Mastodon Announces Plan To Add End-To-End Encryption For DMs

Mastodon, a decentralised social media platform, intends to implement its own end-to-end encryption (E2EE) for private communications and direct messages. This decision comes after getting funding from an open-source software group supported by the German government; the decentralized social network is planning several improvements.

In a blog post on obtaining €614,000 ($724,000) from the Sovereign Tech Fund, an initiative supported by the German government to promote open-source software, Mastodon revealed the impending feature.

The €614,000 service deal, according to Mastodon, a European charity, will finance five significant projects, such as the E2EE for private communications, automatic content detection to eliminate spam, and a mechanism for Mastodon server administrators “to subscribe to shared blocklists.”

The target date and implementation are planned for 2027, next year, and the implementation will be in phases. Also, the adoption of the feature will probably launch on the main mastodon.social server first, but other server admins can choose whether to turn it on or off.

E2EE successfully protects the data from third parties, including Mastodon server providers, by allowing only the sender and recipient of the private messages to view the content. In light of worries about government and corporate surveillance, this can provide an additional degree of privacy to private communications. E2EE, which only stores the encryption keys for the messages on the sender and recipient devices, is provided by WhatsApp, Signal, and Apple iMessages. X provides E2EE as well; however, to guarantee smooth communication between devices, the firm technically retains the encryption key, even if it is divided among three servers.

By collaborating with the ongoing efforts of the Social Web Foundation, another organization dedicated to creating Mastodon and other “Fediverse” platforms, Mastodon intends to integrate E2EE. An end-to-end encryption initiative for the ActivityPub standard, an open social networking protocol supported by Mastodon and even Mark Zuckerberg’s Threads, was initiated by the Social Web Foundation in December. The team is currently developing the specification for the E2EE system.

In an email to PCMag, a Mastodon representative stated, “It is early days, but the plan is to follow the standards body work.” “Yes, it would probably be implemented on mastodon.social and on other Mastodon servers that choose to use the feature if interoperability testing is successful and the technology meets our needs (in particular, we are going to be looking at the reporting and moderation implications).”

Mastodon claims that the E2EE won’t be available until 2027. Mastodon does not currently offer a traditional direct messaging feature. Rather, it intends to provide a “privately mention” feature that allows a post to be restricted to specific people; yet, some users have been misled by the feature’s name.

Mastodon might become more appealing if it had an encrypted private messaging feature. However, there may be trade-offs associated with E2EE, such as the inability of a Mastodon server provider to identify messages that include unlawful or rule-breaking content.

Mastodon’s end-to-end encryption will ensure only senders and recipients can read private messages, blocking access by server admins. To support safety, the system will include message franking, allowing users to report abusive content without breaking encryption. Since Mastodon is built on the ActivityPub protocol, the update could eventually enable secure cross-platform messaging with services like Threads or Pixelfed.

Until the 2027 rollout, users should note that direct messages (labelled “private mentions”) currently lack end-to-end encryption, making them theoretically accessible to server admins and hosting providers. For sensitive information, privacy experts recommend using dedicated encrypted messengers like Signal or XMPP/Jabber instead.