Licaon_Kter: statistics show a clear misunderstanding of the purpose of the manifest.
Licaon_Kter
_"10 out of 10 agree with atom"_
perflysthas left
atom
Licaon_Kter: you are witty, but your jokes do not solve the problem.
Martin
> Licaon_Kter: statistics show a clear misunderstanding of the purpose of the manifest.
Why don't you help to clarify it?
perflysthas joined
Martin
What is the point they get wrong?
solhas left
solhas joined
Licaon_Kter
atom: what is the problem? As Martin said, effing add a PR and clarify it instead of "omg delete github" reaction that 404 has
jayteeukhas left
jayteeukhas joined
atom
Licaon_Kter: the problem is that the manifest is bad. it does not include a list of all manifest compliant servers. the list of servers subscribing by manifest becomes scapegoats.
atom: you know there's *another* list with the actual blocked servers, right?
Licaon_Kter
This is just a page with "I agree spam is bad"....and nothing else
Martin
> scapegoats
Scapegoats for what?
atom
Licaon_Kter: Communities of servers such as blabber and disroot use the manifesto to criticize that all signatories want to enter registration by phone number and for block competitors' servers.
atom
The manifest is bad because it allows such interpretations.
perflyst
i am quite sure muppeth never said that
atom
perflyst: ask him to sign the manifesto, he will refuse.
perflyst
yes, for good reasons
perflyst
but i will put my hand for him in fire that he never said that all servers on the list will block any servers which not on the list nor forcing phone number
guesthas joined
atom
> This is just a page with "I agree spam is bad"....and nothing else
I understand this, others do not understand.
atom
> but i will put my hand for him in fire that he never said that all servers on the list will block any servers which not on the list nor forcing phone number
This is what users of his server and his community say.he does not sign the manifesto for this reason.
perflysthas left
atom
the manifest in the form in which it exists is unnecessary and harmful. Did the manifest win spam? - not. Did he create a bunch of criticism? - Yes
perflysthas joined
Bakuninhas left
Bakuninhas joined
perflysthas left
Licaon_Kter
atom:
> Communities of servers such as blabber and disroot use the manifesto to criticize that all signatories want to enter registration by phone number and for block competitors' servers.
Links? Pics? Provide some effing evidence...e
Licaon_Kter
Competitors? Wtf?
jayteeukhas left
jayteeukhas joined
atom
Licaon_Kter: I have no purpose to convince you. If you are looking for evidence, you will find it yourself by creating a discussion.
Martin
> the manifest in the form in which it exists is unnecessary and harmful. Did the manifest win spam? - not. Did he create a bunch of criticism? - Yes
People following the manifesto got spamming servers operators improve their spammer detection, countless spammers were deleted and some abandoned servers even shut down. It's progress. What did you expect? Spam instantly stopping from one day to another? It's a continuous process.
solhas left
solhas joined
perflysthas joined
atom
Martin: spammers create accounts not on shabby servers, but on active servers. how will the manifest help from spam if the spammer creates an 100 000 account on yax.im?
Bakuninhas left
Bakuninhas joined
Martin
yax.im is good at detecting spammy behavior so they go for easier victims.
Alinhas left
atom
Martin: I got spam from yax.im
perflysthas left
perflysthas joined
Marandahas left
Marandahas joined
jayteeukhas left
jayteeukhas joined
marc0shas left
marc0shas joined
perflyst
can happen, nothing is perfect
but that is why contact addresses exist
jayteeukhas left
jayteeukhas joined
atom
spammers receive $ 50-100 for spam mailings. New domain price $ 1
guesthas left
Ge0rG
I haven't had outgoing spam on yax.im in over a year. And before that, I was really fast at finding the accounts and deleting them.
atom
the price for 1000 captcha is also 1 dollar
Ge0rG
atom: you've created the discussion. You don't have any evidence. I know there was controversy about the manifesto, but not in the ways you argue
atom
Ge0rG: I do not have s2s for about a year. therefore, I have not received spam from yax.im for about a year.
Ge0rG
atom: so you tell me you received a spam message from yax.im once, and now it's your proof of the manifesto not working?
Licaon_Kter
> I have no purpose to convince you. If you are looking for evidence, you will find it yourself by creating a discussion.
Why not put theis evidence there on Github instead of coming down the mountain with *"TEN"* in your hands?
Licaon_Kter
> atom: are you the new 404city support or PR or socket puppet or?
atom
Ge0rG: I do not argue about the manifesto.I suggest to execute pull request.
> Ge0rG: I do not have s2s for about a year. therefore, I have not received spam from yax.im for about a year.
so 404city users and the other way cannot chat with yax.im users?
perflyst
Nice anti spam
solhas left
solhas joined
Ge0rG
perflyst: yes, sadly
perflyst
rather i would get spam than not being able to chat with someone
atomhas left
atomhas joined
Licaon_Kter
Ge0rG: wait...so he bans server willynilly then comes to github to take the manifesto down? Hypocrisy much?
perflysthas left
perflysthas joined
Ge0rG
Licaon_Kter: it's not a ban, we just have different opinions on which ciphers are secure
so 404 to yaxim works as you support "old" RSA and new ecc?
perflyst
or what do you wanna say
atom
404 use ECC
perflyst
even if the receiving server extremly unsecure, dont you want as admin the best server support?
i mean normally you also allow weak ciphers on email so nobody has issues with any old shitty remote server
At this time Prosody stable does not support SNI in their HTTP library. I have enabled Google’s captcha but it will not work without SNI support from Prosody. Please see this tweet for further details:
atomhas left
Maranda
Uh?
Maranda
That doesnt make sense... 🤣
solhas left
solhas joined
Maranda
Because no spam bot on xmpp can solve recaptcha
Ge0rG
Recaptcha can be bought from India
Maranda
Ge0rG: "chingalini" human solving yay 🤓
Maranda
Too much money for xmpp
stpeter
How much?
Maranda
Again the more I read the more *PEBCAK* resonates impedingly in my mind
stpeter
I don't know how much money people pay for XMPP spam vs. email spam....
Maranda
stpeter: too much, nothing pierced through mod_spim_block from when I implemented reCAPTCHA, and for nothing I mean nothing
Maranda
Not even just mail verification for IBR
Licaon_Kter
atom: get Maranda, the enemy of privacy, asking for email
kmqhas joined
Maranda
Right
Ge0rG
And use recaptcha
Maranda
And sending stuff to evil google
Maranda
> And use recaptcha
💖💋
Licaon_Kter
Hey, I can't even solve reCaptcha, so it must be gud
Maranda
Licaon_Kter: well it works
andrey.utkinhas left
Maranda
It's numbers (for now) not xml confettis 🤷🏼♂️
volkerhas joined
Jonnyhas left
perflysthas left
perflysthas joined
jayteeukhas left
jayteeukhas joined
Jonnyhas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
Martinhas left
Martinhas joined
Ge0rG
I'm not doing any of those, but spammers on my server won't ever reach their audience, and get deleted promptly. And my users can just simply do IBR
404.cityhas joined
atomhas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
atom
Recaptcha is useful when adding contacts or first sending messages. Recaptcha at registration is ineffective. https://rucaptcha.com/ $0.60 = 1000 recaptcha solution
Ge0rg wanted to know when they deleted spammers, not when they added recaptcha…
Jonnyhas joined
Licaon_Kter
Martin: right, just that it seemed they're given up
Ge0rG
So it's time to report to them again
rom1dephas left
rom1dephas joined
jayteeukhas left
jayteeukhas joined
felixhas left
felixhas joined
perflysthas left
atomhas left
madmalkavhas left
madmalkavhas joined
solhas left
solhas joined
volkerhas left
SouLhas left
Alinhas joined
SouLhas joined
solhas left
solhas joined
paulhas left
paulhas joined
atomhas joined
atom
> Ge0rg wanted to know when they deleted spammers, not when they added recaptcha…
Martin: Use backup before mass bot registration
Martin
?
Martin
I don't have registry open.
atom
Martin: incorrectly translated you
Ge0rG
What? Just restore from backup and lose everything that happened after it?
atom
Ge0rG: yes. xmpp.is used backup for delete 100 000 bot account
solhas left
solhas joined
ralphmhas left
ralphmhas joined
Ge0rG
Because you can't just delete them?
marc0shas joined
atom
I think this server has a daily backup
jayteeukhas left
jayteeukhas joined
Ge0rG
That doesn't matter
kmqhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
Maranda
atom, but that doesn't work, *coughs*
jayteeukhas left
jayteeukhas joined
tom
Why was recaptcha chosen over any other captcha system?
solhas left
solhas joined
jayteeukhas left
jayteeukhas joined
sonnyhas left
Maranda
tom, because it's the only one that _does something_?
tom
What is does something?
tom
I don't understand
Maranda
the opposite of _does nothing_
tom
I don't understand
Maranda
🤷♂️
Licaon_Kter
tom: not bypassed
tom
Perhaps your doing something wrong them. The whole point of captchas are to stop bots
atom
> Why was recaptcha chosen over any other captcha system?
recaptcha is a good captcha, but it is powerless against schoolchildren introducing captcha for 1 dollar per month.
jayteeukhas left
jayteeukhas joined
tom
» recaptcha is a good captcha
It is really not in my experience. For one it false-positives 90% of the time if your not signed into a Google account or using a Google branded browser, it also leaks your metadata to Google which use it in nefarious ways which may not always be GDPR compliant or follow the correct privacy laws per jurisdiction, and a lot of people are not comfortable or OK with helping Google replace drivers with AI or listening to random audio recordings from people's homes.
tom
And other times it will just decide that it does not like you and make you infinitely solve visual puzzles
atom
tom: recaptcha has translation into all languages of the world
tom
Recaptcha is especially a problem for the handicapped, and a lot of the times it will not let you solve audio based captchas
tom
Not to mention you must ping google to even load the javascript in, which is a privacy hazard in of itself
Maranda
> it also leaks your metadata to Google which use it in nefarious ways
huhu care elaborating which such important metadata does it leak to google that it could use in such "nefarious" ways please?
atom
tom: recaptcha is a good captcha for stop bots, because it is not able to be solved by a bot.I'm talking about technology. google good or evil is a separate issue.
tom
It's not able to be solved by non-google using people either
jayteeukhas left
jayteeukhas joined
sonnyhas joined
atom
people have to pay for solving captcha. if you need to enter a lot of captchas, the cost rises.
WebPigeonhas joined
solhas left
solhas joined
atom
plus it slows down mass mailing. the number of people deciding on captcha is also limited.
Pingu from Woodquarterhas left
perflysthas joined
SouLhas left
tom
There are plenty of replacement captcha services and self hosted solutions, as well as protocol-level options such as rate-limiting certain endpoints per ip range
Pingu from Woodquarterhas joined
tom
And adaptive intrusion prevention systems
atom
even a simple captcha will cause problems for spammers if they receive it when adding a contact.
jayteeukhas left
jayteeukhas joined
tom
Just slapping a javascript captcha on something, and the worse one at that doesn't just *reduce* the amount of bots, it also reduces your legitimate traffic, angers users, and violates their privacy by allowing information disclosure to third parties
tom
I run ecommerce websites. There's a lot more at stake when your dealing with actual money is products than just a message passing system that can be used for spam
atom
tom: what other measures do you offer besides captcha?
stpeterhas left
WebPigeonhas left
perflysthas left
perflysthas joined
stpeterhas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
dianehas left
dianehas joined
lorddavidiiihas left
lorddavidiiihas joined
Marandastill didn't get an answer.
Maranda
Huhu
Ge0rG
atom: today's xmpp spam can be easily detected and blocked without any captcha
Jonnyhas left
holgerhas left
Jonnyhas joined
Marandahas left
Martin
contains russian, contains something about coins and telegram links → spam
solhas left
solhas joined
jayteeukhas left
jayteeukhas joined
atom
Martin: these are popular topics of discussion among Russians
Marandahas joined
Martin
Ok, a message containing all three things can be a normal message?
ibikkhas left
ibikkhas joined
kmqhas left
Frinkelhas left
Frinkelhas joined
atom
Martin: Some spam bots divide one message into several and even lead a simple dialogue. Now this type of spam bots has become less popular.
Ge0rG
atom: the worst one so far just sent different versions of "hello" and spammed you when you responded
solhas left
solhas joined
atom
Ge0rG: yes
WebPigeonhas joined
Ge0rG
But I've only seen one such bot, with a single JID. Easy to block again