I've been thinking about this for a while, that there's kind of not a great solution, that I know of or can think of, for long-form internal political discussions within an organisation. There are of course existing platforms that are not private (like you could have a Facebook group for instance).

There's obviously a lot of encrypted chat apps out there but they're all more "texting" form and are not great for like forum-style discussion.

The best I can think of might be Matrix, but it's more of a chatroom style format and I've not tried using it for this forum-style of discussion which I'm not sure if it works smoothly for.

Tbh a mailing list would kind of be my ideal (I assume there's mailing list software out there that integrates with PGP so we can protect our emails) but so many people in organising spaces are pretty tech-resistant boomers (no offence to the older generation, I'm aware it's a generalisation that doesn't apply to everyone) and it'd be hard to get everyone to use PGP I think. Also email is just not very secure in the first place and would expose a lot of metadata, making it not suitable for organisations that are heavily criminalised or otherwise have a higher threat model. Not to mention that the mail server in question would be able to read the emails sent to the mailing list, as it has to decrypt emails sent to the mailing list in order to encrypt it with all recipients' personal PGP keys. And there's just so many points of failure in terms of all messages to the mailing list getting accessed if just one member gets compromised.

Maybe I'm missing an obvious solution, in which case please tell me of course. But this is just an issue that's crossed my mind over the years as I've watched organisations use insecure platforms for long-form discussion, and I cringe, but I don't think I know the ideal solution either.

  • xj9 [they/them, she/her]
    ·
    20 days ago

    delta.chat has some concept of e2ee mailing lists, but i'm not positive on the details. technically PGP based (though rewritten in rust), but the app doesn't expose many of the crypto details to the end user. sadly that does mean it inherits some of the weaknesses of PGP like a lack of forward secrecy. OMEMO, Signal, and Matrix all use some variant of a double-ratchet algo. I'd like to see something like this make its way into async/store-and-forward messaging, but idk if there's some reason why it hasn't.

    the delta chat app is currently pretty chat-centric, but its based on email so it could be modified to fit better with long form discussions.