XSF Communications Team - 2023-01-19

  1. nicola

    FYI Data Protection Commission announces conclusion of inquiry into WhatsApp https://community.nicfab.it/post/26166

  2. Licaon_Kter

    A $5.5mil fine is "operational costs", nothing to see, carry on. Also... 4 years later Ireland?

  3. nicola

    > A $5.5mil fine is "operational costs", nothing to see, carry on. Also... 4 years later Ireland? It’s a hot topic for several reasons, among them: 1. DPC Ireland and the EDPB (administrative matters but relevant); 2. The phenomenon is increasing, and several EU DPAs are issuing measures with relevant fines to big players. 3. People should consider those measures to WA & co … XMPP is better 😉

  4. Peter Waher

    Note: Many of the XMPP extensions have serious privacy implications as well…

  5. nicola

    > Note: Many of the XMPP extensions have serious privacy implications as well… I know

  6. Licaon_Kter

    https://upload.convorb.im/7c370453f738f2c0c995eaee643e5e0aba76aeb0/0lcxCvR9vAKAtp3fr4b4l4AJmEd0vwwl2QecUYYY/xmppsucks.jpg

  7. Licaon_Kter

    Peter Waher: ^^^

  8. Peter Waher

    An alternative reaction would be to list these extensions & privacy concerns, so we can generate tasks to fix those

  9. nicola

    > An alternative reaction would be to list these extensions & privacy concerns, so we can generate tasks to fix those I agree with you, and I am at your disposal

  10. Licaon_Kter

    Peter Waher: are these "known" by now, 24 years have passed already :)

  11. Peter Waher

    Example: HTTP Upload need to allow the uploader to define life cycle (how long the file should be persisted on the broker) and delete uploaded files (but only the uploader should be abllowed this).

  12. MSavoritias (fae,ve)

    How is that a privacy issue?

  13. MattJ

    Users should have control over their data

  14. MattJ

    As long as they can request that their provider delete the data, and the provider complies, it's not necessarily an issue

  15. Peter Waher

    Images may be sensitive

  16. MattJ

    But it would be nice to have it supported directly in the protocol

  17. Peter Waher

    According to the GDPR requires life cycle to be defined (i.e. lifetime) to sensitive and/or private information

  18. Peter Waher

    meaning, you cannot store (process) it indefinitely

  19. MattJ

    Which most servers already don't

  20. Peter Waher

    so, you need to either define a time for all content, or allow the uploader to specify the time

  21. Peter Waher

    for each file

  22. Peter Waher

    (or allow the uploader to delete the file)

  23. singpolyma

    Could use DELETE and Expires header on the PUT endpoint for those. If the component wanted to implement them

  24. Peter Waher

    yes

  25. Peter Waher

    but it needs to be standardized

  26. singpolyma

    Needs to be implemented before it can be standardized :)

  27. Peter Waher

    don't see why

  28. singpolyma

    ... because standards always follow implementation? You can't specify something in abstract and then just hope an implementation appears. You need at least one, and ideally two

  29. Peter Waher

    it’s actually often the other way around. specification comes before implementation, at least if you want to think through things and allow different accords to come to an agreement, rather than standardize what one of the actors have already implemented

  30. Peter Waher

    I have already an implementation in our broker, but it is not my point to standardize that solution.

  31. Peter Waher

    it’s actually often the other way around. specification comes before implementation, at least if you want to think through things and allow different actors to come to an agreement, rather than standardize what one of the actors have already implemented

  32. Licaon_Kter

    Double the message double the fun?