soatok.blog/2026/02/17/c... #Matrix #security #cryptography
17.02.2026 23:48
👍 64
🔁 37
💬 5
📌 2
Invitation cards in front of a notebook with a MLS sticker. AIR • No phone number or email • End-to-end encrypted • No metadata retention • Open-source • Post-quantum secure • Based on Messaging Layer Security (MLS) and open standards • EU-based
We will be at #FOSDEM and will bring something exciting: Invitation codes for the beta phase of @air.ms, our new secure messenger based on MLS! ✨
Hit @julianmair.com up if you’d like to join the beta with your friends.
Invitation cards in front of the ALL CREATURES WELCOME banner AIR • No phone number or email • End-to-end encrypted • No metadata retention • Open-source • Post-quantum secure • Based on Messaging Layer Security (MLS) and open standards • EU-based
We will be at #39C3 and we brought something exciting: Invitation codes for the beta phase of Air, our new secure messenger based on MLS! ✨
Hit us up if you’d like to join the beta with your friends.
You can also follow @air.ms, where we’ll post updates over time.
I think it's a different set of tradeoffs (as is always the case in decentralized environments). So the short answer would be: yes.
We made MLS more decentralized! We are excited to share DMLS that brings fork resilience to the MLS protocol, solving a key challenge in distributed systems while maintaining Forward Secrecy.
This work was made possible by @equalitie.bsky.social, who funded it as part of the Breakout program.
Die Stimmen gegen die #Chatkontrolle werden mehr und lauter. Nun hagelt es deutliche Kritik aus der Wirtschaft. Zudem warnen der Deutsche Journalistenverband und der Anwaltverein vor einer Überwachungsinfrastruktur, die schnell ausgebaut werden könnte.
netzpolitik.org/2025/eu-uebe...
🚨 Der Gesetzentwurf zur #Chatkontrolle sieht vor, dass digitale Kommunikation einschließlich verschlüsselter Nachrichten und Fotos gescannt werden soll.
Wir haben uns an die deutsche Bundesregierung gewandt, sich am 14. Oktober gegen den Gesetzesvorschlag der Chatkontrolle auszusprechen.
LinkedIn annonced that it will use your data to train AI models, and craftily chose to use an opt-out mechanism. Deactivate this in your settings now, of you don’t want to give away your content.
As an ex head of security of an end-to-end encrypting messenger I can relate
www.theguardian.com/technology/2...
Yes. E2EE would be undermined in one way or another.
There's an article making the rounds with the provocative title "MLS: The Naked King of End-to-End Encryption". It needs some rebuttal.
www.poberezkin.com/posts/2025-0...
tl;dr - MLS is fine. This is a misunderstanding about modularity.
Not long ago, someone (who is likely the founder of SimpleX Chat) wrote a blog post about MLS that contained a pretty blatant factual mistake about MLS' authentication, including an alleged lack of security. Thankfully, @soatok.bsky.social took the time to debunk that: soatok.blog/2025/08/25/b...
I had to see for myself
We did a thing. We combined TLS and MLS into a hybrid protocol.
Why? Because sometimes you need connections that last for weeks, quantum-resistant security, or simpler certificates.
The experiment is open-source. Here's the story 👇
We really did do a thing.
We are #hiring a Freelance Junior Product Manager to help us build the next generation of private & secure messaging.
If you’re interested in joining our team, please apply today!
For friends of secure messaging 🥷, please share our post with potential candidates.
Happy to announce that I’ll be speaking at @passthesaltcon.bsky.social on July 2nd!
I’ll discuss end-to-end encryption with MLS, the growing MLS ecosystem, the MIMI IETF working group, and metadata protection.
It’s my first time attending, and I look forward to connecting with the French community!
The idea that you can just “teach computer science” and be apolitical is a beautiful dream that expired in the 2000s, at the latest. Computer science has re-organized every facet of our society: it is inherently political. Instead of taking this idea seriously, we ran from it. Now we live in hell.
It's an informational draft, so I think it cannot use normative language, but adding @mallory.techpolicy.social.ap.brid.gy and @claucece.bsky.social who actually wrote this.
There has been an attempt by Knodel et al to have a more rigorous definition over at the IETF: www.ietf.org/archive/id/d...
Hey Google designers, are we sure about this new layout logo in Google Meet?
The negative space around the boxes reminds me of something.
The MLS Architecture document – the companion document to the MLS Protocol document – is now finally available as RFC 9750:
www.rfc-editor.org/info/rfc9750
And so it begins, BlueSky complies with censorship requests of an authoritarian regime
This might indeed be interesting to inform decisions about the frequency of commits. Our DS design is pretty set already, but it would be interesting to compare the details.
MLS is efficient, but what does that mean in practice?
This paper sheds some light on the question by building a test framework for OpenMLS.
arxiv.org/pdf/2502.18303
… and now it looks like Apple caved, while Google didn’t: www.forbes.com/sites/zakdof...
The SCW podcast team does it again and breaks down a newish, complex and alarming topic into palatable and informative pieces. Excellent questions from @durumcrustulum.com and @dadrian.io expertly answered by @josephhall.org and @matthewdgreen.bsky.social.
Listen to it if you have time!
The latter is exactly what Apple could have done. Signal for example took that stance. And even WhatsApp did, IIRC.
