I have fooled you with that poll, I'll say that there are ways to have both E2EE *and* the ability to report messages to the platform (in this case, your admin and the sender's admin)

Facebook does that for Facebook Messenger, they call it “message franking” and their scheme is actually pretty simple and pretty easy to compose with cryptographic protocols.

People have since formalized that protocol and proposed more efficient ones[1], or ones that apply in wider settings[2] (e.g., when “who talks to whom” is also unknwon to the platform prior to reveal). Interesting stuff. Anyway, it's possible.

[1]: eprint.iacr.org/2017/664.pdf
[2]: eprint.iacr.org/2019/565.pdf

Sign in to participate in the conversation
Mastodon (instance perso)

This is a small personal instance running on a couple small ARM servers at home.