Oh, yeah, my concern isn’t really that Florida is planning to go after instance admins — I’m just being sardonic — so much as to point out that any practical enforceability of this is going to have a lot of issues.

I mean, do you mandate that Lemmy disallow third party clients? Try to force them to detect and block encrypted messages? What happens if I start dumping big PGP messages steganographically in images and simply send those? What happens if the image I’m sending is just a link to isn’t even uploaded to pict-rs on a Lemmy instance?

I don’t need to move a whole lot of bits to send messages, and it’s really hard to block people who can send any data at all from having software send data that cannot be read by intermediaries, use the existing social media channel to agree upon out-of-band communications channels that social media operators have no control over, and so forth. Like, okay. Say I am a child-molesting terrorist drug running money launderer or whatever. I know someone who uses Facebook.

Let’s even say that Facebook does a fantastic job of detecting and blocking any E2E-encrypted communications like PGP messages of the sort I mentioned in the above comment.

Okay. Now let’s say that there is some other non-social-media system that uses OTR. I use Facebook to send someone my identity on that OTR system, as well as – which doesn’t need to be in any kind of standardized format — the shared secret OTR uses to bootstrap trust between two parties. That shared secret becomes useless after the initial handshake completes. Is Florida going to figure out everything that I’m saying, manage to break into whatever other channel I’m using, and MITM the thing? Probably not, since even if they supoena Facebook and Facebook gives them that shared secret, it doesn’t let them later MITM the OTR communications.

That sounds complicated, but from a user standpoint it’s “Let’s talk on <program X>. I’m <user>, and here’s <string>.” The other person fires up their program, pastes string in, and unless Florida have already supoenaed and MITMed that channel, at that point, the deed is done – out-of-band E2E-encrypted communications are bootstrapped, and Mark Zuckerberg can’t read them or let anyone else read them even if he wants to do so.