XMPP Service Operators - 2020-03-11

O_o

I remember using that.

so you can launch irssi within SSH over XMPP 🤔

and you could ssh to a machine to do that

and you could set up an XMPP <--> IRC gateway somewhere in this puzzle as well

🤯

Does anyone know a good European privacy disclaimer template? If possible for the Netherlands. It is ridiculous what you need to cover...

mss_cyclist: https://wiki.xmpp.org/web/GDPR#Q1.2:_What_consequences_does_the_GDPR_has_for_the_XMPP_server_operators

Ge0rG: top. I was not aware of this. It is a really good base. May I use this or do I have to give credits for it?

mss_cyclist: we developed it back in the day as a template for xmpp service operators

mss_cyclist: TBH, I wrote it for https://yaxim.org/yax.im/privacy/ and the it got templated

Ge0rG: Nice. May I use your privacy and tos as a template as well?

mss_cyclist: feel free. just remove my name from it ;)

Ge0rG: Thanks

insert obligatory "IANAL" here, Ge0rG

Do you need to provide a lust of data which you gather from users as well as a person responsible for processing that data in Germany?

that!

mss_cyclist: it depends on how good your lawyers are

Haha

Why that?

mss_cyclist: because GDPR is complicated and not easy to interpret

Yeah. In the Dutch version of it they do mention this responsible person and a list which must be at hand immediately for the authorities. Wondering if this us part if the GDPR or if this is a Dutch speciality to make it even more difficult to offer a free XMPP service.

s/us/is

mss_cyclist: I'm pretty sure it's based on the GDPR.

mss_cyclist: depending on how critical the data is and how much of it you hoard, you might or might not have to create "Records of processing activities"

Ge0rG: So talking about plain standard xmpp server (ejabberd)

mss_cyclist: while I'm sure there is no strict legal need to outline all those things in the privacy policy, I consider it a good practice for a public xmpp service.

mss_cyclist: any standard xmpp server, yes

There should be no critical data logged. Except for what the user willingly shares with other users by messaging.

which could be quite critical :)

Ge0rG: So, you have such a list?

mss_cyclist: it's right there in the template

Ge0rG: I did not mean this. More like this one (docx): https://www.dsgvo-verstehen-bayern.de/cms/upload/Downloads/Vereine/Verzeichnis-von-Verarbeitungstaetigkeiten_Stand_19.07.18.docx

mss_cyclist: I'm not going to open random malware

Ge0rG: sorry. I was searching for this link: https://www.ldi.nrw.de/mainmenu_Datenschutz/submenu_Verzeichnis-Verarbeitungstaetigkeiten/Inhalt/Verarbeitungstaetigkeiten/Verarbeitungstaetigkeiten.html

There are some pdf templates

This is another dimension than these standard disclaimers I come across

mss_cyclist: hmm... right. Not sure how large the overlap is, and I'm currently not in a position to work on GDPR. Sorry

Ge0rG: No problem. We are no lawyers. I thought this is not only an issue for me, but for all European operators. So I was questioning myself wheater anyone else came across these additional documents which apparantly need to be kept track of.

My prosody server keeps crashing

11.4 linux

No idea why. Nothing in logs

Switch to another jabber server

Why?

I've changed logging level from info to debug

Hopefully if it happens it something will say some info

I would like to find the cause before going though all the work of converting server

tom, check dmesg

lua5.2[12433]: segfault at 307be564 ip 00005649bbfa4652 sp 00007fff00a11760 error 4 in lua5.2[5649bbf92000+31000]

I didn;t know Lua could segfault

tom, report that in xmpp:prosody@conference.prosody.im?join ✏