atomLicaon_Kter: statistics show a clear misunderstanding of the purpose of the manifest.
Licaon_Kter_"10 out of 10 agree with atom"_
perflysthas left
atomLicaon_Kter: you are witty, but your jokes do not solve the problem.
Martin> Licaon_Kter: statistics show a clear misunderstanding of the purpose of the manifest.
Why don't you help to clarify it?
perflysthas joined
MartinWhat is the point they get wrong?
solhas left
solhas joined
Licaon_Kteratom: what is the problem? As Martin said, effing add a PR and clarify it instead of "omg delete github" reaction that 404 has
jayteeukhas left
jayteeukhas joined
atomLicaon_Kter: the problem is that the manifest is bad. it does not include a list of all manifest compliant servers. the list of servers subscribing by manifest becomes scapegoats.
jayteeukhas left
jayteeukhas joined
perflystatom: are you new 404city support?
stpeterhas left
perflystatom: are you the new 404city support?
solhas left
solhas joined
Bakuninhas left
Bakuninhas joined
Licaon_Kteratom: you know there's *another* list with the actual blocked servers, right?
Licaon_KterThis is just a page with "I agree spam is bad"....and nothing else
Martin> scapegoats
Scapegoats for what?
atomLicaon_Kter: Communities of servers such as blabber and disroot use the manifesto to criticize that all signatories want to enter registration by phone number and for block competitors' servers.
atomThe manifest is bad because it allows such interpretations.
perflysti am quite sure muppeth never said that
atomperflyst: ask him to sign the manifesto, he will refuse.
perflystyes, for good reasons
perflystbut i will put my hand for him in fire that he never said that all servers on the list will block any servers which not on the list nor forcing phone number
guesthas joined
atom> This is just a page with "I agree spam is bad"....and nothing else
I understand this, others do not understand.
atom> but i will put my hand for him in fire that he never said that all servers on the list will block any servers which not on the list nor forcing phone number
This is what users of his server and his community say.he does not sign the manifesto for this reason.
perflysthas left
atomthe manifest in the form in which it exists is unnecessary and harmful. Did the manifest win spam? - not. Did he create a bunch of criticism? - Yes
perflysthas joined
Bakuninhas left
Bakuninhas joined
perflysthas left
Licaon_Kteratom:
> Communities of servers such as blabber and disroot use the manifesto to criticize that all signatories want to enter registration by phone number and for block competitors' servers.
Links? Pics? Provide some effing evidence...e
Licaon_KterCompetitors? Wtf?
jayteeukhas left
jayteeukhas joined
atomLicaon_Kter: I have no purpose to convince you. If you are looking for evidence, you will find it yourself by creating a discussion.
Martin> the manifest in the form in which it exists is unnecessary and harmful. Did the manifest win spam? - not. Did he create a bunch of criticism? - Yes
People following the manifesto got spamming servers operators improve their spammer detection, countless spammers were deleted and some abandoned servers even shut down. It's progress. What did you expect? Spam instantly stopping from one day to another? It's a continuous process.
solhas left
solhas joined
perflysthas joined
atomMartin: spammers create accounts not on shabby servers, but on active servers. how will the manifest help from spam if the spammer creates an 100 000 account on yax.im?
Bakuninhas left
Bakuninhas joined
Martinyax.im is good at detecting spammy behavior so they go for easier victims.
Alinhas left
atomMartin: I got spam from yax.im
perflysthas left
perflysthas joined
Marandahas left
Marandahas joined
jayteeukhas left
jayteeukhas joined
marc0shas left
marc0shas joined
perflystcan happen, nothing is perfect
but that is why contact addresses exist
jayteeukhas left
jayteeukhas joined
atomspammers receive $ 50-100 for spam mailings. New domain price $ 1
guesthas left
Ge0rGI haven't had outgoing spam on yax.im in over a year. And before that, I was really fast at finding the accounts and deleting them.
atomthe price for 1000 captcha is also 1 dollar
Ge0rGatom: you've created the discussion. You don't have any evidence. I know there was controversy about the manifesto, but not in the ways you argue
atomGe0rG: I do not have s2s for about a year. therefore, I have not received spam from yax.im for about a year.
Ge0rGatom: so you tell me you received a spam message from yax.im once, and now it's your proof of the manifesto not working?
Licaon_Kter> I have no purpose to convince you. If you are looking for evidence, you will find it yourself by creating a discussion.
Why not put theis evidence there on Github instead of coming down the mountain with *"TEN"* in your hands?
Licaon_Kter
> atom: are you the new 404city support or PR or socket puppet or?
atomGe0rG: I do not argue about the manifesto.I suggest to execute pull request.
perflysthas left
atom Ge0rG: https://github.com/JabberSPAM/jabber-spam-fighting-manifesto/pull/23
atomLicaon_Kter: yes
perflysthas joined
perflyst> Ge0rG: I do not have s2s for about a year. therefore, I have not received spam from yax.im for about a year.
so 404city users and the other way cannot chat with yax.im users?
perflystNice anti spam
solhas left
solhas joined
Ge0rGperflyst: yes, sadly
perflystrather i would get spam than not being able to chat with someone
atomhas left
atomhas joined
Licaon_KterGe0rG: wait...so he bans server willynilly then comes to github to take the manifesto down? Hypocrisy much?
perflysthas left
perflysthas joined
Ge0rGLicaon_Kter: it's not a ban, we just have different opinions on which ciphers are secure
perflystso 404 to yaxim works as you support "old" RSA and new ecc?
perflystor what do you wanna say
atom404 use ECC
perflysteven if the receiving server extremly unsecure, dont you want as admin the best server support?
i mean normally you also allow weak ciphers on email so nobody has issues with any old shitty remote server
MarandaAt this time Prosody stable does not support SNI in their HTTP library. I have enabled Google’s captcha but it will not work without SNI support from Prosody. Please see this tweet for further details:
atomhas left
MarandaUh?
MarandaThat doesnt make sense... 🤣
solhas left
solhas joined
MarandaBecause no spam bot on xmpp can solve recaptcha
Ge0rGRecaptcha can be bought from India
MarandaGe0rG: "chingalini" human solving yay 🤓
MarandaToo much money for xmpp
stpeterHow much?
MarandaAgain the more I read the more *PEBCAK* resonates impedingly in my mind
stpeterI don't know how much money people pay for XMPP spam vs. email spam....
Marandastpeter: too much, nothing pierced through mod_spim_block from when I implemented reCAPTCHA, and for nothing I mean nothing
MarandaNot even just mail verification for IBR
Licaon_Kteratom: get Maranda, the enemy of privacy, asking for email
kmqhas joined
MarandaRight
Ge0rGAnd use recaptcha
MarandaAnd sending stuff to evil google
Maranda> And use recaptcha
💖💋
Licaon_KterHey, I can't even solve reCaptcha, so it must be gud
MarandaLicaon_Kter: well it works
andrey.utkinhas left
MarandaIt's numbers (for now) not xml confettis 🤷🏼♂️
volkerhas joined
Jonnyhas left
perflysthas left
perflysthas joined
jayteeukhas left
jayteeukhas joined
Jonnyhas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
Martinhas left
Martinhas joined
Ge0rGI'm not doing any of those, but spammers on my server won't ever reach their audience, and get deleted promptly. And my users can just simply do IBR
404.cityhas joined
atomhas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
atomRecaptcha is useful when adding contacts or first sending messages. Recaptcha at registration is ineffective. https://rucaptcha.com/ $0.60 = 1000 recaptcha solution
MartinGe0rg wanted to know when they deleted spammers, not when they added recaptcha…
Jonnyhas joined
Licaon_KterMartin: right, just that it seemed they're given up
Ge0rGSo it's time to report to them again
rom1dephas left
rom1dephas joined
jayteeukhas left
jayteeukhas joined
felixhas left
felixhas joined
perflysthas left
atomhas left
madmalkavhas left
madmalkavhas joined
solhas left
solhas joined
volkerhas left
SouLhas left
Alinhas joined
SouLhas joined
solhas left
solhas joined
paulhas left
paulhas joined
atomhas joined
atom> Ge0rg wanted to know when they deleted spammers, not when they added recaptcha…
Martin: Use backup before mass bot registration
Martin?
MartinI don't have registry open.
atomMartin: incorrectly translated you
Ge0rGWhat? Just restore from backup and lose everything that happened after it?
atomGe0rG: yes. xmpp.is used backup for delete 100 000 bot account
solhas left
solhas joined
ralphmhas left
ralphmhas joined
Ge0rGBecause you can't just delete them?
marc0shas joined
atomI think this server has a daily backup
jayteeukhas left
jayteeukhas joined
Ge0rGThat doesn't matter
kmqhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
Marandaatom, but that doesn't work, *coughs*
jayteeukhas left
jayteeukhas joined
tomWhy was recaptcha chosen over any other captcha system?
solhas left
solhas joined
jayteeukhas left
jayteeukhas joined
sonnyhas left
Marandatom, because it's the only one that _does something_?
tomWhat is does something?
tomI don't understand
Marandathe opposite of _does nothing_
tomI don't understand
Maranda🤷♂️
Licaon_Ktertom: not bypassed
tomPerhaps your doing something wrong them. The whole point of captchas are to stop bots
atom> Why was recaptcha chosen over any other captcha system?
recaptcha is a good captcha, but it is powerless against schoolchildren introducing captcha for 1 dollar per month.
jayteeukhas left
jayteeukhas joined
tom
» recaptcha is a good captcha
It is really not in my experience. For one it false-positives 90% of the time if your not signed into a Google account or using a Google branded browser, it also leaks your metadata to Google which use it in nefarious ways which may not always be GDPR compliant or follow the correct privacy laws per jurisdiction, and a lot of people are not comfortable or OK with helping Google replace drivers with AI or listening to random audio recordings from people's homes.
tomAnd other times it will just decide that it does not like you and make you infinitely solve visual puzzles
atomtom: recaptcha has translation into all languages of the world
tomRecaptcha is especially a problem for the handicapped, and a lot of the times it will not let you solve audio based captchas
tomNot to mention you must ping google to even load the javascript in, which is a privacy hazard in of itself
Maranda> it also leaks your metadata to Google which use it in nefarious ways
huhu care elaborating which such important metadata does it leak to google that it could use in such "nefarious" ways please?
atomtom: recaptcha is a good captcha for stop bots, because it is not able to be solved by a bot.I'm talking about technology. google good or evil is a separate issue.
tomIt's not able to be solved by non-google using people either
jayteeukhas left
jayteeukhas joined
sonnyhas joined
atompeople have to pay for solving captcha. if you need to enter a lot of captchas, the cost rises.
WebPigeonhas joined
solhas left
solhas joined
atomplus it slows down mass mailing. the number of people deciding on captcha is also limited.
Pingu from Woodquarterhas left
perflysthas joined
SouLhas left
tomThere are plenty of replacement captcha services and self hosted solutions, as well as protocol-level options such as rate-limiting certain endpoints per ip range
Pingu from Woodquarterhas joined
tomAnd adaptive intrusion prevention systems
atomeven a simple captcha will cause problems for spammers if they receive it when adding a contact.
jayteeukhas left
jayteeukhas joined
tomJust slapping a javascript captcha on something, and the worse one at that doesn't just *reduce* the amount of bots, it also reduces your legitimate traffic, angers users, and violates their privacy by allowing information disclosure to third parties
tomI run ecommerce websites. There's a lot more at stake when your dealing with actual money is products than just a message passing system that can be used for spam
atomtom: what other measures do you offer besides captcha?
stpeterhas left
WebPigeonhas left
perflysthas left
perflysthas joined
stpeterhas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
dianehas left
dianehas joined
lorddavidiiihas left
lorddavidiiihas joined
Marandastill didn't get an answer.
MarandaHuhu
Ge0rGatom: today's xmpp spam can be easily detected and blocked without any captcha
Jonnyhas left
holgerhas left
Jonnyhas joined
Marandahas left
Martincontains russian, contains something about coins and telegram links → spam
solhas left
solhas joined
jayteeukhas left
jayteeukhas joined
atomMartin: these are popular topics of discussion among Russians
Marandahas joined
MartinOk, a message containing all three things can be a normal message?
ibikkhas left
ibikkhas joined
kmqhas left
Frinkelhas left
Frinkelhas joined
atomMartin: Some spam bots divide one message into several and even lead a simple dialogue. Now this type of spam bots has become less popular.
Ge0rGatom: the worst one so far just sent different versions of "hello" and spammed you when you responded
solhas left
solhas joined
atomGe0rG: yes
WebPigeonhas joined
Ge0rGBut I've only seen one such bot, with a single JID. Easy to block again
andrey.utkinhas joined
perflysthas left
volkerhas joined
atomhas left
atomhas joined
podhas left
stpeterOh I've seen several of those.
madmalkavhas left
ibikkhas left
calvinhas left
calvinhas joined
Licaon_Kterhas left
Licaon_Kterhas joined
jayteeukhas left
jayteeukhas joined
muppethhas left
ackerman1scotthas left
gavhas left
gavhas joined
ackerman1scotthas joined
muppethhas joined
andrey.utkinhas left
Bakuninhas left
Bakuninhas joined
felixhas left
Licaon_Kterhas left
Licaon_Kterhas joined
Bakuninhas left
Bakuninhas joined
Ge0rGstpeter: please tell me their JIDs
stpeterIn the future I will. I didn't note them before.