jonas’: I use riseup. Connected to we.riseup right now.
solhas left
solhas joined
thndrbvr
Have you guys heard of EARN IT? Slimeballs in Washington DC trying to pass it while everyone's panicking and news is obsessed with the pandemic.
thndrbvr
If it somehow passes... what's everyone who's located in the USA going to do? Hope to stay under the radar and practice civil disobedience?
jayteeukhas left
jayteeukhas joined
pep.
Yep.. it's not new that politics abuse this kind of moment where everybody is distracted to pass s@#t laws
kmqhas left
kmqhas joined
tom
thndrbvr: what does the bill do?
tom
I'm ready to use mod_onions and tor maps should any political bs happen
tom
Oh banning end-to-end encryption
tom
I don't see how that can even effect XMPP
tom
We are decentralized by nature and enough already, and most of the clients out there are open source
tom
What's the government going to do? DMCA a github repo?
tom
A simple git clone and copying the folder to a mirror will fix that
pep.
tom, https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online some information here
tom
I support omemo
pep.
(and off to bed)
tom
And it auto-turns on whenever someone else does too
jayteeukhas left
jayteeukhas joined
podhas left
calvinhas joined
seantoddhas left
seantoddhas joined
Marzannahas left
calvinhas left
Marandahas left
Marandahas joined
felixhas left
Ge0rGhas left
Ge0rGhas joined
ackerman1scotthas left
im0209has joined
ackerman1scotthas joined
im0209has left
Marandahas left
Marandahas joined
thndrbvr
I'm afraid they're going to find out who's running the server in question and show up with a SWAT team kicking down a person's front door and hauling them away while ransacking the place.
thndrbvr
It removes the protections under Sections 230 and the server operator would be held accountable for everything users of the platform say.
thndrbvr
We've seen this sort of thing before. Someone the gov't didn't like had an e-mail account on Lavabit and the owner shutdown the service, went to jail presumably, and spent years fighting in court in order to protect the rest of the people who had e-mail accounts there. I think they confiscated the servers but I don't recall. All because a whistleblower had encrypted e-mails.
tom
Are you hosting hardware or vps thndrbvr?
tom
https://nixnet.services/blog/vps-providers/
tom
If it passes you can migrate to non-US hosting company
tom
One that doesn't have insane copyright and crypto laws
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
cuchas joined
paulhas left
jayteeukhas left
jayteeukhas joined
Pingu from Woodquarterhas joined
lorddavidiiihas joined
ru_maniachas left
ibikkhas left
ru_maniachas joined
insanityhas joined
insanityhas left
kmqhas left
kmqhas joined
insanityhas joined
paulhas joined
tskhas joined
jayteeukhas left
jayteeukhas joined
kmqhas left
kmqhas joined
insanityhas left
jayteeukhas left
jayteeukhas joined
tskhas left
holgerhas joined
cuchas left
cuchas joined
solhas left
solhas joined
thndrbvr
I'm running a social network. GNU Social, phpBB forums, Matrix chat, etc. I've got a dedicated server with www.orangewebsite.com which is in Iceland outside the jusidiction of the US, CA, EU, & GB.
im0209has joined
mightyBroccolihas left
mightyBroccolihas joined
mightyBroccolihas left
mightyBroccolihas joined
dropshas left
dropshas joined
dropshas left
dropshas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
im0209has left
paulhas left
paulhas joined
solhas left
solhas joined
tskhas joined
tom
Iceland
solhas left
solhas joined
10rokitahas joined
Huxxhas joined
ibikkhas joined
jayteeukhas left
jayteeukhas joined
insanityhas joined
insanityhas left
insanityhas joined
insanityhas left
Melhas left
Melhas joined
solhas left
solhas joined
dropshas left
WebPigeonhas left
dropshas joined
andrey.utkinhas joined
podhas joined
WebPigeonhas joined
thndrbvr
The drives are encrypted too. But, what does any of that matter if I'm a US/CA citizen living in either of those countries?
1984isnowhas joined
solhas left
solhas joined
solhas left
solhas joined
1984isnowhas left
andrey.utkinhas left
tskhas left
solhas left
solhas joined
perflysthas joined
madmalkavhas joined
Bluehas joined
sonnyhas left
sonnyhas joined
jayteeukhas left
jayteeukhas joined
mikehas left
mikehas joined
robertooohas joined
solhas left
solhas joined
tskhas joined
sezuanhas left
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
ajeremiashas joined
solhas left
solhas joined
ajeremiashas left
cuchas left
perflysthas left
tskhas left
solhas left
solhas joined
insanityhas joined
solhas left
solhas joined
insanityhas left
insanityhas joined
ibikkhas left
madmalkavhas left
madmalkavhas joined
Jeybehas joined
Nils (10rokita)has left
perflysthas joined
ibikkhas joined
solhas left
solhas joined
solhas left
solhas joined
kmqhas left
kmqhas joined
tunmskhas left
tunmskhas joined
Nils (10rokita)has joined
perflysthas left
solhas left
solhas joined
muppethhas left
muppethhas joined
insanityhas left
tunmskhas left
tunmskhas joined
podhas left
podhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
muppethhas left
Jeybehas joined
ajeremiashas joined
Nils (10rokita)has left
solhas left
solhas joined
Nils (10rokita)has joined
Jeybehas left
Jeybehas joined
calvinhas joined
Nils (10rokita)has left
insanityhas joined
Nils (10rokita)has joined
ibikkhas left
Nils (10rokita)has left
solhas left
solhas joined
Jeybehas left
Jeybehas joined
Nils (10rokita)has joined
insanityhas left
solhas left
solhas joined
Jeybehas left
ibikkhas joined
Jeybehas joined
Nils (10rokita)has left
calvinhas left
Bluehas left
Bluehas joined
Nils (10rokita)has joined
Bluehas left
Bluehas joined
Marzannahas joined
Bluehas left
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
solhas left
solhas joined
muppethhas joined
solhas left
solhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
jayteeukhas left
jayteeukhas joined
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
xelxebarhas left
lorddavidiiihas left
lorddavidiiihas joined
xelxebarhas joined
serge90has left
calvinhas joined
serge90has joined
holgerhas left
Jeybehas left
insanityhas joined
Jeybehas joined
jayteeukhas left
jayteeukhas joined
Nils (10rokita)has left
Nils (10rokita)has joined
Jeybehas left
ajeremiashas left
Jeybehas joined
ajeremiashas joined
Marzannahas left
tunmskhas left
jayteeukhas left
jayteeukhas joined
Jeybehas left
Jeybehas joined
solhas left
solhas joined
Huxxhas left
Huxxhas joined
im0209has joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
tunmskhas joined
perflysthas joined
Jeybehas left
Jeybehas joined
Jeybehas left
im0209has left
perflysthas left
Jeybehas joined
solhas left
solhas joined
Jeybehas left
Jeybehas joined
solhas left
solhas joined
ackerman1scotthas left
ajeremiashas left
muppethhas left
gavhas left
gavhas joined
ajeremiashas joined
ackerman1scotthas joined
muppethhas joined
mitchelmonrooihas joined
Jeybehas left
Jeybehas joined
calvinhas left
Jeybehas left
Jeybehas joined
madmalkavhas left
Jeybehas left
Jeybehas joined
madmalkavhas joined
tom
Well
solhas left
solhas joined
tom
I've read in the news that the owner of cockli hosted their stuff in hanetzer's datacenter in germany
tom
And they had a problem with people just yanking drives out of their machine
tom
Not just ounce. It happened twice
tom
They said they would never used hanetzer again
pep.
hetzner? I can't find hanetzer
pep.
But cockli anyway..
tom
I wish I knew more details, like if they installed the security bezel onto their server or not
tom
Or if they were in a shared cage
tom
Or rack
tom
Hetzner yeah
tom
What kind of datacenter just allows some agent to show up, without papers or even a support ticket head of time, and start yanking drives out of machines
tom
To be clear no charges were even pressed against the owner of that host
thndrbvr
Wow.
tom
I thought Germany was supposed to have good privacy laws
Nils (10rokita)has left
mss_cyclist
As far as I can search it seems the drives were taken by command of a prosecutor.
madmalkavhas left
Martin
A service having domains like nuke.africa probably had enough 'verfassungswidriges' going on to get a warrant by a judge.
mss_cyclist
Yup
solhas left
solhas joined
madmalkavhas joined
mss_cyclist
I guess it is not very smart to host such a server anywhere in Europe
Martin
> As far as I can search it seems the drives were taken by command of a prosecutor.
Do you have a link? I hope they really had a warrant, otherwise it would be very bad even while I dislike this racism pack of cock.li.
ajeremiashas left
thndrbvr
jonas’: Not to change topic but I thought I was also connected to Riseup's XMPP but I see my client is saying "server not found". I feel like they need donations
tom
Yeah hold on
mss_cyclist
Martin, Link
https://www.golem.de/news/bombendrohung-per-cock-li-staatsanwaltschaft-beschlagnahmt-festplatte-bei-hetzner-1512-118169.html
>I thought Germany was supposed to have good privacy laws
Germany has/had good privacy laws. But some rights are more valuable than privacy. Whenever racism or terrorism pops up they will not hesitate to go over to investigation. But I guess most western countries will do.
It happened two times before they switches colo providers
mss_cyclist
They obviously did not get the message 1st time
tom
» Germany has/had good privacy laws. But some rights are more valuable than privacy. Whenever racism or terrorism pops up they will not hesitate to go over to investigation. But I guess most western countries will do.
That really does not mean all that much
tom
All you have to do is send a single hoax email from a provider, and all their rights go away?
tom
As long as it's related to 'terrorism'
tom
Etc etc
mss_cyclist
I guess it needs some more than one email.
You are free to try it out. Maybe you can report back and then tell us the exact number
Marzannahas joined
tom
I imagine that what if somebody on one of your XMPP servers said something 'racist' or made bomb hoax to get out of an exam what that would mean for your servers
Martin
mss_cyclist:
> Martin, Link
> https://www.golem.de/news/bombendrohung-per-cock-li-staatsanwaltschaft-beschlagnahmt-festplatte-bei-hetzner-1512-118169.html
Thx
Martin
tom:
> I imagine that what if somebody on one of your XMPP servers said something 'racist' or made bomb hoax to get out of an exam what that would mean for your servers
It's not about some racist using the server, it's about being a server dedicated to racists. Look at their domains like nuke.africa
mss_cyclist
tom, that is a tricky subject. But it seems, seen from German law, that there were more than one accounts on the server which were questionable. But one of the searchings was on behalf of us authorities
tom
Remember when lavabit shut down their servers
tom
Because 1 political dissident caused lavabit to be forced to give up their private keys
Martin
> Remember when lavabit shut down their servers
Totally different case, lavabit was no service dedicated to criminals/racists.
tom
Seems like a trolling site to me
mss_cyclist
>Totally different case, lavabit was no service dedicated to criminals/racists.
At least it is not intended. You never know what your users are into
tom
You could probably say the same thing about any imageboard
tom
Or free speech mailinglist
Martin
> from his Bavarian data center by the district attorney for the City of Zwickau in eastern Germany.
Something is fishy with this ars technica post. Why should Zwickau be in charge for a Bavarian datacenter.
jonas’
it’s a thin line, but if you cater primarily to "trolls", you provide a safe (plausible deniable) harbour to the real people
mss_cyclist
Zwickau is by no means Bavaria
solhas left
solhas joined
Martin
mss_cyclist: qed
Martin
That's why I say that's fishy.
thndrbvr
While I, myself, am a person of color, and am totally against racism.. I don't think that itself is a reason for a server seizure. Anything that is public the authorities can check and I think they should go after the people who make content that promotes RL threats/violence.
thndrbvr
Serious threats, not jokes.
jonas’
Martin, if the DC operator is registered in Zwickau, Saxony and one of their DCs is in Bavaria, I don’t see what’s wrong with this.
tom
Well on their site they say that they comply with legal data requests
tom
So i don't even know why the drive seize was nedded
tom
Couldn't they have just asked the server op
Martin
> Martin, if the DC operator is registered in Zwickau, Saxony and one of their DCs is in Bavaria, I don’t see what’s wrong with this.
I still think you need the Bavarian authorities to seize something in a Bavarian data center.
jonas’
tom, if the server op caters for this type of folk, they might’ve seen a risk that they would "lose" data before agreeing to hand some data over
tom
Guess that's just another reason to use full disk encryption on your servers nowadays. Make sure things go through the proper channels
bubblerhas joined
tom
Martin: if you look at all of their domains it's not specifically about racism. It's just a bunch of edgy knee-jerk names designed to offend people
It were the racist ones catching my eye. That reminds me that I wanted to stop federating to them…
tom
What is a cocaine ninja?
Martin
Dunno
jayteeukhas left
jayteeukhas joined
tom
Unless your saying the ownership of offensive or racist domains means you lose your privacy rights on germany
tom
*in
Martin
Don't understand.
tom
Or is that just something that stuck out to you
Martin
> Or is that just something that stuck out to you
What I told you
> It were the racist ones catching my eye. That reminds me that I wanted to stop federating to them…
Nils (10rokita)has joined
Martin
I don't care about their weird horsefucking stuff but I am allergic to this racism stuff.
Martin
And no, that ain't fun or trolling.
Martin
Maybe that's due to me being a german raised and educated here and in Trumpistan racism is not morally problematic but here it is a no-go.
Martin
We might have different views regarding that, I can accept that. But for me this cock.li thing crossed the line.
Jeybehas left
tom
You should probably put a list of servers on your website or something of servers you do not federate with
tom
For transparency purposes if you host a public server
Jeybehas joined
Martin
It's a private server. And so far I have only blocked spam servers not reacting to abuse reports.
tom
I remember on the ActivityPub based federated blogs
solhas left
solhas joined
tom
And the operator of the server i was using, random posts would dissapear into the ether
tom
The ops wasn't transparent about their blocklist policies
tom
I deleted my account there because I felt that was really shady
tom
It was really bad because things would just silently not appear, no indication of an error, unlike email where you'll get a bounce message like 5XX host blacklisted by dnsbl.someblacklistprovider.tld
jayteeukhas left
jayteeukhas joined
Jeybehas left
Jeybehas joined
calvinhas joined
jayteeukhas left
jayteeukhas joined
ajeremiashas joined
404.cityhas joined
Jeybehas left
Jeybehas joined
Martin
I have no users contacting those servers, so in fact nothing would change. Maybe that's why I didn't block them yet. The servers I have blocked due to spamming are the ones from the public spam blocklist in the xmpp antispam repo.
Martin
Also a lot of spam servers fail to s2s because they have no valid certs.
Martin
Like jabber.cd or xmpp.us
Nils (10rokita)has left
Marandahas left
Marandahas joined
404.cityhas left
Jeybehas left
solhas left
solhas joined
Jeybehas joined
ajeremiashas left
madmalkavhas joined
Jeybehas left
jayteeukhas left
Jeybehas joined
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
404.cityhas joined
404.cityhas left
solhas left
solhas joined
robertooo
mss_cyclist: > There is a fourth: Those who do not check their backups.
How do you do this?
cuchas joined
ajeremiashas joined
robertooo
> Yeah, 99% of guides for Prosody are terrible
Sounds like a Prosody should write better docs then. Guides aren't needed if docs are good.
Huxxhas left
Huxxhas joined
tom
Martin: did you do anything to attract spammers?
tom
I don't have a spam problem
tom
(yet anyways)
Ellenor Malik
xmpp.jp has an endogenous spam problem
tom
Although I do only allow authenticated certs as per that encrypted-s2s-only manifesto
Ellenor Malik
> robertooo has written:
> Sounds like a Prosody should write better docs then. Guides aren't needed if docs are good.
The project's guides are pretty good but not ideal.
Ellenor Malik
tom: is that some sorta fox in your avatar?
tom
Yes
404.cityhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
solhas left
solhas joined
ajeremiashas left
calvinhas left
madmalkavhas left
madmalkavhas joined
Nils (10rokita)has joined
jayteeukhas left
jayteeukhas joined
Jeybehas left
madmalkavhas left
serge90has left
404.cityhas left
Jeybehas joined
404.cityhas joined
dinosaurdynastyhas left
dinosaurdynastyhas joined
Douglas Terabytehas left
Douglas Terabytehas joined
madmalkavhas joined
serge90has joined
Nils (10rokita)has left
bubblerhas left
bubblerhas joined
Jeybehas left
lorddavidiiihas left
Jeybehas joined
lorddavidiiihas joined
404.cityhas left
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
Jeybehas left
Jeybehas joined
insanityhas left
Jeybehas left
insanityhas joined
Jeybehas joined
Martin
tom:
> Martin: did you do anything to attract spammers?
> I don't have a spam problem
> (yet anyways)
Not me. But spammers targetting my server, although so far they only send to non existing accounts. But still I report the spammers to the operator and in case he doesn't reply to the hoster.
Martin
How do you know you have no spam? Do you scan incoming messages for spam URLs?
tom
Is there any pattern to nonexistant users?
dropshas left
Martin
It's always the same three accounts one is like aaaaa1zz@ or something, so looking pretty random and not like from any wordlist. Don't know how those ended up in the spamlists.
dropshas joined
dropshas left
dropshas joined
Jeybehas left
Jeybehas joined
Martin
But it's good for me as it doesn't reach any existing users and I can report the spammers and let the operators remove those accounts.
Pingu from Woodquarterhas left
felixhas joined
jayteeukhas left
jayteeukhas joined
Martinhas left
Martinhas joined
Martinhas left
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
felixhas left
felixhas joined
Nils (10rokita)has joined
joerghas joined
solhas left
joerghas left
Martinhas joined
solhas joined
tom
Well actually that's perfect
tom
Just write a hookin to your server to log those known spam targets
tom
And use them as a tarpit
solhas left
tom
If a server messages one of those known spam addresses you tarpit their server
tom
This can be automated
tom
Keep the connection open and only reply at like 1/bit per second to waste the spammer's resources
tom
Every file descriptor kept open is open less than can be used in a spam attack
solhas joined
tom
Or you could be lazy and just write a fail2ban rule
tom
Firewall them off
tom
Similar mitigation techniques to email can be used
albrahas joined
Martinhas left
Jeybehas left
Martinhas joined
Jeybehas joined
jayteeukhas left
jayteeukhas joined
joerghas joined
ajeremiashas joined
Martinhas left
jayteeukhas left
jayteeukhas joined
Martinhas joined
ajeremiashas left
ajeremiashas joined
Jeybehas left
Jeybehas joined
tskhas joined
albrahas left
albrahas joined
bubblerhas left
bubblerhas joined
calvinhas joined
Martinhas left
Martinhas joined
Martinhas left
ackerman1scotthas left
ackerman1scotthas joined
Martinhas joined
Maranda
🤦🏼♂️
albrahas left
albrahas joined
Jeybehas left
Jeybehas joined
Martin
tom: Also good servers get spammers. I tell them, they delete them. Throttling s2s to that server would also affect innocent users.
albrahas left
albrahas joined
tomhas left
tomhas joined
Jeybehas left
calvinhas left
calvinhas joined
Jeybehas joined
tskhas left
ibikkhas left
ajeremiashas left
ajeremiashas joined
Nils (10rokita)has left
ibikkhas joined
tomhas left
tomhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
albrahas left
albrahas joined
Nils (10rokita)has joined
albrahas left
albrahas joined
ajeremiashas left
Jeybehas left
Jeybehas joined
ajeremiashas joined
ajeremiashas left
ajeremiashas joined
404.cityhas joined
ajeremias
mastodon has very good moderation tools.. notifying both admins of both servers.. maybe xmpp needs something like that.. how can u notify an xmpp admin?
albrahas left
albrahas joined
404.cityhas left
cuchas left
cuchas joined
tom
There's a xep
tom
That has the admins's contact info
tom
You query the server with a special stanza
tom
I don't know of any abuse report automation tools though