-
thndrbvr
jonas’: I use riseup. Connected to we.riseup right now.
-
thndrbvr
Have you guys heard of EARN IT? Slimeballs in Washington DC trying to pass it while everyone's panicking and news is obsessed with the pandemic.
-
thndrbvr
If it somehow passes... what's everyone who's located in the USA going to do? Hope to stay under the radar and practice civil disobedience?
-
pep.
Yep.. it's not new that politics abuse this kind of moment where everybody is distracted to pass s@#t laws
-
tom
thndrbvr: what does the bill do?
-
tom
I'm ready to use mod_onions and tor maps should any political bs happen
-
tom
Oh banning end-to-end encryption
-
tom
I don't see how that can even effect XMPP
-
tom
We are decentralized by nature and enough already, and most of the clients out there are open source
-
tom
What's the government going to do? DMCA a github repo?
-
tom
A simple git clone and copying the folder to a mirror will fix that
-
pep.
tom, https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online some information here
-
tom
I support omemo
-
pep.
(and off to bed)
-
tom
And it auto-turns on whenever someone else does too
-
thndrbvr
I'm afraid they're going to find out who's running the server in question and show up with a SWAT team kicking down a person's front door and hauling them away while ransacking the place.
-
thndrbvr
It removes the protections under Sections 230 and the server operator would be held accountable for everything users of the platform say.
-
thndrbvr
We've seen this sort of thing before. Someone the gov't didn't like had an e-mail account on Lavabit and the owner shutdown the service, went to jail presumably, and spent years fighting in court in order to protect the rest of the people who had e-mail accounts there. I think they confiscated the servers but I don't recall. All because a whistleblower had encrypted e-mails.
-
tom
Are you hosting hardware or vps thndrbvr?
-
tom
https://nixnet.services/blog/vps-providers/
-
tom
If it passes you can migrate to non-US hosting company
-
tom
One that doesn't have insane copyright and crypto laws
-
thndrbvr
I'm running a social network. GNU Social, phpBB forums, Matrix chat, etc. I've got a dedicated server with www.orangewebsite.com which is in Iceland outside the jusidiction of the US, CA, EU, & GB.
-
tom
Iceland
-
thndrbvr
The drives are encrypted too. But, what does any of that matter if I'm a US/CA citizen living in either of those countries?
-
tom
Well
-
tom
I've read in the news that the owner of cockli hosted their stuff in hanetzer's datacenter in germany
-
tom
And they had a problem with people just yanking drives out of their machine
-
tom
Not just ounce. It happened twice
-
tom
They said they would never used hanetzer again
-
pep.
hetzner? I can't find hanetzer
-
pep.
But cockli anyway..
-
tom
I wish I knew more details, like if they installed the security bezel onto their server or not
-
tom
Or if they were in a shared cage
-
tom
Or rack
-
tom
Hetzner yeah
-
tom
What kind of datacenter just allows some agent to show up, without papers or even a support ticket head of time, and start yanking drives out of machines
-
tom
To be clear no charges were even pressed against the owner of that host
-
thndrbvr
Wow.
-
tom
I thought Germany was supposed to have good privacy laws
-
mss_cyclist
As far as I can search it seems the drives were taken by command of a prosecutor.
-
Martin
A service having domains like nuke.africa probably had enough 'verfassungswidriges' going on to get a warrant by a judge.
-
mss_cyclist
Yup
-
mss_cyclist
I guess it is not very smart to host such a server anywhere in Europe
-
Martin
> As far as I can search it seems the drives were taken by command of a prosecutor. Do you have a link? I hope they really had a warrant, otherwise it would be very bad even while I dislike this racism pack of cock.li.
-
thndrbvr
jonas’: Not to change topic but I thought I was also connected to Riseup's XMPP but I see my client is saying "server not found". I feel like they need donations
-
tom
Yeah hold on
-
mss_cyclist
Martin, Link https://www.golem.de/news/bombendrohung-per-cock-li-staatsanwaltschaft-beschlagnahmt-festplatte-bei-hetzner-1512-118169.html
-
tom
https://web.archive.org/web/20181019170928/https://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-seized-by-german-authorities-admin-announces/
-
mss_cyclist
>I thought Germany was supposed to have good privacy laws Germany has/had good privacy laws. But some rights are more valuable than privacy. Whenever racism or terrorism pops up they will not hesitate to go over to investigation. But I guess most western countries will do.
-
tom
https://arstechnica.com/tech-policy/2016/01/cock-li-server-seized-again-by-german-prosecutor-service-moves-to-iceland/
-
tom
It happened two times before they switches colo providers
-
mss_cyclist
They obviously did not get the message 1st time
-
tom
» Germany has/had good privacy laws. But some rights are more valuable than privacy. Whenever racism or terrorism pops up they will not hesitate to go over to investigation. But I guess most western countries will do. That really does not mean all that much
-
tom
All you have to do is send a single hoax email from a provider, and all their rights go away?
-
tom
As long as it's related to 'terrorism'
-
tom
Etc etc
-
mss_cyclist
I guess it needs some more than one email. You are free to try it out. Maybe you can report back and then tell us the exact number
-
tom
I imagine that what if somebody on one of your XMPP servers said something 'racist' or made bomb hoax to get out of an exam what that would mean for your servers
-
Martin
mss_cyclist: > Martin, Link > https://www.golem.de/news/bombendrohung-per-cock-li-staatsanwaltschaft-beschlagnahmt-festplatte-bei-hetzner-1512-118169.html Thx
-
Martin
tom: > I imagine that what if somebody on one of your XMPP servers said something 'racist' or made bomb hoax to get out of an exam what that would mean for your servers It's not about some racist using the server, it's about being a server dedicated to racists. Look at their domains like nuke.africa
-
mss_cyclist
tom, that is a tricky subject. But it seems, seen from German law, that there were more than one accounts on the server which were questionable. But one of the searchings was on behalf of us authorities
-
tom
Remember when lavabit shut down their servers
-
tom
Because 1 political dissident caused lavabit to be forced to give up their private keys
-
Martin
> Remember when lavabit shut down their servers Totally different case, lavabit was no service dedicated to criminals/racists.
-
tom
Seems like a trolling site to me
-
mss_cyclist
>Totally different case, lavabit was no service dedicated to criminals/racists. At least it is not intended. You never know what your users are into
-
tom
You could probably say the same thing about any imageboard
-
tom
Or free speech mailinglist
-
Martin
> from his Bavarian data center by the district attorney for the City of Zwickau in eastern Germany. Something is fishy with this ars technica post. Why should Zwickau be in charge for a Bavarian datacenter.
-
jonas’
it’s a thin line, but if you cater primarily to "trolls", you provide a safe (plausible deniable) harbour to the real people
-
mss_cyclist
Zwickau is by no means Bavaria
-
Martin
mss_cyclist: qed
-
Martin
That's why I say that's fishy.
-
thndrbvr
While I, myself, am a person of color, and am totally against racism.. I don't think that itself is a reason for a server seizure. Anything that is public the authorities can check and I think they should go after the people who make content that promotes RL threats/violence.
-
thndrbvr
Serious threats, not jokes.
-
jonas’
Martin, if the DC operator is registered in Zwickau, Saxony and one of their DCs is in Bavaria, I don’t see what’s wrong with this.
-
tom
Well on their site they say that they comply with legal data requests
-
tom
So i don't even know why the drive seize was nedded
-
tom
Couldn't they have just asked the server op
-
Martin
> Martin, if the DC operator is registered in Zwickau, Saxony and one of their DCs is in Bavaria, I don’t see what’s wrong with this. I still think you need the Bavarian authorities to seize something in a Bavarian data center.
-
jonas’
tom, if the server op caters for this type of folk, they might’ve seen a risk that they would "lose" data before agreeing to hand some data over
-
tom
Guess that's just another reason to use full disk encryption on your servers nowadays. Make sure things go through the proper channels
-
tom
Martin: if you look at all of their domains it's not specifically about racism. It's just a bunch of edgy knee-jerk names designed to offend people
-
tom
420blaze.it goat.si national.shitposting.agency horsefucker.org
-
Martin
It were the racist ones catching my eye. That reminds me that I wanted to stop federating to them…
-
tom
What is a cocaine ninja?
-
Martin
Dunno
-
tom
Unless your saying the ownership of offensive or racist domains means you lose your privacy rights on germany
-
tom
*in
-
Martin
Don't understand.
-
tom
Or is that just something that stuck out to you
-
Martin
> Or is that just something that stuck out to you What I told you > It were the racist ones catching my eye. That reminds me that I wanted to stop federating to them…
-
Martin
I don't care about their weird horsefucking stuff but I am allergic to this racism stuff.
-
Martin
And no, that ain't fun or trolling.
-
Martin
Maybe that's due to me being a german raised and educated here and in Trumpistan racism is not morally problematic but here it is a no-go.
-
Martin
We might have different views regarding that, I can accept that. But for me this cock.li thing crossed the line.
-
tom
You should probably put a list of servers on your website or something of servers you do not federate with
-
tom
For transparency purposes if you host a public server
-
Martin
It's a private server. And so far I have only blocked spam servers not reacting to abuse reports.
-
tom
I remember on the ActivityPub based federated blogs
-
tom
And the operator of the server i was using, random posts would dissapear into the ether
-
tom
The ops wasn't transparent about their blocklist policies
-
tom
I deleted my account there because I felt that was really shady
-
tom
It was really bad because things would just silently not appear, no indication of an error, unlike email where you'll get a bounce message like 5XX host blacklisted by dnsbl.someblacklistprovider.tld
-
Martin
I have no users contacting those servers, so in fact nothing would change. Maybe that's why I didn't block them yet. The servers I have blocked due to spamming are the ones from the public spam blocklist in the xmpp antispam repo.
-
Martin
Also a lot of spam servers fail to s2s because they have no valid certs.
-
Martin
Like jabber.cd or xmpp.us
-
robertooo
mss_cyclist: > There is a fourth: Those who do not check their backups. How do you do this?
-
robertooo
> Yeah, 99% of guides for Prosody are terrible Sounds like a Prosody should write better docs then. Guides aren't needed if docs are good.
-
tom
Martin: did you do anything to attract spammers?
-
tom
I don't have a spam problem
-
tom
(yet anyways)
-
Ellenor Malik
xmpp.jp has an endogenous spam problem
-
tom
Although I do only allow authenticated certs as per that encrypted-s2s-only manifesto
-
Ellenor Malik
> robertooo has written: > Sounds like a Prosody should write better docs then. Guides aren't needed if docs are good. The project's guides are pretty good but not ideal.
-
Ellenor Malik
tom: is that some sorta fox in your avatar?
-
tom
Yes
-
Martin
tom: > Martin: did you do anything to attract spammers? > I don't have a spam problem > (yet anyways) Not me. But spammers targetting my server, although so far they only send to non existing accounts. But still I report the spammers to the operator and in case he doesn't reply to the hoster.
-
Martin
How do you know you have no spam? Do you scan incoming messages for spam URLs?
-
tom
Is there any pattern to nonexistant users?
-
Martin
It's always the same three accounts one is like aaaaa1zz@ or something, so looking pretty random and not like from any wordlist. Don't know how those ended up in the spamlists.
-
Martin
But it's good for me as it doesn't reach any existing users and I can report the spammers and let the operators remove those accounts.
-
tom
Well actually that's perfect
-
tom
Just write a hookin to your server to log those known spam targets
-
tom
And use them as a tarpit
-
tom
If a server messages one of those known spam addresses you tarpit their server
-
tom
This can be automated
-
tom
Keep the connection open and only reply at like 1/bit per second to waste the spammer's resources
-
tom
Every file descriptor kept open is open less than can be used in a spam attack
-
tom
Or you could be lazy and just write a fail2ban rule
-
tom
Firewall them off
-
tom
Similar mitigation techniques to email can be used
-
Maranda
🤦🏼♂️
-
Martin
tom: Also good servers get spammers. I tell them, they delete them. Throttling s2s to that server would also affect innocent users.
-
ajeremias
mastodon has very good moderation tools.. notifying both admins of both servers.. maybe xmpp needs something like that.. how can u notify an xmpp admin?
-
tom
There's a xep
-
tom
That has the admins's contact info
-
tom
You query the server with a special stanza
-
tom
I don't know of any abuse report automation tools though