
Separate from my proposal for key transparency for the Fediverse (which I've certainly blogged about a lot), the W3C has been working on building out end-to-end encryption (E2EE) for ActivityPub. The two projects are mostly being developed independent of each other, though connecting the two should be straightforward. As I prepare to tie up the…
Nguồn: https://soatok.blog/2026/07/15/the-long-tail-of-work-left-until-activitypub-has-e2ee. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
Đọc tin ở đây, luyện code, học theo lộ trình và luyện IELTS trên các sản phẩm anh em — tất cả kết nối với nhau trong hệ sinh thái 8 Sync Dev.
Cổng chính của hệ sinh thái: giới thiệu sản phẩm, blog và bảng giá trọn bộ.
Khám pháHọc theo lộ trình với video, quiz chấm tự động, certificate và mentor đang làm nghề.
Xem khóa họcLuyện thuật toán chấm tự động 7 ngôn ngữ, chạy code ngay trên trình duyệt.
Nghị viện EU đã thông qua Chat Control 1.0 dù đa số nghị sĩ bỏ phiếu chống (314-276), vì …
AI cho doanh nghiệp B2B: chat đa kênh AI phản hồi, gom lead tiềm năng, phân loại khách hàng.
Sắp ra mắtA design provocation exploring whether ActivityPub could be run atop an AT Protocol Personal Data Server (PDS). The author argues that ATProto's pluggable identity, signed data repositories, and credible exit guarantees complement ActivityPub's URL-based social graph, and that the two protocols solve different problems. The main technical obstacles — XRPC methods supporting only GET or POST but not both, and misaligned identity/handle systems — are identified as bridgeable with modest changes. The core thesis is that combining both would give users stronger ownership and portability than either protocol alone.
The European Parliament voted to advance a temporary bill allowing tech platforms to voluntarily scan for child sexual abuse material (CSAM), despite having rejected the same bill in March. The bill was revived via a rarely-used procedural mechanism pushed by the centre-right EPP. An amendment was added to exempt end-to-end encrypted services like WhatsApp and Signal from scanning requirements. The vote satisfied neither side: child-safety advocates wanted stronger measures, while privacy advocates opposed any scanning regime. The result was chaotic, with some lawmakers reportedly unsure what they were voting on. The temporary measure now heads to EU member states, while the more contentious permanent 'Chat Control' regulation remains stalled in negotiations.

France's cybersecurity agency ANSSI announced it will stop certifying security products that lack quantum-resistant encryption starting in 2027. Businesses are expected to purchase only quantum-safe products by 2030. Since ANSSI certification is mandatory for French government agencies and critical infrastructure, this policy effectively phases out older encryption standards across those sectors.

Building group chats in a fully decentralized P2P messenger (Kiyeovo) requires navigating tradeoffs that centralized servers normally handle: membership authority, key distribution, message ordering, and offline delivery. The author evaluated several approaches — centralized coordination (Signal/Matrix), MLS/TreeKEM, leaderless membership, and fixed membership — before settling on a single-creator authority model. The creator holds exclusive rights to invite/kick members, identified by an Ed25519 key. Messages are encrypted with a per-epoch XChaCha20-Poly1305 symmetric key, rotated on membership changes. Group state lives in a DHT as a signed, hash-chained append-only log. Offline messages are stored in per-sender DHT buckets, and libp2p pub/sub topics are derived from the epoch key so removed members can't subscribe. Key tradeoffs include the creator being a single point of failure, no intra-epoch forward secrecy, and best-effort message ordering.
IRONSCALES has launched Email Encryption, combining Policy-Based Encryption and outbound data protection into its existing platform. The system uses adaptive AI to automatically detect and encrypt sensitive outbound content (PHI, PII, PCI data) without requiring sender action, while also offering elective encryption via an Outlook add-in or subject line keyword. Compliance reporting generates audit trails for HIPAA, PCI DSS, FERPA, and GDPR automatically. The recipient experience uses one-time passcodes instead of portal account creation, reducing friction and support tickets. The feature is included in select plans and available as a paid add-on, and integrates with IRONSCALES' existing inbound threat detection, DMARC, and phishing simulation tools in a single console.

Azure Key Vault offers a more secure alternative to storing Couchbase credentials in local config files or environment variables. Two approaches are covered: using Azure Key Vault references in Azure Functions app settings (with managed identity, no custom SDK code needed), and Couchbase Capella's native Customer-Managed Encryption Keys (CMEK) integration with Azure Key Vault for data-at-rest encryption. CMEK requires the Capella Enterprise plan, an RSA key (2048/3072/4096-bit), and the Key Vault in the same Azure region as the cluster. Key benefits include AES-256 encryption at rest, version history, cross-app secret sharing, granular RBAC, and full control over key rotation and revocation.

Tim Bray lập luận rằng Mastodon là nền tảng mạng xã hội duy nhất khả thi lâu dài nhờ sở hữu phi tập trung, tương tự như email, với các ưu điểm như khả năng di chuyển dữ liệu, tương tác chất lượng hơn, không thao túng thuật toán, hỗ trợ cảnh báo nội dung, quản trị phân tán và không vì lợi nhuận. Ông chỉ trích Bluesky vì phụ thuộc vào vốn mạo hiểm ($123M) và thiếu mô hình kinh doanh, có nguy cơ dẫn đến "enshittification" hoặc sụp đổ. Bài viết khuyến nghị người dùng chuyển sang Mastodon khi phần mềm đã trưởng thành.
Lập trình viên nên đọc bài này để hiểu cách Mastodon xây dựng mô hình xã hội phân tán an toàn, minh bạch và không bị kiểm soát bởi các công ty tư nhân, giúp bạn tìm kiếm một môi trường cộng đồng trực tuyến tự chủ và bảo vệ quyền riêng tư trong tương lai.