NodeBB

This is how #Holos currently handles #E2EE DMs over #ActivityPub. Holos is a project we develop alongside #Fedilab.

https://holos.social/e2ee

#HolosSocial

@hosford42
Yes, those are the time-to-live values on the relay. If the app hasn't confirmed reception within that period, the activity is dropped. Once the app confirms reception, the activity is immediately deleted from the relay.
These values can be changed by the relay admin and are always displayed on the relay's about page.
@HolosSocial

@rainer
Yes, the app supports scheduled backups via S3 or WebDAV, so your data stays safe even if your device is lost or stolen. We'll also be adding an optional passphrase for encrypted backups soon.
@HolosSocial

We talk about #HolosSocial forgetting some of you might not know this project.
#Holos is a full ActivityPub server running on your device. Currently on Android, next on iOS.
We already introduced #E2EE DMs and #ActivityPub identity through custom domains. You own your followers, your keys, and your identity. Relays are just infrastructure.
On the footer of https://holos.social we added pages explaining the project. Have a look!

Mastodon: @HolosSocial Don't hesitate to share

@lexinova
We can't change how Mastodon presents those settings, but we had a page explaining how the service works and how to opt out per platform. We'll communicate even more clearly if the service comes back.

Worth noting that this opt-in by default setting also allows Google to index fediverse profiles, except they don't check for consent at all. This is a much bigger issue that goes way beyond our project, which actually tries to do things the right way.

@lutindiscret
We panicked quickly because things escalated beyond what we expected. But we still believe our approach was far more respectful than what's already happening: the same data is being exploited by others without users even knowing. At worst, we raised awareness.

We were caught off guard by the reactions and acted quickly. But we want to give the community a voice. We'll follow the result of this poll: if it should have stayed up, we'll reopen the source code and bring the service back.

@lexinova
The debate goes beyond that. The real question is why developers chose to enable "indexable" by default when creating an account. A default opt-in is effectively an opt-out. That's where the conversation should start.

With #HolosDiscover we checked multiple criteria before indexing: "indexable" enabled, account not locked, no #nobot or #noindex in bio, not in opted-out list, only public posts. Every deletion, edit or block was processed instantly via #ActivityPub.
Google uses that same "indexable" flag but ignores everything else, keeps deleted content cached for weeks.
We shut it down after pushback. Was that the right call? Don't hesitate to share, this concerns the whole Fediverse.