As gregarious as people are, they also love their privacy. Eavesdropping, reading over the shoulder, going through personal affects? Everyone can agree, it is egregious behavior when your privacy is violated, even when justified. Thusly, it is in one's nature – innocent or otherwise – to engage in the right of privacy. What people do not have the right to, is to demand provision of this privacy from external sources. Historically, you learn to wear your own mask, to bury your own secrets.

Simultaneously, we continue to see that people are contrarian. As much as the people love their anonymity, they equally love their identity, expressing themselves in both private and public spaces such as bars, clubs, boardwalks, or even Social Networking Services (SNS) like Mastodon. Within these spaces people hold a reasonable expectation to both privacy and respect, i.e. not to be harassed, mocked, doxxed, stalked, have their personal space, or likeness violated, etc. Unfortunately, this cannot always be guaranteed in public or even in private spaces, leading us to the necessity of moderation, which we will touch on later.

Considering these facts, you are likely to enjoy the idea of secure and private conversations with your associates. If this is the case, you are probably looking for a service that offers End-to-End-Encryption (E2EE). There are many services to choose from, some more secure than others. Whatsapp for example offers convenient but highly insecure E2EE, while Signal Messenger offers a less convenient, but more secure implementation.

E2EE explained simply is when everyone has two keys and a signature. You generate these keys, one public, one private, then start trading public keys and signatures with known associates. When you send a message to anyone, it will be encrypted using their public key & decrypted only by their private key. Your message stays secure in transit. Seal that letter with your signature we mentioned and you've proven yourself as the origin, avoiding impersonation.

Note: E2EE doesn’t stop the network from seeing who talks to who, when, or how often – “privacy” is leaky even if message content is encrypted.

Many individuals – including myself – have recommended using PGP's key generation, signing & message encryption/ decryption capabilities to send encrypted messages “anywhere”... this is less than ideal in 2026. The author of The PGP Problem – lvh – stated that if you want to talk,

Use Signal. Or Wire, or WhatsApp, or some other Signal-protocol-based secure messenger.

Modern secure messengers are purpose-built around messaging. They use privacy-preserving authentication handshakes, repudiable messages, cryptographic ratchets that rekey on every message exchange, and, of course, modern encryption primitives. Messengers are trivially easy to use and there’s no fussing over keys and subkeys. If you use Signal, you get even more than that: you get a system so paranoid about keeping private metadata off servers that it tunnels Giphy searches to avoid traffic analysis attacks, and until relatively recently didn’t even support user profiles.

As for email?

Don't.

Now that we have explained what E2EE is, 'The PGP Problem', and the use of dedicated tools, let us take a look at this – From the Social Web Foundation, Implementing Encrypted Messaging over ActivityPub:

“Encrypted messaging has become a common feature on many social networks since ActivityPub was created, and its lack has inhibited Social Web adoption and public trust in the network.”

Do you genuinely believe the lack of E2EE is keeping the masses at bay? The grandmas and grandpas who just want to message their grandchildren? The mothers who just want to know when the next soccer meet is? I assure you, not a single “normie” is worried about E2EE unless they have swallowed marketing material. Perceived low conversion rates are because these people are literally addicted to their dopamine apps. The “Social Web” is fundamentally not Facebook, that is what you're observing.

Everyone has some expectation of privacy, particularly in regards to federated SNS. Many users are tired of service providers like Facebook “harvesting their data points for actionable business insights” leading them to options that provide a semblance of self agency and sovereignty. On one hand, these services do not traditionally track users, on the other hand, ActivityProtocol (AP) is running behind the scenes as the language of many of your favorite services, i.e. Mastodon. This type of protocol and the way it behaves is referred to as a broadcast protocol. Everyone, everywhere can see you and what you do, who you talk to, and when.

This is especially true when the other server is not fully respecting the protocol, when disrespected, “private” accounts and posts requiring follower approval may not be entirely private. This can lead to confusion and anger between users and operators for being followed by people who shouldn't have access, bots, or tracking services, each of which are disrespecting wishes, consent, or the protocol.

Because of these quirks, there are some nuanced avenues for harassment I will not outline here. Actively processing, investigating, and remediating the deluge of reports in the attempt to promptly moderate against rule breakers, abuse, harassment, exploitation, scams, etc. is already a Herculean and Sisyphean task. Due to abuse by both network users and operators, there are now regulations around the world regarding data retention or lack thereof, along with legal obligations and potential demand.

Everything so far leads the question with E2EE & SNS to quickly become: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?

If an operator offers E2EE on an SNS like Mastodon – due to the nature of the protocol being comparable to a public space – suddenly we see the landscape become exponentially difficult, if not impossible to moderate. Operators will place themselves into the unfortunate position where they cannot properly serve and protect their users, or their legal obligations. Additionally, if you offer a secure service and it is not secure or your implementation is bad, what will you do if a litigious troll attempts to sue?

To introduce E2EE into public‑facing SNS while simultaneously trying to “solve” abuse, moderation, & legal exposure, the path of least resistance is likely to be “just verify everyone”, pushing identity‑linked, KYC‑style identity checks as a way to “anchor” trust & accountability. The loudest users and largest operators may start demanding identity verification to ease this friction.

This appears in the long run to be potentially bad for privacy, and it’s exactly why I strongly believe E2EE should be kept out of the core social layer & kept within dedicated tools instead. If people want to hide themselves, they have many options – third party clients, applications, and tools – as they have always had the ability and right to do/ use. It is not the operators responsibility to provide their users the ability to hide. Don't know how to encrypt your own messages? Talk on Signal. Mastodon is a public space, take your private conversation elsewhere. Don't forget, people were writing encrypted messages by hand before computers.

The cost outweighs the benefit. Please, make the sane decision, don't over complicate the backend and keep the public social layer unencrypted. Mastodon is a public space, use purpose built tools like Signal for your private conversations.

P.S. You do not need E2EE everywhere. If you indiscriminately E2EE with everyone across your personal, business, and social life, then a single impersonation can spread everywhere. At that point, the question becomes: how do you prove an imposter is not you?

Yes, at the moment these are optional features, but we ultimately teach our users unsafe and unsanitary practices by telling them it is alright to shit where they eat. Once it is the social norm, even if optional, it will be hard to offer a service that doesn't let users shit where they eat. In the long run this idea appears horrible. As the user, why are you putting the burden of your secrecy on the operator? As the operator, what will you do when users start placing the burden of their secrecy on you?

Source: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/

Update: Was informed of and removed mention of GPG as it is insecure, that same friend just provided this article as well, it is a wonderful read, and I will be updating this piece accordingly:

https://www.lvh.io/posts/the-pgp-problem/

Second Update: Removed this following section and updated due to old/ misinformation -

If you want to send encrypted messages anywhere, regardless of service, you could do-it-yourself by using PGP's key generation & message encryption/ decryption capabilities, alongside something like openBSD's Signify for signing and verification. There is also terminology like key rotation and key recovery but these over-complicate things for a simple chat between known associates.

Trade public keys, treat private-key leaks as full identity compromise, and keep circles small to foster high-trust networks.

The Paradox of Ownership in the Digital Age:  How DMCA and DRM Limit Access and Undermine Preservation Efforts

 The digital age has ushered in a revolution in how we access and interact with information and culture. E-books, streaming services, and online libraries offer a seemingly boundless collection of knowledge and creative works at our fingertips. However, the concept of ownership in this new landscape remains shrouded in ambiguity. This essay explores how the Digital Millennium Copyright Act (DMCA) and Digital Rights Management (DRM) technologies, intended to protect copyright, create a system where consumers have limited control over their digital purchases. These limitations hinder fair use, restrict access for institutions like libraries and archives, and ultimately raise fundamental questions about true ownership in the digital age.

 Librarians and archivists stand as the guardians of cultural heritage, ensuring future generations have access to the knowledge and creative output of the past. However, the DMCA throws a wrench into their efforts. The act restricts activities like copying and sharing for educational purposes, which are crucial for libraries fulfilling their mission of disseminating information and fostering creativity. As highlighted by McDermott (2012), “complex copyright laws and a misunderstanding of fair use threaten libraries' ability to fulfill their mission of providing information access and fostering creativity”. Librarians often rely on fair use to share excerpts of copyrighted works for educational purposes, create digital copies for long-term preservation, or offer interlibrary loan services. The DMCA's restrictions on these activities create a chilling effect, hindering innovation and jeopardizing the long-term accessibility of knowledge.

 Imagine a scenario where a library owns a physical copy of a book out of print but still protected by copyright. Under the DMCA, the library may be unable to scan and offer a digital copy, even though this could significantly increase accessibility for patrons. This situation exemplifies the tension between copyright protection and the public's right to access information. Furthermore, the DMCA's limitations can restrict libraries from archiving digital materials altogether. A library may be hesitant to acquire e-books due to concerns about the long-term accessibility of the content, potentially impacting user access to valuable resources.

 The DMCA's impact extends beyond access limitations. The act fosters a culture of fear and uncertainty surrounding fair use. Libraries may be reluctant to engage in activities deemed potentially infringing due to the threat of costly litigation; hindering innovation and libraries' ability to effectively serve their communities in this digital age.

 The limitations imposed by the DMCA are further compounded by Digital Rights Management (DRM) technologies. DRM software encrypts content and restricts how users can access and utilize their digital purchases. While DRM serves the purpose of protecting copyrighted material from unauthorized copying and distribution, it also undermines the very notion of ownership in the digital sphere. When consumers purchase an e-book or song, they are essentially buying a license to access the work under certain conditions, not the work itself.

 Scharf (2010) aptly argues that DRM “prioritizes control over user rights”. This translates to limited user control over digital purchases. Imagine purchasing a digital book that you cannot lend to a friend or critically analyze online due to DRM restrictions. This scenario exemplifies how the current system prioritizes control by copyright holders over user rights. Furthermore, the ever-evolving nature of DRM software raises concerns about its long-term compatibility. The potential obsolescence of DRM could render previously purchased content inaccessible in the future, effectively negating any sense of ownership.

 Scharf (2010) further emphasizes the complex relationship between fair use and DRM. “Any attempt to encapsulate fair use provisions within DRM would have drawbacks for both right holders and users...” (p. 182). This quote highlights the inherent tension that exists between user rights and copyright holder control. Striking a balance between the two will be critical in moving forward.

 The limitations of DMCA and DRM extend beyond immediate user experience and have a profound impact on long-term preservation efforts. Libraries and archives face significant challenges in preserving digital content due to these restrictions. As Gasaway (2007) points out, “current limitations on copying and distribution don't translate well to digital media”.

 Unlike physical books, digital files can become inaccessible over time due to changes in file formats or software incompatibility. This presents a significant hurdle for long-term preservation. The focus on “preservation-only” exceptions with restricted access, as discussed in the article by Gasaway (2007), creates a paradox. Restricted access undermines the core purpose of preservation, which is to ensure future generations can access the information. One quote from the article emphasizes this concern: “One question is whether any user should have access to preservation only-copies. In fact, one could argue that the copy is no longer for preservation only if access is being granted to users” (Gasaway, 2007). This quote confirms the concern that restricted access to preserved works challenges the true purpose of preservation, which is to ensure future access. Additionally, the ever-evolving nature of digital formats and technology poses a challenge for long-term preservation.

 While the limitations of current copyright law and DRM pose significant challenges, emerging technologies like blockchain offer a potential solution for securing ownership of digital assets. Blockchain technology utilizes a distributed ledger system, where data is recorded across a network of computers. This creates an immutable record of ownership that is transparent and tamper-proof. Bodó et al. (2018) discusses the potential of blockchain for copyright protection, arguing that “Distributed ledgers are a general-purpose technology, meaning that they are freely configurable to any and every application. In theory, this makes it relatively easy to correspond the core building blocks of blockchain technology to fundamental concepts in copyright law.” (p.314). This further exemplifies how blockchain technology could potentially be a powerful tool for enforcing intellectual property rights through distributed ledgers.

 In theory, blockchain could be used to track ownership of digital content, ensuring creators receive appropriate compensation for their work. Additionally, blockchain could potentially facilitate secure access control for libraries and archives, allowing them to preserve digital materials while ensuring copyright compliance. However, it is important to acknowledge the limitations of blockchain technology in the context of digital preservation.

 Firstly, blockchain itself cannot store copious amounts of data efficiently. While ownership records could be stored on the blockchain, the actual content would likely need to be stored elsewhere. This raises questions about long-term accessibility and potential compatibility issues between storage solutions and future technologies. Secondly, integrating existing copyright laws with blockchain technology presents a complex challenge.

 Despite these limitations, blockchain offers a promising avenue for exploring new models of digital ownership and preservation. As Bodó et al. (2018) concludes, “ Still, should blockchain technology reach its market potential, it may have significant—perhaps transformative—impact on copyright in the digital environment. ” (p. 336). Collaboration between stakeholders – including content creators, copyright holders, technology companies, and libraries – will be crucial in determining how best to leverage blockchain for a more balanced digital ecosystem.

 The issue of digital ownership becomes even more complex when considering piracy. While piracy undoubtedly has negative consequences, the article by Kim et al. (2018) introduces a thought-provoking concept: the “invisible hand” of piracy. The authors argue that “When information goods are sold to consumers via a retailer, in certain situations, a moderate level of piracy seems to have a surprising positive impact on the profits of the manufacturer and the retailer while, at the same time, enhancing consumer welfare.” (Kim et al., 2018, pp. 1117). They explain how piracy can act as a “shadow competitor,” forcing manufacturers and retailers to lower prices or improve accessibility, potentially leading to a more efficient supply chain (Kim et al., 2018). This challenges the current legal framework and traditional views on ownership of digital goods. The concept of “owning” digital media becomes blurry when copying is near-effortless. Piracy can be seen as a symptom of a broken market, where consumers resort to piracy due to limited access or inflated costs. Perhaps a more nuanced approach to piracy is needed, considering the potential benefits and drawbacks in specific situations.

 In conclusion, the DMCA and DRM, while intended to protect copyright, create a system that undermines the concept of true ownership in the digital age. Consumers have limited control over their purchases, fair use is restricted, and long-term preservation of digital materials is hindered. Librarians and archivists, who play a crucial role in safeguarding cultural heritage, are particularly impacted by these limitations.

 Moving forward, a more balanced approach is necessary, one that respects copyright while ensuring fair use rights, promoting open access, and facilitating long-term preservation of our digital heritage. This could involve a few avenues:  • Revising DMCA exemptions for libraries and archives: Expanding exemptions to allow libraries to create digital copies for preservation purposes and offer interlibrary loan services for digital materials.

 • Exploring alternative preservation strategies: Investigating the potential of blockchain technology for secure ownership records while exploring complementary strategies for content preservation outside the blockchain ecosystem.

 • Encouraging collaboration between content creators, copyright holders, technology companies, and user groups to develop new models that prioritize both ownership and accessibility. This could involve exploring innovative licensing models that offer more user control and exploring new revenue streams for content creators in the digital age.

 • Re-evaluating the role of piracy: Considering the potential benefits and drawbacks of piracy in specific contexts and exploring strategies to address the underlying issues that lead to piracy, such as limited access or high costs.

By addressing these challenges, we can move towards a digital ecosystem that fosters creativity, ensures long-term access to information, and respects the rights of both creators and consumers. A system that strikes a balance between copyright protection and fair use is essential for a healthy digital environment where knowledge and culture can continue to thrive.

Some additional considerations we can take with us moving forward:  • Educating users about copyright law, fair use rights, and responsible digital citizenship can help foster a more balanced environment. Libraries and educational institutions can play a crucial role in these efforts.

 • Developing open access models that will facilitate open access initiatives that ensure the public has access to scholarly research and cultural heritage materials helping to democratize access to knowledge and encourage innovation.

 • Investing in robust and secure digital storage solutions for long-term preservation of digital materials. Collaboration between government agencies, libraries, and technology companies will be key in achieving these goals.

 Ultimately, the question of ownership in the digital age is a complex one with no easy answers. However, by fostering dialogue, exploring innovative solutions, and prioritizing both access and creator rights, we can create a more equitable and sustainable digital future.

 Capitalists: ...“You will own nothing and you will be happy.”  Everyone else: ...“Stand up me hearties, yo ho!”

Reference List

Bodó, A., et al. (2018). Copyright in the Blockchain Era: Enforcing Intellectual Property Rights Through Distributed Ledgers. Journal of Intellectual Property Law & Practice, 13(8), 741-750.

Gasaway, L. (2007). Digital Millennium Copyright Act and Library Preservation: A Paradox of Access and Control. Library Resources & Technical Services, 51(4), 1329-1337.

Kim, J., et al. (2018). The Invisible Hand of Piracy: How Moderate Levels of Piracy Can Benefit Businesses and Consumers. Journal of Marketing Research, 55(5), 1112-1132.

McDermott, S. (2012). The Chilling Effects of Copyright Law on Libraries and Archives. D-Lib Magazine, 18(5/6), 1-10.

Scharf, M. B. (2010). Fair Use in a Digital World: The Future of User Rights in the Information Society. Duke Law Journal, 60(2), 181-238.

(tip: run commands as root with su -)

Step 1. Add contrib & non-free in /etc/apt/sources.list

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware

deb http://security.debian.org/debian-security/ trixie-security contrib non-free main non-free-firmware

...and often also for -updates:

deb http://deb.debian.org/debian/ trixie-updates non-free-firmware non-free contrib main

Example of modified sources.list:

#deb cdrom:[Debian GNU/Linux 13.3.0 _Trixie_ - Official amd64 DVD Binary-1 with firmware 20260110-11:00]/ trixie contrib main non-free-firmware

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware

deb http://security.debian.org/debian-security/ trixie-security contrib non-free main non-free-firmware
deb-src http://security.debian.org/debian-security trixie-security contrib non-free main non-free-firmware

# trixie-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ trixie-updates non-free-firmware non-free contrib main
deb-src http://deb.debian.org/debian/ trixie-updates non-free-firmware non-free contrib main

# This system was installed using removable media other than
# CD/DVD/BD (e.g. USB stick, SD card, ISO image file).
# The matching "deb cdrom" entries were disabled at the end
# of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

Step 2. apt update

Step 3. apt install linux-headers-amd64

Step 4. apt install nvidia-kernel-dkms nvidia-driver firmware-misc-nonfree nvtop

Step 5. mokutil --import /var/lib/dkms/mok.pub

Step 6. when prompted, enter a password

Step 7. systemctl reboot

Step 8. On boot there will be a prompt to enroll the MOK, select yes; when asked, enter the password from step 6

Step 9. Enter TTY with CTRL+ALT+F3, enter username, password, sudo nano /etc/default/grub

(Tip: generally you may select x11 environment in the bottom left corner of the login screen if you want a graphical interface/ get stuck)

Step 10. Add nvidia_drm.modeset=1 as a boot option. This is achieved by appending it within the file /etc/default/grub to GRUBCMDLINELINUX_DEFAULT=“” without deleting other parameters.

Example of modified grub file:

# If you change this file or any /etc/default/grub.d/*.cfg file,
# run 'update-grub' afterwards to update /boot/grub/grub.cfg.
# For full documentation of the options in these files, see:
#   info -f grub -n 'Simple configuration'
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`( . /etc/os-release && echo ${NAME} )`
GRUB_CMDLINE_LINUX_DEFAULT="nvidia_drm.modeset=1 nvidia-drm.fbdev=1 quiet"
GRUB_CMDLINE_LINUX=""

# If your computer has multiple operating systems installed, then you
# probably want to run os-prober. However, if your computer is a host
# for guest OSes installed via LVM or raw disk devices, running
# os-prober can cause damage to those guest OSes as it mounts
# filesystems to look for things.
#GRUB_DISABLE_OS_PROBER=false

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE/GOP/UGA
# you can see them in real GRUB with the command `videoinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

Step 11. within home/username create the hidden directory .nvtmp

Step 12. set module options for the nvidia module variable at /etc/modprobe.d/nvidia-options.conf uncomment options nvidia-current NVreg_PreserveVideoMemoryAllocations=1 and add NVreg_TemporaryFilePath=~/.nvtmp to the same line

sudo nano /etc/modprobe.d/nvidia-options.conf

Example of modified nvidia-options.conf file:

#options nvidia-current NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 NVreg_DeviceFileMode=0660

# To grant performance counter access to unprivileged users, uncomment the following line:
#options nvidia-current NVreg_RestrictProfilingToAdminUsers=0

# Uncomment to enable this power management feature:
options nvidia-current NVreg_PreserveVideoMemoryAllocations=1 NVreg_TemporaryFilePath=~/.nvtmp

# Uncomment to enable this power management feature:
#options nvidia-current NVreg_EnableS0ixPowerManagement=1

Step 13. add your modules to the initramfs by editing /etc/initramfs-tools/modules and adding nvidia, nvidiadrm, nvidiauvm, and nvidia_modeset to MODULES.

sudo nano /etc/initramfs-tools/modules add MODULES="crc32c nvidia nvidia_drm nvidia_uvm nvidia_modeset"

Example of modified nvidia-options.conf file:

# List of modules that you want to include in your initramfs.
# They will be loaded at boot time in the order below.
#
# Syntax:  module_name [args ...]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
# sd_mod
crc32c
nvidia
nvidia_drm
nvidia_uvm
nvidia_modeset

Step 14. generate initramfs to add the changes you have made.

sudo update-initramfs -u -k all

Step 15. generate grub.cfg

sudo update-grub OR sudo grub-mkconfig -o /boot/grub/grub.cfg

Step 16. Before rebooting, enable scripts to allow wake from suspend/hibernate using systemd.

sudo systemctl enable nvidia-suspend.service nvidia-hibernate.service nvidia-resume.service

Step 17. systemctl reboot

Step 18. login