Mastodon to Get E2EE for Private Messages Thanks to Sovereign Tech Fund

Mastodon announced they were awarded a €614k service agreement by the Sovereign Tech Fund to fund the development of new features and improvements, including end-to-end encrypted private messages.

The service agreement covers five major features.

Mastodon will be coordinating with the Social Web Foundation, who were commissioned by the STF to work on their MLS-based E2EE messaging protocol: MLS over ActivityPub.

MLS over ActivityPub is currently a W3C draft and not finalized yet. The ActivityPub E2EE Messaging Task Force at the W3C will work on delivering the final specification.

Mastodon says they will implement support for ActivityPub E2EE “once the ActivityPub E2EE Messaging Task Force at the W3C has delivered a specification, and interoperability is demonstrated.”

The Social Web Foundation is working with two projects to accomplish this: Emissary and Bonfire. These projects will implement the protocol and make sure they can interoperate with one another.

Mastodon estimates the timeline for the work will be during 2027.

With the recent news that Instagram is ending E2EE messaging support, it’s clear that privacy on many social media platforms is not a priority.

TikTok has come out and blatantly said it refuses to E2EE DMs, citing user safety concerns.

Platforms like Snapchat have landed in hot water in the past because they leaked their users data. They supposedly added E2EE in 2019, but there’s no documentation about it. The company doesn’t even seem to acknowledge the feature directly anywhere.

X is coming out with its own E2EE chat feature, but it’s been heavily criticized for its subpar implementation.

An open, interoperable E2EE messaging solution for social media based on open standards like MLS goes a long way toward building confidence that it won’t be suddenly removed and that the implementation has had multiple rounds of scrutiny and will continue to in the future.

MLS is a protocol that has had several implementations already despite being relatively new in the grand scheme of things, probably the most notable of which being in the GSMA’s RCS messaging protocol.

Private messages should actually be private, and this will take Mastodon much closer to actually meeting that promise.