-
Maranda
Hmm who do I need to talk to for issues with wiki.xmpp.org?
-
jonasw
Maranda, Guus and iteam
-
Maranda
jonasw, hmmm ok need to correct a few broken links
-
jonasw
if they’re wiki-internal, you can ask for an account
-
Anu
The more I think about it the more I think we need to define a standard way to treat mobile clients that don’t really go offline
-
Maranda
jonasw, request where?
-
Ge0rG
Maranda: here. Tell me your username and email address
-
Ge0rG
Anu: yes, there are short-term and mid-term ideas for that. Short-term: combine 0198 with Push to keep a disconnected session "alive" as long as it comes back after a push message
-
Maranda
Ge0rG, username this nick, e-mail maranda@lightwitch.org
-
Ge0rG
Maranda: A randomly generated password for Maranda has been sent to maranda@lightwitch.org.
-
Anu
Ah ok. I was having a discussion about it on Twitter and realized all of us client developers were coming up with our own suggestions
-
Ge0rG
Anu: mid-term we'll probably move more and more status and configuration options from the client to the account, like a status message and notification configs
-
Maranda
Ge0rG, let's wait on Greylisting ™
-
Maranda
:P
-
Anu
Also once we suppress presence (offline /online) in our clients
-
Anu
What’s the point of subscription
-
Ge0rG
Anu: subscription is also an anti-spam whitelist
-
Zash
And feature advertising
-
Anu
Ive has fun explaining subscription to people
-
Anu
Because nothing else has it (at least visible ) these days
-
Ge0rG
Anu: just hide bidirectional subscription from them.
-
Anu
Yes that’s what I’m thinking of doing
-
Ge0rG
Anu: I hope that with things like PARS (XEP-0379) and Easy Invitations (XEP-0401) that'll get easier
-
Ge0rG
Anu: in yaxim I have "Contact can see your status" for one direction and a [?] contact icon for the other
-
Anu
We have many ways hiding al of this
-
Ge0rG
no wait, it's the same.
-
Anu
Unless I’m not aware of it there isn’t a document with recommendations
-
Ge0rG
Unfortunately, yes.
-
Anu
So either several developers come together and make up our own
-
Anu
Circumventing the process
-
Ge0rG
We are using the wiki for which things, if we aren't yet ready to make them official
-
Ge0rG
Anu: the standards list archive has some ideas as well. I'm trying to link and document them, but that takes time
-
Maranda
Ge0rG, there links fixed, thank you :P
-
Ge0rG
Maranda: thank you!
-
Anu
Ah is the wiki public? I’d like to not reinvent the wheel
-
Ge0rG
Anu: yes, https://wiki.xmpp.org/web/Main_Page
-
Anu
Sorry I meant the actual page where these suggestions are being written up
-
Ge0rG
Anu: I try to put usability improvements under https://wiki.xmpp.org/web/Category:Easy_XMPP
-
Ge0rG
Also assorted pages, like https://wiki.xmpp.org/web/XEP-Remarks/XEP-0280:_Message_Carbons
-
Ge0rG
Maybe we need a new category for that, "Usability"?
-
Anu
Yup this is exactly what I was thinking of doing. Great
-
Ge0rG
Yay, I just realized that the standards@ ML archive links from 2014 are all wrong
-
Ge0rG
Thanks, mailman.
-
Anu
I’ve realized that xmpp has so much legacy stuff that is based on AIM or IRC
-
Anu
It’s like aim and irc had a baby
-
Anu
Haha
-
Ge0rG
Anu: I think you mean ICQ.
-
Anu
Nope muc is an irc clone
-
Anu
It made sense in the 90s because that’s what people were familiar with
-
Anu
But feels super antiquated now
-
Ge0rG
Anu: ICQ and IRC.
-
Ge0rG
not AIM and ICQ
-
Ge0rG
Anu: the MUC spec is a horrible mess, with many rough edges and unspecified corner cases. I'm fixing it slowly.
- Maranda mumbles.
-
Anu
Ah yes
-
Anu
I saw there was an effort to make a new group chat spec
-
Maranda
Hmm clients supporting Process Hints up-today?
-
Anu
What’s process hints?
-
Ge0rG
Anu: the new group chat is MIX, and it's already huge and complex and nobody has implemented it yet.
-
Maranda
-xep 334
-
Bunneh
Maranda: Message Processing Hints (Standards Track, Deferred, 2018-01-25) See: https://xmpp.org/extensions/xep-0334.html
-
Ge0rG
Anu: did you follow the last Summit discussions? I have collected a long list of current issues we need to address at https://op-co.de/tmp/whats-wrong-with-xmpp-2017.pdf
-
Anu
I haven’t, no. Just had a baby and have mostly dropped off the planet
-
Anu
I’ve implemented group chat for several closed protocols
-
Ge0rG
Anu: ah, you've been working on increasing the number of xmpp users? That's laudable!
-
Anu
Let’s just say there is no version that easy or clean
-
Anu
:)
-
Anu
It’s a way to keep my mind active at nap time
-
Anu
The other thing I’ve realized is that no one really uses status messages anymore
-
Anu
I’ve had it under the name on the contact list for a decade
-
Maranda
Ge0rG add the horrible misconception of "MAM and Room Logging" to the muc list. People seem to think that MAM doesn't equate to "recording conversations" apparently (and the fact that status 170 should always be used whenever discussions are recorded server-side)
-
Anu
But at some point people started posting their status to twitter/fb not on chat
-
Anu
All of this logging is going to break so bad with gdpr
-
Anu
No idea how small xmpp servers are going to handle pseudo-anonymization
-
Anu
And purge requests
-
Maranda
I already have a protocol for purging, and Processing Hints for not storing. But purging archives seems another controversial we have here.
-
Anu
Severs should have an option to run in gdpr mode
-
Anu
Ip logs too
-
Anu
Names, nick names etc
-
Anu
It’s a mess
-
Anu
I think the rules were made for large companies with resources but it’s going to impact any small server
-
Zash
Have we figured out what "GDPR mode" means yet?
-
Anu
I would say regular log purging.
-
Anu
Minimal logging at info level
-
Anu
Switching to debug mode usually lets you get away with more verbose logging
-
Anu
And not keeping message history beyond the legal max
-
Anu
It’s bad ux but that’s kind of the point
-
Ge0rG
Anu: it's okay to keep message logs the users actually want.
-
Ge0rG
Anu: all you need is consent from the user and some interface to download / purge
-
Maranda
Anu: the "legal max" being? Didnt have time to even glance at that thing.
-
Maranda
Well consent could be just setting logging default (mam prefs eg) to disabled.
-
Maranda
I suppose
-
Ge0rG
Maranda: not quite, the user should have to agree when registering, and maybe get an explicit info from the client when enabling mam
-
Maranda
"from the client" 😉
-
Maranda
Ge0rG the good thing with doing backends is that UI/X stuffis mostly irrelevant to me hehe
-
Maranda
s/doing/dealing/
-
Maranda
And *dealing with*
-
Anu
Hah
-
Anu
Except the fines for gdpr are steep
-
Anu
Up to 10 million euros or 2% of revenue for minor fines
-
Anu
€ 20 million or 4% for worse infractions
-
Anu
A few fines can quickly shut down smaller services
-
Maranda
When a user registers to my server he/she has to consent to the service agreement anyways so it's possibly one or two more lines there
-
Anu
Service agreements dont override law though
-
Anu
Otherwise fb et al would just change their eulas
-
Anu
We only have until May 25 to be compliant
-
Anu
It’s a serious headache for tech companies
-
Maranda
True but if gdpr wants user consent
-
Maranda
This is more a problem with IBR not OOBR
-
Zash
You could argue that use of IBR implies consent to whatever.
-
Zash
You could also argue that the moon is made of cheese. Also IANAL and neither are you! :P
-
Anu
Haha
-
Anu
Also how do we recommend people handle xfer of data in and out of Europe ?
-
Zash
How's those XSF-GDPR meetings going?
-
Anu
I assume the xsf has legal help.
-
Maranda
Anu, and yes service agreements are never normative but in the end if there's an issue you'll end in a court so I don't see where's the problem
-
Maranda
(a ToS/EULA here has *no value* at all, you'll get to debate it anyways)
-
Anu
Yeah
-
MattJ
Maranda, if you end in a court and your ToS disagrees with GDPR, you're going to have a hard time...
-
Anu
From my understanding if we address logging, log anonymization, allow data export and data purging it covers most bases
-
Anu
Curious to see how this plays out for smaller, more resource constrained xmpp providers
-
Maranda
Maybe MattJ, I'm very transparent on what data I collect, so I don't think that would be the case anyways
-
Anu
Gdpr has been my life for the past year or so, it’s going to be a barrier for entry in messaging
-
moparisthebest
Still sounds easiest and safest to just ban EU residents from servers
-
Zash
You know what's even easier? Not running an XMPP server at all!
-
Anu
Haha yup
-
Anu
Or run it out of Europe and beyond the reach of their law enforcement
-
Maranda
My server is located in New Ark, although I'm not.
-
Maranda
(the thing running the xmpp one at least)
-
Maranda
:P
-
moparisthebest
The only thing that somewhat concerns me is federation
-
moparisthebest
I'd be sad if I had to disable federation with EU servers
-
Anu
Probably will
-
MattJ
That's not a solution
-
MattJ
Plenty of EU citizens use US servers :)
-
MattJ
So just because you receive a message from a non-EU server doesn't mean you can assume it didn't come from an EU citizen
-
Anu
Jokes aside , gdpr is made to force global compliance
-
Anu
So us servers will have to implement it too
-
Anu
It’s based on the possibilities of doing business with an eu citizen
-
Ge0rG
Anu: please come to our next xsf GDPR meeting
-
Ge0rG
Anu: https://wiki.xmpp.org/web/GDPR
-
Anu
I will try.
-
Anu
Can I add questions for the lawyer to that wiki page?
-
Anu
I’m very concerned about federation
-
Anu
Might be an end of an era for non Balkanized Internet
-
Ge0rG
Anu: we have so far tried to address the local user case. I'm hopeful that s2s delivery of messages will be permitted by assuming consent from the sender.
-
Ge0rG
Anu: it would be great if you could join the meeting so we know the context of the questions you want to add.
-
Anu
Ok
-
moparisthebest
whether they meant to enforce global compliance or not (I think you are right), sorry the EU is just a tiny portion of the internet and they cannot do it
-
moparisthebest
they can enforce it on companies that operate in the EU and that is it, EU citizens will probably suffer from walled gardens but then they should vote to fix the situation I guess...
-
moparisthebest
(or just use non-EU servers and don't mention they are from EU?)
-
Zash
So, on May 19, it will have been 4 years since https://github.com/stpeter/manifesto/blob/master/manifesto.txt went into effect.
-
Zash
Assuming I can count.
-
MattJ
How is http://opendiscussionday.org/ still running?
-
Zash
I was looking for that just now. I had to look up the manifesto to remember the exact date
-
Maranda
Last modified: 2018/03/09 08:24 🤔
- Maranda wonders if the there's any client implementation for [xep 273]
-
Zash
Bunneh: xep 273
-
Bunneh
Zash: Stanza Interception and Filtering Technology (SIFT) (Standards Track, Deferred, 2011-06-27) See: https://xmpp.org/extensions/xep-0273.html
- Maranda eyes Bunneh.
-
Maranda
Bunneh what's your inline syntax tell me :P
-
pep.
{}
-
Zash
Nooooooooooooooooooooooooooooooooooooo
-
pep.
Did I just kill it
-
Zash
Bunneh: tell pep. no
-
pep.
It doesn't seem to comply much
- Maranda thinks {ping}
-
Bunneh
Maranda: pong
-
Maranda
Bunneh just doesn't like inline syntax :P
-
Maranda
Ohhh
-
Maranda
Now Gajim shown that with delay lol
-
Zash
It adds some kind of attaching tag to indicate its bottyness
-
Zash
I forget which
-
pep.
Ge0rG, I was told (but HINAL either) that even s2s should "just" require consent, as long as we're transparent and we say "This _can_ happen". Though technically that means "We have no clue what can happen on the other end"
-
Ge0rG
pep.: I suppose the other server is also bound by GDPR
-
moparisthebest
how is the other server supposed to get consent Ge0rG ?
-
pep.
I assume so
-
pep.
moparisthebest, I would say it doesn't get it explicitely from s2s users
-
Ge0rG
moparisthebest: you need to forward messages to the other server for them to reach the receiver.
-
moparisthebest
for a specific example, how is my server supposed to get consent from everyone in this channel to log their messages?
-
Ge0rG
moparisthebest: this is a public room
-
moparisthebest
is that different?
-
pep.
Ge0rG, though the same happens with private rooms here
-
moparisthebest
how do you even tell which is which
-
Ge0rG
moparisthebest: but if I send you a private message, I must assume that your server will process it
-
moparisthebest
this is dumb, EU should feel ashamed and you EU citizens should fix your crappy law :P
-
pep.
moparisthebest, if it's s2s I don't think you do. I would say the c2s server has to state in its EULA that data will be sent to other services and will be processed there
-
pep.
But IANAL, of course
-
Ge0rG
So this might be considered implicit agreement. Processing is legal to fulfill a legitimate interest of a third party. The receiver is the third party and their legitimate interest is to receive my message
-
Ge0rG
moparisthebest: stop trolling us. You Americans have been fucking with our privacy long enough already
-
Anu
There is also right to be forgotten stuff
-
Anu
That’s for public records
-
Anu
It really is a mess
-
moparisthebest
Ge0rG, are you talking about facebook? I agree, so here's an idea I've been following forever, don't use facebook
-
Ge0rG
moparisthebest: I told you about Facebook already.
-
pep.
Anu, yeah not sure how to apply that over s2s
-
pep.
And it's not like I was going to keep a record of servers the user has been talking to, so I can then ask these servers to delete his stuff :/
-
Anu
I think on some level this is like email and someone will have to chase down every server with their info but on the other hand there might be consequences for the server that sent the info
-
Anu
Like google had to remove links from its index but can’t stop the news links from existing on the net
- pep. checks for Gmail's EULA
-
moparisthebest
I feel like it's exactly like email, and whatever applies there must apply here
-
Anu
Everyone is updating for gdpr
-
UsL
doesn't matter if it is the EU or the States. It is all part of the same goal.
-
Anu
None of us are done but you will start seeing new gdpr related Eulas soon
-
Zash
Let's all include a long EULA in the email footer
-
moparisthebest
IF YOU RECIEVED THIS EMAIL IN ERROR YOU MUST DELETE IT RIGHT NOW
-
moparisthebest
like all corporations send? I'm sure that's *super* legally binding
-
pep.
moparisthebest, yeah, that is useless
-
Ge0rG
Zash [18:05]: > Let's all include a long EULA in the email footer In the xmpp message footer
-
pep.
<message><footer/></message>
-
Anu
Haha
-
Ge0rG
pep.: it must be in the body for backwards compatibility reasons
-
moparisthebest
also e2e
-
pep.
Ge0rG, :@
-
moparisthebest
really the only part that concerns me is what Anu said " on the other hand there might be consequences for the server that sent the info"
- pep. gets the axe and goes to hunt whoever invented the term "backward compatibility"
-
moparisthebest
it's easy to get explicit consent from your users, and tell them what *you* are doing
-
moparisthebest
but once you send it over that s2s link, it's gone, out of your and your user's control forever
-
pep.
moparisthebest, it's possible to warn them "Hey, we have no clue what happens to messages sent to other servers"
-
pep.
I don't know what legal value this has though
-
pep.
Also users are not really often aware of the boundaries
-
pep.
They add the contact once, maybe they pay attention to the JID, but probably quickly forget about it
-
moparisthebest
s/users/lawyers creating EU privacy laws/
-
Anu
The whole nature of federation means a use has no idea what servers they are talking to
-
pep.
Not like email where you often see the email you send to
-
Maranda
while you keep wasting time with GDPR....
- Maranda played a bit more with SIFT and added some more stuff...
-
Maranda
:P
-
Maranda
probably something people will never use ™
-
Maranda
also removed {xep 91} layovers which is a plus.
-
Bunneh
Maranda: Legacy Delayed Delivery (Historical, Obsolete, 2009-05-27) See: https://xmpp.org/extensions/xep-0091.html