

21·
3 days agoYour instance admin subtitutes the public key in your profile with one they control.
How do you stop this?
Like, half the point of E2EE for DMs is to prevent instance admins from seeing what your messages say. The other half is to prevent instance admins from being able to surrender anything useful to government subpoenas.


How much do you know about cryptography?
I’ve written tons about why this approach was taken, but it might be inaccessible to someone with limited knowledge of modern cryptography protocol design. (Authenticated encryption, forward secrecy, context commitment, etc.)
This was my earliest blog post on the topic, if you want a place to start.