Mastodon Plans End-to-End Encryption For Private Messages

Decentralized social media platform Mastodon plans on adopting its own end-to-end encryption (E2EE) for private messages.

Mastodon announced the upcoming feature in a blog post about receiving €614,000 ($724,000) from the Sovereign Tech Fund, an effort backed by the German government to support open-source software.

Mastodon, which operates as a European nonprofit, says the €614,000 service agreement will fund five major projects, including the E2EE for private messages, along with automated content detection to stamp out spam, and a way for Mastodon server administrators “to subscribe to shared blocklists.”

E2EE means only the sender and recipient of the private messages can look at the content, effectively shielding the data from third parties, including Mastodon server providers. This can add a new layer of privacy to personal communications amid concerns about corporate and government surveillance. WhatsApp, Signal, and Apple iMessages all offer E2EE, which places the encryption keys for the messages only on the sender and recipient devices. X is also offering E2EE, but the company technically holds on to the encryption key to ensure seamless communication between devices, although the key is fragmented between three servers.

Mastodon plans to incorporate E2EE by coordinating with ongoing work by the Social Web Foundation, another nonprofit focused on developing Mastodon and other “Fediverse” platforms. The Social Web Foundation in December kicked off an end-to-end encryption project for the ActivityPub standard, an open social networking protocol that Mastodon and even Mark Zuckerberg’s Threads support. A specification for the E2EE system is already in the works.

“It is early days, but the plan is to follow the standards body work,” a Mastodon spokesperson told PCMag in an email. “If interoperability testing is successful and the technology meets our needs (in particular, we are going to be looking at the reporting and moderation implications), then yes, it would likely be implemented on mastodon.social and on other Mastodon servers that choose to make use of the feature.”

Recommended by Our Editors

However, Mastodon says the E2EE won’t roll out until 2027. In the meantime, Mastodon doesn’t have a conventional direct messages feature. Instead, it offers a “privately mention” function that can silo a post to only certain users, but the feature’s naming has created confusion for some.

Adding an encrypted private messaging function could help Mastodon boost its appeal. But E2EE can also come with trade-offs, as it can prevent a Mastodon server provider from detecting messages containing rule-breaking or even illegal content.