thndrbvrjonas’: I use riseup. Connected to we.riseup right now.
solhas left
solhas joined
thndrbvrHave you guys heard of EARN IT? Slimeballs in Washington DC trying to pass it while everyone's panicking and news is obsessed with the pandemic.
thndrbvrIf it somehow passes... what's everyone who's located in the USA going to do? Hope to stay under the radar and practice civil disobedience?
jayteeukhas left
jayteeukhas joined
pep.Yep.. it's not new that politics abuse this kind of moment where everybody is distracted to pass s@#t laws
kmqhas left
kmqhas joined
tomthndrbvr: what does the bill do?
tomI'm ready to use mod_onions and tor maps should any political bs happen
tomOh banning end-to-end encryption
tomI don't see how that can even effect XMPP
tomWe are decentralized by nature and enough already, and most of the clients out there are open source
tomWhat's the government going to do? DMCA a github repo?
tomA simple git clone and copying the folder to a mirror will fix that
pep.tom, https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online some information here
tomI support omemo
pep.(and off to bed)
tomAnd it auto-turns on whenever someone else does too
jayteeukhas left
jayteeukhas joined
podhas left
calvinhas joined
seantoddhas left
seantoddhas joined
Marzannahas left
calvinhas left
Marandahas left
Marandahas joined
felixhas left
Ge0rGhas left
Ge0rGhas joined
ackerman1scotthas left
im0209has joined
ackerman1scotthas joined
im0209has left
Marandahas left
Marandahas joined
thndrbvrI'm afraid they're going to find out who's running the server in question and show up with a SWAT team kicking down a person's front door and hauling them away while ransacking the place.
thndrbvrIt removes the protections under Sections 230 and the server operator would be held accountable for everything users of the platform say.
thndrbvrWe've seen this sort of thing before. Someone the gov't didn't like had an e-mail account on Lavabit and the owner shutdown the service, went to jail presumably, and spent years fighting in court in order to protect the rest of the people who had e-mail accounts there. I think they confiscated the servers but I don't recall. All because a whistleblower had encrypted e-mails.
tomAre you hosting hardware or vps thndrbvr?
tomhttps://nixnet.services/blog/vps-providers/
tomIf it passes you can migrate to non-US hosting company
tomOne that doesn't have insane copyright and crypto laws
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
cuchas joined
paulhas left
jayteeukhas left
jayteeukhas joined
Pingu from Woodquarterhas joined
lorddavidiiihas joined
ru_maniachas left
ibikkhas left
ru_maniachas joined
insanityhas joined
insanityhas left
kmqhas left
kmqhas joined
insanityhas joined
paulhas joined
tskhas joined
jayteeukhas left
jayteeukhas joined
kmqhas left
kmqhas joined
insanityhas left
jayteeukhas left
jayteeukhas joined
tskhas left
holgerhas joined
cuchas left
cuchas joined
solhas left
solhas joined
thndrbvrI'm running a social network. GNU Social, phpBB forums, Matrix chat, etc. I've got a dedicated server with www.orangewebsite.com which is in Iceland outside the jusidiction of the US, CA, EU, & GB.
im0209has joined
mightyBroccolihas left
mightyBroccolihas joined
mightyBroccolihas left
mightyBroccolihas joined
dropshas left
dropshas joined
dropshas left
dropshas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
im0209has left
paulhas left
paulhas joined
solhas left
solhas joined
tskhas joined
tomIceland
solhas left
solhas joined
10rokitahas joined
Huxxhas joined
ibikkhas joined
jayteeukhas left
jayteeukhas joined
insanityhas joined
insanityhas left
insanityhas joined
insanityhas left
Melhas left
Melhas joined
solhas left
solhas joined
dropshas left
WebPigeonhas left
dropshas joined
andrey.utkinhas joined
podhas joined
WebPigeonhas joined
thndrbvrThe drives are encrypted too. But, what does any of that matter if I'm a US/CA citizen living in either of those countries?
1984isnowhas joined
solhas left
solhas joined
solhas left
solhas joined
1984isnowhas left
andrey.utkinhas left
tskhas left
solhas left
solhas joined
perflysthas joined
madmalkavhas joined
Bluehas joined
sonnyhas left
sonnyhas joined
jayteeukhas left
jayteeukhas joined
mikehas left
mikehas joined
robertooohas joined
solhas left
solhas joined
tskhas joined
sezuanhas left
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
ajeremiashas joined
solhas left
solhas joined
ajeremiashas left
cuchas left
perflysthas left
tskhas left
solhas left
solhas joined
insanityhas joined
solhas left
solhas joined
insanityhas left
insanityhas joined
ibikkhas left
madmalkavhas left
madmalkavhas joined
Jeybehas joined
Nils (10rokita)has left
perflysthas joined
ibikkhas joined
solhas left
solhas joined
solhas left
solhas joined
kmqhas left
kmqhas joined
tunmskhas left
tunmskhas joined
Nils (10rokita)has joined
perflysthas left
solhas left
solhas joined
muppethhas left
muppethhas joined
insanityhas left
tunmskhas left
tunmskhas joined
podhas left
podhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
muppethhas left
Jeybehas joined
ajeremiashas joined
Nils (10rokita)has left
solhas left
solhas joined
Nils (10rokita)has joined
Jeybehas left
Jeybehas joined
calvinhas joined
Nils (10rokita)has left
insanityhas joined
Nils (10rokita)has joined
ibikkhas left
Nils (10rokita)has left
solhas left
solhas joined
Jeybehas left
Jeybehas joined
Nils (10rokita)has joined
insanityhas left
solhas left
solhas joined
Jeybehas left
ibikkhas joined
Jeybehas joined
Nils (10rokita)has left
calvinhas left
Bluehas left
Bluehas joined
Nils (10rokita)has joined
Bluehas left
Bluehas joined
Marzannahas joined
Bluehas left
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
solhas left
solhas joined
muppethhas joined
solhas left
solhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
jayteeukhas left
jayteeukhas joined
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
xelxebarhas left
lorddavidiiihas left
lorddavidiiihas joined
xelxebarhas joined
serge90has left
calvinhas joined
serge90has joined
holgerhas left
Jeybehas left
insanityhas joined
Jeybehas joined
jayteeukhas left
jayteeukhas joined
Nils (10rokita)has left
Nils (10rokita)has joined
Jeybehas left
ajeremiashas left
Jeybehas joined
ajeremiashas joined
Marzannahas left
tunmskhas left
jayteeukhas left
jayteeukhas joined
Jeybehas left
Jeybehas joined
solhas left
solhas joined
Huxxhas left
Huxxhas joined
im0209has joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
tunmskhas joined
perflysthas joined
Jeybehas left
Jeybehas joined
Jeybehas left
im0209has left
perflysthas left
Jeybehas joined
solhas left
solhas joined
Jeybehas left
Jeybehas joined
solhas left
solhas joined
ackerman1scotthas left
ajeremiashas left
muppethhas left
gavhas left
gavhas joined
ajeremiashas joined
ackerman1scotthas joined
muppethhas joined
mitchelmonrooihas joined
Jeybehas left
Jeybehas joined
calvinhas left
Jeybehas left
Jeybehas joined
madmalkavhas left
Jeybehas left
Jeybehas joined
madmalkavhas joined
tomWell
solhas left
solhas joined
tomI've read in the news that the owner of cockli hosted their stuff in hanetzer's datacenter in germany
tomAnd they had a problem with people just yanking drives out of their machine
tomNot just ounce. It happened twice
tomThey said they would never used hanetzer again
pep.hetzner? I can't find hanetzer
pep.But cockli anyway..
tomI wish I knew more details, like if they installed the security bezel onto their server or not
tomOr if they were in a shared cage
tomOr rack
tomHetzner yeah
tomWhat kind of datacenter just allows some agent to show up, without papers or even a support ticket head of time, and start yanking drives out of machines
tomTo be clear no charges were even pressed against the owner of that host
thndrbvrWow.
tomI thought Germany was supposed to have good privacy laws
Nils (10rokita)has left
mss_cyclistAs far as I can search it seems the drives were taken by command of a prosecutor.
madmalkavhas left
MartinA service having domains like nuke.africa probably had enough 'verfassungswidriges' going on to get a warrant by a judge.
mss_cyclistYup
solhas left
solhas joined
madmalkavhas joined
mss_cyclistI guess it is not very smart to host such a server anywhere in Europe
Martin> As far as I can search it seems the drives were taken by command of a prosecutor.
Do you have a link? I hope they really had a warrant, otherwise it would be very bad even while I dislike this racism pack of cock.li.
ajeremiashas left
thndrbvrjonas’: Not to change topic but I thought I was also connected to Riseup's XMPP but I see my client is saying "server not found". I feel like they need donations
tomYeah hold on
mss_cyclistMartin, Link
https://www.golem.de/news/bombendrohung-per-cock-li-staatsanwaltschaft-beschlagnahmt-festplatte-bei-hetzner-1512-118169.html
mss_cyclist>I thought Germany was supposed to have good privacy laws
Germany has/had good privacy laws. But some rights are more valuable than privacy. Whenever racism or terrorism pops up they will not hesitate to go over to investigation. But I guess most western countries will do.
tomIt happened two times before they switches colo providers
mss_cyclistThey obviously did not get the message 1st time
tom
» Germany has/had good privacy laws. But some rights are more valuable than privacy. Whenever racism or terrorism pops up they will not hesitate to go over to investigation. But I guess most western countries will do.
That really does not mean all that much
tomAll you have to do is send a single hoax email from a provider, and all their rights go away?
tomAs long as it's related to 'terrorism'
tomEtc etc
mss_cyclistI guess it needs some more than one email.
You are free to try it out. Maybe you can report back and then tell us the exact number
Marzannahas joined
tomI imagine that what if somebody on one of your XMPP servers said something 'racist' or made bomb hoax to get out of an exam what that would mean for your servers
Martinmss_cyclist:
> Martin, Link
> https://www.golem.de/news/bombendrohung-per-cock-li-staatsanwaltschaft-beschlagnahmt-festplatte-bei-hetzner-1512-118169.html
Thx
Martintom:
> I imagine that what if somebody on one of your XMPP servers said something 'racist' or made bomb hoax to get out of an exam what that would mean for your servers
It's not about some racist using the server, it's about being a server dedicated to racists. Look at their domains like nuke.africa
mss_cyclisttom, that is a tricky subject. But it seems, seen from German law, that there were more than one accounts on the server which were questionable. But one of the searchings was on behalf of us authorities
tomRemember when lavabit shut down their servers
tomBecause 1 political dissident caused lavabit to be forced to give up their private keys
Martin> Remember when lavabit shut down their servers
Totally different case, lavabit was no service dedicated to criminals/racists.
tomSeems like a trolling site to me
mss_cyclist>Totally different case, lavabit was no service dedicated to criminals/racists.
At least it is not intended. You never know what your users are into
tomYou could probably say the same thing about any imageboard
tomOr free speech mailinglist
Martin> from his Bavarian data center by the district attorney for the City of Zwickau in eastern Germany.
Something is fishy with this ars technica post. Why should Zwickau be in charge for a Bavarian datacenter.
jonas’it’s a thin line, but if you cater primarily to "trolls", you provide a safe (plausible deniable) harbour to the real people
mss_cyclistZwickau is by no means Bavaria
solhas left
solhas joined
Martinmss_cyclist: qed
MartinThat's why I say that's fishy.
thndrbvrWhile I, myself, am a person of color, and am totally against racism.. I don't think that itself is a reason for a server seizure. Anything that is public the authorities can check and I think they should go after the people who make content that promotes RL threats/violence.
thndrbvrSerious threats, not jokes.
jonas’Martin, if the DC operator is registered in Zwickau, Saxony and one of their DCs is in Bavaria, I don’t see what’s wrong with this.
tomWell on their site they say that they comply with legal data requests
tomSo i don't even know why the drive seize was nedded
tomCouldn't they have just asked the server op
Martin> Martin, if the DC operator is registered in Zwickau, Saxony and one of their DCs is in Bavaria, I don’t see what’s wrong with this.
I still think you need the Bavarian authorities to seize something in a Bavarian data center.
jonas’tom, if the server op caters for this type of folk, they might’ve seen a risk that they would "lose" data before agreeing to hand some data over
tomGuess that's just another reason to use full disk encryption on your servers nowadays. Make sure things go through the proper channels
bubblerhas joined
tomMartin: if you look at all of their domains it's not specifically about racism. It's just a bunch of edgy knee-jerk names designed to offend people
MartinIt were the racist ones catching my eye. That reminds me that I wanted to stop federating to them…
tomWhat is a cocaine ninja?
MartinDunno
jayteeukhas left
jayteeukhas joined
tomUnless your saying the ownership of offensive or racist domains means you lose your privacy rights on germany
tom*in
MartinDon't understand.
tomOr is that just something that stuck out to you
Martin> Or is that just something that stuck out to you
What I told you
> It were the racist ones catching my eye. That reminds me that I wanted to stop federating to them…
Nils (10rokita)has joined
MartinI don't care about their weird horsefucking stuff but I am allergic to this racism stuff.
MartinAnd no, that ain't fun or trolling.
MartinMaybe that's due to me being a german raised and educated here and in Trumpistan racism is not morally problematic but here it is a no-go.
MartinWe might have different views regarding that, I can accept that. But for me this cock.li thing crossed the line.
Jeybehas left
tomYou should probably put a list of servers on your website or something of servers you do not federate with
tomFor transparency purposes if you host a public server
Jeybehas joined
MartinIt's a private server. And so far I have only blocked spam servers not reacting to abuse reports.
tomI remember on the ActivityPub based federated blogs
solhas left
solhas joined
tomAnd the operator of the server i was using, random posts would dissapear into the ether
tomThe ops wasn't transparent about their blocklist policies
tomI deleted my account there because I felt that was really shady
tomIt was really bad because things would just silently not appear, no indication of an error, unlike email where you'll get a bounce message like 5XX host blacklisted by dnsbl.someblacklistprovider.tld
jayteeukhas left
jayteeukhas joined
Jeybehas left
Jeybehas joined
calvinhas joined
jayteeukhas left
jayteeukhas joined
ajeremiashas joined
404.cityhas joined
Jeybehas left
Jeybehas joined
MartinI have no users contacting those servers, so in fact nothing would change. Maybe that's why I didn't block them yet. The servers I have blocked due to spamming are the ones from the public spam blocklist in the xmpp antispam repo.
MartinAlso a lot of spam servers fail to s2s because they have no valid certs.
MartinLike jabber.cd or xmpp.us
Nils (10rokita)has left
Marandahas left
Marandahas joined
404.cityhas left
Jeybehas left
solhas left
solhas joined
Jeybehas joined
ajeremiashas left
madmalkavhas joined
Jeybehas left
jayteeukhas left
Jeybehas joined
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
404.cityhas joined
404.cityhas left
solhas left
solhas joined
robertooomss_cyclist: > There is a fourth: Those who do not check their backups.
How do you do this?
cuchas joined
ajeremiashas joined
robertooo> Yeah, 99% of guides for Prosody are terrible
Sounds like a Prosody should write better docs then. Guides aren't needed if docs are good.
Huxxhas left
Huxxhas joined
tomMartin: did you do anything to attract spammers?
tomI don't have a spam problem
tom(yet anyways)
Ellenor Malikxmpp.jp has an endogenous spam problem
tomAlthough I do only allow authenticated certs as per that encrypted-s2s-only manifesto
Ellenor Malik> robertooo has written:
> Sounds like a Prosody should write better docs then. Guides aren't needed if docs are good.
The project's guides are pretty good but not ideal.
Ellenor Maliktom: is that some sorta fox in your avatar?
tomYes
404.cityhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
solhas left
solhas joined
ajeremiashas left
calvinhas left
madmalkavhas left
madmalkavhas joined
Nils (10rokita)has joined
jayteeukhas left
jayteeukhas joined
Jeybehas left
madmalkavhas left
serge90has left
404.cityhas left
Jeybehas joined
404.cityhas joined
dinosaurdynastyhas left
dinosaurdynastyhas joined
Douglas Terabytehas left
Douglas Terabytehas joined
madmalkavhas joined
serge90has joined
Nils (10rokita)has left
bubblerhas left
bubblerhas joined
Jeybehas left
lorddavidiiihas left
Jeybehas joined
lorddavidiiihas joined
404.cityhas left
jayteeukhas left
jayteeukhas joined
solhas left
solhas joined
Jeybehas left
Jeybehas joined
insanityhas left
Jeybehas left
insanityhas joined
Jeybehas joined
Martintom:
> Martin: did you do anything to attract spammers?
> I don't have a spam problem
> (yet anyways)
Not me. But spammers targetting my server, although so far they only send to non existing accounts. But still I report the spammers to the operator and in case he doesn't reply to the hoster.
MartinHow do you know you have no spam? Do you scan incoming messages for spam URLs?
tomIs there any pattern to nonexistant users?
dropshas left
MartinIt's always the same three accounts one is like aaaaa1zz@ or something, so looking pretty random and not like from any wordlist. Don't know how those ended up in the spamlists.
dropshas joined
dropshas left
dropshas joined
Jeybehas left
Jeybehas joined
MartinBut it's good for me as it doesn't reach any existing users and I can report the spammers and let the operators remove those accounts.
Pingu from Woodquarterhas left
felixhas joined
jayteeukhas left
jayteeukhas joined
Martinhas left
Martinhas joined
Martinhas left
Jeybehas left
Jeybehas joined
jayteeukhas left
jayteeukhas joined
felixhas left
felixhas joined
Nils (10rokita)has joined
joerghas joined
solhas left
joerghas left
Martinhas joined
solhas joined
tomWell actually that's perfect
tomJust write a hookin to your server to log those known spam targets
tomAnd use them as a tarpit
solhas left
tomIf a server messages one of those known spam addresses you tarpit their server
tomThis can be automated
tomKeep the connection open and only reply at like 1/bit per second to waste the spammer's resources
tomEvery file descriptor kept open is open less than can be used in a spam attack
solhas joined
tomOr you could be lazy and just write a fail2ban rule
tomFirewall them off
tomSimilar mitigation techniques to email can be used
albrahas joined
Martinhas left
Jeybehas left
Martinhas joined
Jeybehas joined
jayteeukhas left
jayteeukhas joined
joerghas joined
ajeremiashas joined
Martinhas left
jayteeukhas left
jayteeukhas joined
Martinhas joined
ajeremiashas left
ajeremiashas joined
Jeybehas left
Jeybehas joined
tskhas joined
albrahas left
albrahas joined
bubblerhas left
bubblerhas joined
calvinhas joined
Martinhas left
Martinhas joined
Martinhas left
ackerman1scotthas left
ackerman1scotthas joined
Martinhas joined
Maranda🤦🏼♂️
albrahas left
albrahas joined
Jeybehas left
Jeybehas joined
Martintom: Also good servers get spammers. I tell them, they delete them. Throttling s2s to that server would also affect innocent users.
albrahas left
albrahas joined
tomhas left
tomhas joined
Jeybehas left
calvinhas left
calvinhas joined
Jeybehas joined
tskhas left
ibikkhas left
ajeremiashas left
ajeremiashas joined
Nils (10rokita)has left
ibikkhas joined
tomhas left
tomhas joined
Jeybehas left
Jeybehas joined
Jeybehas left
Jeybehas joined
albrahas left
albrahas joined
Nils (10rokita)has joined
albrahas left
albrahas joined
ajeremiashas left
Jeybehas left
Jeybehas joined
ajeremiashas joined
ajeremiashas left
ajeremiashas joined
404.cityhas joined
ajeremiasmastodon has very good moderation tools.. notifying both admins of both servers.. maybe xmpp needs something like that.. how can u notify an xmpp admin?
albrahas left
albrahas joined
404.cityhas left
cuchas left
cuchas joined
tomThere's a xep
tomThat has the admins's contact info
tomYou query the server with a special stanza
tomI don't know of any abuse report automation tools though