A new secure messenger needs to have a solid foundation. For Air, this foundation is OpenMLS. It has been years in the making, and now it has been audited. This is an important milestone for Air.

The OpenMLS audit report is now public!

Time to send some animated GIFs!

We will be at @re-publica.com over the next 3 days and brought some invitation codes for Air! ✨ Reach out to @julianmair.com if you’d like to get early access to Air. #rp26

You can now reply to messages in Air

soatok.blog/2026/02/17/c... #Matrix #security #cryptography

We will be at #FOSDEM and will bring something exciting: Invitation codes for the beta phase of @air.ms, our new secure messenger based on MLS! ✨ Hit @julianmair.com up if you’d like to join the beta with your friends.

We will be at #39C3 and we brought something exciting: Invitation codes for the beta phase of Air, our new secure messenger based on MLS! ✨ Hit us up if you’d like to join the beta with your friends. You can also follow @air.ms, where we’ll post updates over time.

We made MLS more decentralized! We are excited to share DMLS that brings fork resilience to the MLS protocol, solving a key challenge in distributed systems while maintaining Forward Secrecy. This work was made possible by @equalitie.bsky.social, who funded it as part of the Breakout program.

Die Stimmen gegen die #Chatkontrolle werden mehr und lauter. Nun hagelt es deutliche Kritik aus der Wirtschaft. Zudem warnen der Deutsche Journalistenverband und der Anwaltverein vor einer Überwachungsinfrastruktur, die schnell ausgebaut werden könnte. netzpolitik.org/2025/eu-uebe...

🚨 Der Gesetzentwurf zur #Chatkontrolle sieht vor, dass digitale Kommunikation einschließlich verschlüsselter Nachrichten und Fotos gescannt werden soll. Wir haben uns an die deutsche Bundesregierung gewandt, sich am 14. Oktober gegen den Gesetzesvorschlag der Chatkontrolle auszusprechen.

LinkedIn annonced that it will use your data to train AI models, and craftily chose to use an opt-out mechanism. Deactivate this in your settings now, of you don’t want to give away your content.

As an ex head of security of an end-to-end encrypting messenger I can relate www.theguardian.com/technology/2...

There's an article making the rounds with the provocative title "MLS: The Naked King of End-to-End Encryption". It needs some rebuttal. www.poberezkin.com/posts/2025-0... tl;dr - MLS is fine. This is a misunderstanding about modularity.

Not long ago, someone (who is likely the founder of SimpleX Chat) wrote a blog post about MLS that contained a pretty blatant factual mistake about MLS' authentication, including an alleged lack of security. Thankfully, @soatok.bsky.social took the time to debunk that: soatok.blog/2025/08/25/b...

I had to see for myself

We did a thing. We combined TLS and MLS into a hybrid protocol. Why? Because sometimes you need connections that last for weeks, quantum-resistant security, or simpler certificates. The experiment is open-source. Here's the story 👇

We really did do a thing.

We are #hiring a Freelance Junior Product Manager to help us build the next generation of private & secure messaging. If you’re interested in joining our team, please apply today! For friends of secure messaging 🥷, please share our post with potential candidates.

Happy to announce that I’ll be speaking at @passthesaltcon.bsky.social on July 2nd! I’ll discuss end-to-end encryption with MLS, the growing MLS ecosystem, the MIMI IETF working group, and metadata protection. It’s my first time attending, and I look forward to connecting with the French community!

The idea that you can just “teach computer science” and be apolitical is a beautiful dream that expired in the 2000s, at the latest. Computer science has re-organized every facet of our society: it is inherently political. Instead of taking this idea seriously, we ran from it. Now we live in hell.

Hey Google designers, are we sure about this new layout logo in Google Meet? The negative space around the boxes reminds me of something.

The MLS Architecture document – the companion document to the MLS Protocol document – is now finally available as RFC 9750: www.rfc-editor.org/info/rfc9750

And so it begins, BlueSky complies with censorship requests of an authoritarian regime

MLS is efficient, but what does that mean in practice? This paper sheds some light on the question by building a test framework for OpenMLS. arxiv.org/pdf/2502.18303

… and now it looks like Apple caved, while Google didn’t: www.forbes.com/sites/zakdof...

The SCW podcast team does it again and breaks down a newish, complex and alarming topic into palatable and informative pieces. Excellent questions from @durumcrustulum.com and @dadrian.io expertly answered by @josephhall.org and @matthewdgreen.bsky.social. Listen to it if you have time!

I’m deeply disappointed in Apple. www.bbc.com/news/article...

We proudly signed this too. Always push back.

I love that @kagi.com now uses Privacy Pass. It would have been nice to get some credit since your "own implementation" looks like a wrapper around my implementation. blog.kagi.com/kagi-privacy...

Another example of how legal interception of private communication cannot be limited to the “good guys”: www.cisa.gov/news-events/...

Hey new followers! I hope this will become what Twitter once was – it's already starting to feel that way. Looking forward to better conversations! PS: Mastodon is still as valid as it was before.

This weekend, @raphaelrobert.bsky.social and @julianmair.com are joining the #GlobalGathering. We will be hosting a booth and circle on Saturday to discuss the current state of privacy preserving and decentralized messengers. We look forward to seeing you at there! Feel free to ping us!

🔐 Discord introduces end-to-end encryption with Messaging Layer Security (MLS) 🔐 Im really happy to see another large scale MLS deployment. It shows the technology is fit for purpose, demonstrably so. discord.com/blog/meet-da...

We are hiring two Rust engineers!

I like the idea that “covfefe” was a premonitory acronym for “convicted felon”

We attended the Real World Crypto Symposium in Toronto 🇨🇦 where @raphaelrobert.bsky.social talked about how far MLS has come since RWC 2019. Highlights: - Post-quantum resistance and how easy it is to upgrade from current schemes - Deployment in existing products like Webex and Discord (🧵1/2)

Signal usernames are out, grab yours now!

WhatsApp shared first details on how they will comply with the #DMA. We are critical of the Signal protocol, as there has never been a complete specification that allows secure implementation of the protocol. This was one of the main reasons to develop MLS. Our conversation with @netzpolitik.org👇

We ended 2023 with a talk at #37C3. @raphaelrobert.bsky.social and Konrad presented Messaging Layer Security (MLS). The room was packed and some people couldn't attend – luckily the talk is now online. 🍿 media.ccc.de/v/37c3-12064... #securemessaging #encryption #e2ee #messaginglayersecurity

Today at #37c3, 3:45pm, Konrad and I will give a talk in hall Zuse about Messaging Layer Security (MLS). They call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption, bringing improvements in performance and security. 👉 fahrplan.events.ccc.de/congress/202...

We are very excited to be at #37c3 in Hamburg after a long pandemic break. On day 3 (29.12., 3:45pm), @raphaelrobert.bsky.social and Konrad will give a talk on “RFC 9420 – or how to scale end-to-end encryption with Messaging Layer Security (MLS)” 👉 fahrplan.events.ccc.de/congress/202...

Check out our blog post where we examine the push notification problem and address potential misconceptions! In the wake of recent reports on surveillance via push notifications, many people have been confused about it and how it affects their own privacy when using messengers anonymously.

Let’s get down to why exactly push notifications have a privacy issue 👇 blog.phnx.im/privacy-of-push-notifications/

First impactful measure following last week's splash about push notification surveillance: www.reuters.com/technology/a...

Let's make this crystal clear: If you think you are anonymous because you - used a throwaway number for Signal - picked a completely random username for Wire/Matrix - were given a random username with Threema/Session YOU ARE NOT! You can be identified by the push tokens.

This has been bothering me for a while and I'm glad there's finally more discussion about this. Push notifications are a problem for privacy, we need more transparency and changes in the way they work. netzpolitik.org/2023/push-di...

Just as #chatcontrol seems to take a slightly better turn, another crude proposal awaits us.

New internet standard for RSA blind signatures. This is the foundation for privacy pass and other privacy preserving protocols. www.rfc-editor.org/info/rfc9474