jdev - 2022-08-13


  1. r4v3r23

    hello

  2. r4v3r23

    are there any XMPP clients that enforce OMEMO?

  3. MSavoritias (fae,ve)

    Profanity and conversations and forks have an option to do so

  4. r4v3r23

    MSavoritias (fae,ve): they block any non-OMEMO messages?

  5. MSavoritias (fae,ve)

    They will basically make every 1:1 chat and private group chat you are in to be omemo. Which makes everybody forced to use omemo with you. Thats the idea at least. Xmpp being a federated system clients may ignore it

  6. jonas’

    last time I checked conversations accepted inbound unencrypted messages just fine

  7. r4v3r23

    jonas’: I think I noticed the same

  8. jonas’

    (which is good)

  9. jonas’

    (which is good, IMO)

  10. r4v3r23

    is it possible to create a client that enforces all conversations to use OMEMO over Tor?

  11. lovetox

    no

  12. lovetox

    clients can not enforce anything on other clients

  13. lovetox

    if you want to enforce stuff, you should probably look at server mods

  14. r4v3r23

    meaning only users of that app will communicate over omemo/tor

  15. Link Mauve

    r4v3r23, what do you want to happen when I send you a message not using OMEMO?

  16. Link Mauve

    Do you want to be able to read it to get the chance to tell me to enable OMEMO, or do you want it to plain not be shown to you?

  17. r4v3r23

    reject it. only allow comms using OMEMO

  18. techmetx11

    forcing OMEMO when sending your messages is cool, but rejecting all messages that aren't OMEMO-encrypted is stupid

  19. r4v3r23

    why?

  20. r4v3r23

    I'm not asking if its stupid. is it possible?

  21. MSavoritias (fae,ve)

    No because you dont control everybodys clients

  22. techmetx11

    yes

  23. techmetx11

    sometimes you have to tell them to enable OMEMO

  24. techmetx11

    and they'll probably happily do it for you :)

  25. lovetox

    r4v3r23, it depends what your goal is

  26. lovetox

    if a user sends you a unencrypted message, and your client simply does not show it to you

  27. r4v3r23

    my goal is OMEMO to OMEMO chats only

  28. lovetox

    for outsiders a unencrypted message with a specific content was still sent to your device and was received there

  29. r4v3r23

    with no option to have it disabled

  30. techmetx11

    then ask them to enable OMEMO :)

  31. lovetox

    r4v3r23, of course you can write your own client that does not allow to disable omemo

  32. lovetox

    still you would need to force people to use it, and you basically cannot find out if they dont

  33. techmetx11

    yes

  34. lovetox

    if your goal is, "I want all communication encrypted" you dont need omemo

  35. lovetox

    simply set up your own server, register an account for all users you want to chat with, and force TLS connections on the server

  36. lovetox

    then you can be sure all traffic from all accounts to other accounts on the same server is encrypted, and no client has a possibility to circumvent that

  37. r4v3r23

    and if I wanted to build an app that any one can use?

  38. flow

    r4v3r23, then you dan do that too, but it will obviously cause problems if you want to federate with other implementations outside of your control

  39. r4v3r23

    like an XMPP version of signal

  40. lovetox

    why not use signal?

  41. r4v3r23

    flow: it wouldn't, it would just be for users of that app

  42. lovetox

    you want to create a walled garden messenger service

  43. lovetox

    why not use one of the existing ones?

  44. flow

    I think there a very valid reasons for not using signal

  45. techmetx11

    such as, phone number requirement

  46. lovetox

    there is no need for you to guess what potential reasons could be to not use signal, it was a question to r4v3r23 why he doesnt use it

  47. lovetox

    seems he needs a app that always is E2E encrypted, does not support unencrypted communication, and all users should use the same app

  48. lovetox

    until now all boxes are checked for signal :)

  49. flow

    r4v3r23's questions seemed to be more from a developers perspective than a users one

  50. r4v3r23

    I don't like signals phone number requirement

  51. r4v3r23

    and prefer onion to onion addresses

  52. techmetx11

    i wonder, should there be an XEP for requesting the other party to enable encryption

  53. Stefan

    :) I have to reject all the time :)

  54. techmetx11

    :)

  55. Stefan

    OMEMO is not working for me.

  56. techmetx11

    omemo just works for me

  57. lovetox

    r4v3r23, i would start with forking some mobile client like cnversations, add all your requirements, like TOR connection, and always OMEMO

  58. r4v3r23

    yeah that's what I think I'll do

  59. lovetox

    then you need to setup servers, and reject all communication that does not come from your app

  60. lovetox

    and last step you need to convince users to download your app

  61. Martin

    But then non-e2ee messages still go from normal users client to normal userser server and from normal users server to r4v3r23 server without e2ee and are only dropped at r4v3r23 server.

  62. lovetox

    > and reject all communication that does not come from your app

  63. lovetox

    and his app does only register accounts on his server

  64. Martin

    Still people can write from normal clients using normal servers as long as s2s is not disabled.

  65. lovetox

    no, because his app does only connect to his server

  66. Martin

    Building a silo like WhatsApp does you can of course enforce everything.

  67. lovetox

    and the server accepts only connection from the app

  68. lovetox

    so there is no s2s

  69. Martin

    Ah, I only got the c2s limitation and the implied disabling of s2s was not clear to me.

  70. Martin

    But I really dislike the idea of building silos. Rather tell the people to use omemo when they don't than simply blocking communication.

  71. Martin

    Wasn't there a terrible server which didn't deliver messages without otr.

  72. Martin

    Wasn't there a terrible server which didn't deliver messages without otr?

  73. techmetx11

    i think it's better to tell people to use omemo

  74. techmetx11

    i mean you only do it once per user

  75. techmetx11

    after that it should stay enabled

  76. Martin

    https://modules.prosody.im/mod_require_otr.html mod_require_omemo when?

  77. r4v3r23

    Martin: yeah, I'm basically looking for a way to automate the ignoring of non-OMEMO messages

  78. MattJ

    I don't understand why you would want to just ignore them

  79. MattJ

    That will just lead people to think you are ignoring their messages, and you won't even know they tried to contact you

  80. lovetox

    When i change my nickname in a MUC

  81. lovetox

    does the MUC Service on sending the new presence for the new nick, include all the presence attributes like show and status?

  82. lovetox

    or better said, if i include show/status in my nickname change presence, then i can depend on it beeing broadcasted also for the new nickname presence?

  83. adx

    what's more common in the wild rn: legacy bookmarks or the pep ones?

  84. emus

    basphemic question, right? 🙂

  85. emus

    not that I dont like it 🙂