No, that’s like 20% of the blog post. This was a “2025 Retrospective” blog post. I always try to give a fun title to my end-of-year blogs. 2024’s was https://soatok.blog/2024/12/18/the-better-daemons-of-our-profession/

You’re thinking of the wrong admin lol

Until the mods randomly decide to censor you, like they did with my post about tech companies disrespecting user consent.

Oh, fair. I just remember getting a LOT of notifications from both apps. I didn’t check the exact ratio,

why it this separate mechanism needed in the first place?

Because ActivityPub was not designed for E2EE. That’s the simplest answer.

The longer, and more technical answer, is that doing the actual “Encryption” part of E2EE is relatively easy. Key management is much harder.

I initially set out to just do E2EE in 2022, but got roadblocked by the more difficult problem of “which public key does the client trust?”.

It’s a building block to make E2EE possible at Fediverse scale.

I’ve written about this topic pretty extensively: https://soatok.blog/category/technology/open-source/fediverse-e2ee-project/

If you can build in Federated Key Transparency, it’s much easier to reason about “how do I know this public key actually belongs to my friend?” which in turn makes it much easier to get people onboarded with E2EE without major risks.

Thanks. Happy to help! <3

How much can you control the conversation if the entity you are discussing only wants their name published?

It’s not about what they want published. It’s about what they don’t want published.

Sure there will be a few GDPR letters and maybe an inquiry by some regulatory body. Satisfyingly annoying to them, but compared to the cost of an advertising campaign; would this not be just a drop in the bucket.

Advertising campaigns generally don’t include OSINT on the people behind it and evidence of their crimes. How does what I published help them increase their revenue or reduce their costs? Everything is ruled by incentives.

That sort of comment might be true if I had responded with a shallow, emotional response. Something like “how dare these outrageous motherfuckers claim to ‘roast’ my hand-crafted artisanal open source beauty with their AI slop!!”.

I didn’t do that. I sifted through the public information, assembled a profile of the people behind it, discarded the irrelevant details, and used it to describe their conduct as illegal in the country their business is incorporated in, with enough receipts for anyone else who finds their AI grift to leverage to give them immense amounts of legal and compliance pain. And then I released this all on my furry blog with the keywords that other open source developers would likely to try in a search engine if confronted with their same outrageous behavior.

Rather than let my outrage make me a useful idiot, I’ve surveyed the landscape and made sure that I’m controlling the conversation. I’m also keeping the evidence preserved, and not giving them any SEO backlink juice. This all dovetails into how bad their AI is at what it even claimed to be doing.

If any of this plays into their hands, then they’re playing chess on a dimension that the void cannot comprehend, let alone my mortal ass. But I’m willing to wager that the amount of legal anguish my blog post will create for their grift will significantly outweigh any benefit they get from the possible name recognition my blog creates.

Yeah, business children is an apt description.

I honestly don’t see the reason to hope for bluesky to win…

It was explained in detail in the other post, which was linked to in the section that said what you’re referencing.

Yeah, I’ve got a proposal that’s being worked on: https://github.com/soatok/mastodon-e2ee-specification