What do we need to change about how we operate, now that the political environment is darkening?
The overall goals would be to safeguard user identities, ensure communication privacy, and protect against censorship and state surveillance.
User Anonymity and Privacy
- End-to-end encryption: Encrypt all user communications, private messages, and sensitive data
- Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?
- Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.
Data Storage
- Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.
- Ephemeral content: auto-deleting posts, messages, etc after a set period.
- Instance chooser that flags which instances are in unsafe countries.
- Defederate from instances in unsafe countries?
Communities
- Private communities - currently all are public
- Communities where every post is encrypted
- Approval process to join some communities
- Better opsec around instance owners, admins and moderators
What else?


Piefed also doesn’t really fit his description. He wants something more akin to Signal, since that was designed around E2E encryption. Anything that uses ActivityPub is never gonna be able to fit into his idea for security, since it was designed to do the exact opposite and distribute content to basically anyone who asks for it.
Just to clarify, you are aware that OP is the main developer of PieFed?
Chances are that PieFed more or less fits his idea of what he wants, considering that’s what he designed it to do.
Nope, wasn’t aware. Still seems like ActivityPub is the wrong way to go if your priorities include encryption and anonymity.
ActivityPub is absolutely not suited for private communication. I guess you could in theory transfer encrypted content over AP as well, but it’s not what it is designed for and it generally makes little sense for content in a public forum like this. I don’t think anyone thinks otherwise.
This is not what is proposed though. For E2EE, Rimu suggests the following:
So to keep user data encrypted on the server, as well as looking into finding a way to encrypt private messages. I think it’s hard to argue this wouldn’t be at least a minor change for the better, giving instance administrators less insight into the private data of the users (and thereby also making them less vulnerable to law enforcement).
Of course this wouldn’t make PieFed or Lemmy or whatever a good replacement for Signal. It is not supposed to be. It’s a public forum. But it can still do its best to protect the identity of the users in this public forum, even with the inherent limitations of the format.
Maybe, I am not very familiar how activitypub works. Maybe he can work around it.
ActivityPub is how federation is accomplished. You cannot “work around” how the system is fundamentally designed. ActivityPub might get E2E encryption on DMs at some point but the rest is simply not possible if you want to be able to interact with the rest of the Fediverse.
Theoretically in the future PieFed might not be limited to only using ActivityPub, or only using Lemmy-compatible ActivityPub.
Hmm that’s fair. I wasn’t aware of the differences between Piefed and Lemmy when I first made my comments, but I do wish you luck with implementing all this! Piefed seems cool, guess I’ll have to check it out a bit more in depth lol