In December 2025, the Social Web Foundation launched a project to build End-to-End-Encryption (E2EE) into ActivityPub and the Fediverse, with funding from The Soveriegn Tech Fund. Here’s the the official project announcement.

Emissary is proud to be one of the servers chosen for this work. We are aiming to deliver the first version of an encrypted messenger in mid 2026.

In broad terms, we’re using Messaging Layer Security (MLS) Protocol to manage keys and encrypt data locally on users’ devices. MLS is an open, flexible industry standard has is being used “at scale” by a number of large organizations. We’re now implementing this in ActivityPub, using our existing servers to provide two important services to the MLS protocol:

1. MLS “directory service” to locate users and their encryption keys (WebFinger, Actor profiles)
2. MLS “delivery service” to send encrypted messages between clients (ActivityPub inboxes and outboxes)

Here is my list of the online resources that are helping me to understand the MLS protocol and how it is used within ActivityPub.

Official Specifications

• Messaging Layer Security in ActivityPub describes how to use MLS in ActivityPub
• RFC 9420 is the primary MLS specification from the IETF
• SWICG Github Project where we’re organizing our work and discussing issues

Tutorials

• Phoenix R&D Blog has a good introduction to the MLS protocol
• Positive Intentions Blog has a deep dive on building MLS applications (with Typescript code!)
• Demystifying MLS by Wire, one of the original participants in creating the MLS spec

Audio/Video Tutorials

• Podcast with Raphael Robers that I still need to listen to
• Video Presentation by Konrad Kohbrok and Raphael Robert that I still need to watch
• YouTube Video by Chalk Talk that I still need to wath

Libraries

• ts-mls is a Typescript library for the MLS protocol, and is the library I’m using for Emissary
• OpenMLS is a Rust library for the MLS protocol

Project Plan

If you’re following along from home, here’s how I’m tackling this problem and building now.

Building E2EE into Emissary is tricky. As a programmable ActivityPub server, Emissary uses server-rendered HTML templates for everything – even outbound JSON-LD documents pass through server-based filters. So, encrypting messages on the browser client will require a number of new technologies to be built into Emissary:

• ActivityPub API Inbox/Outbox - So far, Emissary hasn’t needed to support the client-facing ActivityPub API. So, I’m reworking the [hannibal library] to better support this, and building a true ActivityPub inbox/outbox into Emissary. This also paves the way for future work to support other client-to-server (C2S) interactions on Emissary.
• Support for new MLS message types - Hannibal has also been updated to recognize encrypted MLS messages when they reach the server. Their contents are opaque to the Emissary server, but we now know that they exist and can route them to users’ client apps correctly.
• Browser Client App - I’ve made a proof-of-concept using Mithril.js and ts-mls that places a fully client-based “conversations” app alongside Emissary’s server-side “inbox” app. I’ve used Mithril in the past, and appreciate its light weight and fast design as compared to heavier JS frameworks like React. The client-side app is built with esbuild so that we can also use JSX templates in the Mithril application. It’s looking really nice.

Project Status

2026-01-02 The “conversations” app is coming along. I can send plaintext messages to the server, and am working to populate Conversation objects and route messages to the correct recipients.

2026-01-03 I’m working with a demonstration MLS app featured on the positive intentions blog as a baseline for the MLS integration. It looks really promising.

2026-01-05 Modeling new apps from scratch is fun, but hard. There are so many ways it could go, but I have to pick the one it will go.. at least for now. Now that I have a “nearly working” outbox mechanism (with more still due, unfortunately) I’ve turned to face the actual MLS portion of this. I’m hoping to have some rudimentary encryption working in the next few days.

2026-01-06 Working to integrate features of the MLS demo app. And, I’ve made some progress on modeling the various services that this thing is going to need. It’s slow going, because there’s a lot to ingest. However, once I get past a few more thorny issues, I’m expecting to repurpose large sections of the app quickly :)

Building Scalable Group Messaging with MLS (Message Layer Security)

⚠️ WARNING: This document is not finished. The details in this document are subject to change.

^{xoron (positive-intentions)}

Evan Prodromou

2025-12-19 17:07:33

Implementing Encrypted Messaging over ActivityPub

One of the project areas of the Social Web Foundation for the last year has been end-to-end encrypted messaging. ActivityPub, the standard protocol that powers the Social Web, has privacy controls, but they do not protect the content of messages from server operators. Encrypted messaging has become a standard feature on most social networks since ActivityPub was created, and its lack has inhibited Social Web adoption and public trust in the network.

ActivityPub is extensible, though. As part of our E2EE program, Mallory, Tom and I adapted the Messaging Layer Security (MLS) standard as an extension of ActivityPub to make the MLS over ActivityPub specification. The protocol fits the great MLS E2EE system onto the ActivityPub API and federation protocol.

But a protocol specification is not enough; it must be implemented. That’s why we’re so happy to announce that the Sovereign Tech Fund has commissioned work with the Social Web Foundation to coordinate two new interoperable implementations of MLS over ActivityPub. This investment by the Sovereign Tech Fund will help move the Fediverse towards more privacy for social web users, no matter what server they use.

We decided to partner with two different projects in order to make sure that we’re making an open standard that can work between implementations. With two implementers, we’ll need to communicate clearly about architectural and implementation decisions, and make sure that those decisions end up in the final version of the spec — not in a TODO comment in the source code of a single project.

The first project is Emissary, the great social web application platform behind projects like Atlas and Bandwagon. Ben Pate, Emissary founder, says, “The Emissary Project is deeply committed to the Fediverse, where we are building a free and trustworthy Internet for all 8 billion humans. Delivering on that promise, Emissary is excited to team up with the Social Web Foundation to bring End-to-End-Encryption (E2EE) to the Fediverse. We are eternally grateful for the SWF’s leadership and support, without which this project could not have happened. Our work is already underway, and in 2026 anyone will be able to build E2EE applications on the Emissary platform.”

The second project is Bonfire. Bonfire is a modular framework for building federated apps, with its first app (Bonfire Social) offering a social networking experience enhanced with tools for privacy, trust, and collaboration (such as circles and boundaries).

The maintainers of Bonfire, Ivan Minutillo and Mayel de Borniol, said: “We think that end-to-end encryption should simply be the default for any private communication online. Working with the Social Web Foundation to bring E2EE to ActivityPub marks a crucial step in fostering privacy and trust, and especially in enabling the fediverse to become a safe space for activists and communities to organise, coordinate, and collaborate meaningfully. By making secure, user-friendly messaging a core part of the fediverse, we’re helping lay the groundwork for decentralised networks where people can go beyond talking in the mythical ‘global town square’ and actually organise and accomplish things together.”

This work will happen best if the Fediverse community tracks it closely. We’ll be making updates here on the SWF blog as progress continues. Developers and active users may also be interested in the ActivityPub E2EE Messaging Task Force at the W3C, where the specification is being developed into a report for the Social Web Community group. Finally, we’ll be using the #JustBetweenUs hashtag to share progress and ideas, so you can follow it to see what’s been happening.

End-to-end Encryption (E2EE) over ActivityPub

Encrypted direct messages supply the confidence that people need to connect with family, friends and colleagues privately over a social network. As part of the Summer of Protocols 2024, we explore …

^{Social Web Foundation}