-
Maranda
huhu showing hidden rooms for server admins enabling superuser switch brought interesting results.
-
Maranda
(in disco#info that is)
-
Maranda
*repeats question here* anyone knows if ChatSecure or Conversation or some other client do something like creating hidden members only persistent rooms, with a random name (node). To emulate some "crypto-junk groups"?
- Maranda found a not so small infestation of those *unused* rooms on his MUC
-
Holger
Maranda: Yes, Conversations creates room JIDs with random node parts, and makes them members-only, hidden and persistent by default.
-
Holger
ChatSecure as well I guess, but I'd have to double-check.
-
Maranda
Holger: đź‘Ť
-
Maranda
I'm vaguely fought on adding auto-wiping of persistent rooms inactive for more than x time, but I guess that first or later I'll have to do it.
-
Holger
Yes I'm doing that as well.
-
MattJ
How much time?
-
MattJ
Is it really necessary?
-
Maranda
MattJ, that's the tricky question
-
Maranda
MattJ, and that's the other tricky question.
-
Holger
On my servers one year.
-
MattJ
I guess there may be a MAM archive to remove for privacy reasons?
-
Holger
Yes. And JIDs on affiliation lists,
-
Maranda
MattJ, in my case that wouldn't be a problem everything gets wiped when room is destroyed
-
MattJ
Sure, I'm not saying it's a problem - I'm thinking of reasons why you should remove the room in the first place
-
Holger
Same here, the point was that this is one of the reasons to not keep around dead rooms forever.
-
Holger
Besides data hyhiene I see neither strong reasons to remove nor to keep.
-
Maranda
MattJ, me too honestly, on lightwitch.org maybe not much but on a busier service if people with those clients start creating a dozillion of "private crypto clubs" like those then ditch 'em and forget about 'em... maybe it starts to become a problem.
-
MattJ
I work on a service that probably has over a million MUC rooms (plus archives)
-
MattJ
But yes, data hygiene :)
-
Link Mauve
Maranda, AIUI the goal is more to emulate groups of friends than cryptoanything.
-
Link Mauve
The model here is WhatsApp AFAIK.
-
Maranda
Link Mauve, yeah I got that much, but I thought somehow it could start involving OMEMO :P
-
MattJ
It probably does, but that's separate - using generated names for MUCs is quite an old approach, I'm sure some desktop clients do it too
-
Link Mauve
Gajim for instance, when you “invite more people to a 1 to 1 conversation”.
-
Link Mauve
Alongside the upload of the previous history.
-
Maranda
Link Mauve, *upload of the previous history* 🤔 🤔 🤔
-
Link Mauve
Maranda, this protocol: https://xmpp.org/extensions/xep-0045.html#continue
-
Maranda
ohh
-
Maranda
it may sound cruel but I think I'll default the inactivity expiral to the usual ChanServ one on IRC (it's configurable of course)
-
Maranda
(aka one month)
-
Maranda
(and there's a configurable whitelist as well)✎ -
Maranda
(and there's a configurable whitelist as well, also cleaning has to be explicitly enabled) ✏
-
pep.
As long as you say you're doing it in your policies, I don't see the issue. Re removing old inactive rooms
-
MattJ
and what counts as "inactive"?
-
MattJ
No messages? or nobody joined?
-
Licaon_Kter
MattJ: I'd go with "no messages"
-
MattJ
So in this case you just notify everyone in the room that the room has been destroyed?
-
Holger
I do "nobody joined".
-
Holger
This already catches the vast majority of dead rooms for me.
-
MattJ
Good to know
-
Maranda
MattJ: "nobody joined" I count only stanzas from occupants as last activity
-
Link Mauve
Licaon_Kter, it seems JabberFR has had the same attack as draugr.de, at least against a user named the same way.
-
Link Mauve
I just handled it.
-
Maranda
Ohh that's why it hickupped yesterday
-
Licaon_Kter
Link Mauve: link?
-
Link Mauve
https://statut.jabberfr.org/incident/20
-
peter
Thanks, Link Mauve!
-
Link Mauve
Already half of them sent an automated reply that this mailbox doesn’t exist. :|
-
Link Mauve
On freaking abuse@…
-
peter
sigh
-
lejtes
Test