Apparently Zoom is based on XMPP. yet another evil tech corp taking free software & open interoperable standards, ripping out the interoperability, and adding in spyware https://upload.nuegia.net/e33e0872-eda4-49c3-9dd2-715e668c98a1/screenshot.png
ralphmhas left
tom
» Elastic Search, Elastic cache, DynamoDB, SQS and S3
I can't think of why these tools would be required to running an XMPP server
tom
My guess is that they are storing absolutely EVERYTHING to an amazon S3 bucket
tom
Even videocalls
tom
Running ""analytics"" on them
tom
Did you know that Egypt was found to record ALL IP traffic egressing the country to disk?
stvnhas left
holgerhas left
tom
» Running ""analytics"" on them
to """improve our services"""
Licaon_Kterhas joined
Licaon_Kter [yaxim refugee for mucs]has joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
thndrbvr
Zoom has also said they want to be able to share everything with the US gov't. They kept flip flopping with how any sort of encryption was being done.
stpeterhas joined
stvnhas joined
tom
Sooner or later that giant bucket of userdata is going to leak
tom
Especially with their security track record
tom
It will probably be the next Cambridge analytica
tom
Possibly worse
mss_cyclisthas left
tom
I'm tempted to download the binary on a separate machine, do a little blackboxing myself. Maybe throw it into Ghirda
mss_cyclisthas joined
stpeterhas left
ralphmhas joined
holgerhas joined
stvnhas left
stvnhas joined
seandreashas joined
thndrbvrhas left
jayteeukhas left
jayteeukhas joined
Nils (10rokita)has left
jayteeukhas left
jayteeukhas joined
cuchas joined
Nils (10rokita)has joined
lorddavidiiihas joined
cuchas left
cuchas joined
cuchas left
cuchas joined
schorschhas left
seandreashas left
Pingu from Woodquarterhas joined
mehdihas left
mehdihas joined
seandreashas joined
thndrbvrhas joined
madmalkavhas joined
perflysthas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
karimhas joined
perflysthas left
stpeterhas joined
stvnhas left
mightyBroccolihas left
stvnhas joined
maineshas left
maineshas joined
stpeterhas left
Marandahas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
perflysthas joined
colochonhas joined
lorddavidiiihas left
lorddavidiiihas joined
mightyBroccolihas joined
sgergerhas joined
10rokitahas joined
Beherithas left
Beherithas joined
thndrbvrhas left
mightyBroccolihas left
stvnhas left
Beherithas left
perflysthas left
mightyBroccolihas joined
stvnhas joined
Beherithas joined
karimhas left
stvnhas left
colochonhas left
stvnhas joined
vu764hd68fxthas joined
thndrbvrhas joined
seandreashas left
maineshas left
maineshas joined
insanityhas left
Huxxhas joined
colochonhas joined
mehdihas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
stvnhas left
vu764hd68fxthas left
vu764hd68fxthas joined
stvnhas joined
stvnhas left
Beherithas left
Beherithas joined
Melhas left
insanityhas joined
Douglas Terabytehas joined
seantoddhas left
seantoddhas joined
karimhas joined
andrey.utkinhas joined
thndrbvrhas left
stvnhas joined
perflysthas joined
stvnhas left
Melhas joined
stpeterhas joined
schorschhas joined
schorschhas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
perflysthas left
stvnhas joined
stpeterhas left
jayteeukhas left
jayteeukhas joined
Melhas left
Melhas joined
jayteeukhas left
jayteeukhas joined
stvnhas left
schorschhas joined
stvnhas joined
Douglas Terabytehas left
Douglas Terabytehas joined
Martinhas left
Martinhas joined
ksuxat.has joined
schorschhas left
schorschhas joined
schorschhas left
nawhas joined
Douglas Terabytehas left
karimhas left
karimhas joined
solhas left
solhas joined
nawhas left
ajeremiashas joined
insanityhas left
insanityhas joined
schorschhas joined
andrey.utkinhas left
andrey.utkinhas joined
schorschhas left
insanityhas left
solhas left
solhas joined
insanityhas joined
insanityhas left
perflysthas joined
Link Mauvehas joined
stpeterhas joined
insanityhas joined
perflysthas left
kikuchiyohas joined
stvnhas left
stvnhas joined
kikuchiyohas left
kikuchiyohas joined
stpeterhas left
Viktor Lindberghas left
Viktor Lindberghas joined
stvnhas left
stvnhas joined
stvnhas left
stvnhas joined
stvnhas left
stvnhas joined
stvnhas left
stvnhas joined
kikuchiyohas left
sonnyhas left
sonnyhas joined
jayteeukhas left
jayteeukhas joined
kikuchiyohas joined
abidal3has left
abidal3has joined
stvnhas left
schorschhas joined
stvnhas joined
insanityhas left
schorschhas left
ajeremiashas left
stvnhas left
stvnhas joined
maineshas left
sakhmatdhas left
sakhmatdhas joined
kikuchiyohas left
sakhmatdhas left
stvnhas left
sakhmatdhas joined
benhas left
jayteeukhas left
jayteeukhas joined
abidal3has left
abidal3has joined
stvnhas joined
jayteeukhas left
jayteeukhas joined
maineshas joined
benhas joined
calvinhas joined
calvinhas left
calvinhas joined
schorschhas joined
ahas left
stpeterhas joined
schorschhas left
ahas joined
schorschhas joined
sonnyhas left
sonnyhas joined
schorschhas left
stpeterhas left
schorschhas joined
kikuchiyohas joined
kikuchiyohas left
schorschhas left
schorschhas joined
stvnhas left
schorschhas left
abidal3has left
lorddavidiiihas left
abidal3has joined
lorddavidiiihas joined
solhas left
stvnhas joined
solhas joined
musashihas left
musashihas joined
insanityhas joined
insanityhas left
Marandahas left
Marandahas joined
kikuchiyohas joined
insanityhas joined
insanityhas left
insanityhas joined
Melhas left
Melhas joined
abidal3has left
holgerhas left
stvnhas left
stvnhas joined
stvn
Prosody or ejabberd ?
Licaon_Kter
stvn: yes...
stvn
Haha, so both are good ?
Licaon_Kter
stvn: yes, depends on stuff, what's your usecase?
stvnhas left
stvnhas joined
stvn
Personal server, vps hosted, id also open registration for other people to use
holgerhas joined
stvn
thndrbvr: now on zoom you have to pay for e2e
cuchas left
insanityhas left
insanityhas joined
MattJ
stvn: running a public server involves some amount of work - dealing with spammers, and so on
MattJ
I'd recommend against it generally, unless you're really prepared for that
a
or not dealing with spammers at all
a
I was told about day Tigase can automatically detect and block spam accounts✎
a
I was told another day Tigase can automatically detect and block spam accounts ✏
a
sadly I don't use Tigase
MattJ
Not sure what Tigase does exactly, but Prosody has similar capabilities
a
but I'm pretty sure a similar feature will be available in ejaaberd eventually✎
a
but I'm pretty sure a similar feature will be available in ejabberd eventually ✏
Ge0rG
"automatically detect and block spammers" - ha, I wish there'd be such a thing
Beherithas left
Ge0rG
the best you can get is automatically block people who registered throuh potential proxy servers
a
so... go for it. go for the open server. the more the merrier
MattJ
https://yaxim.org/blog/2020/05/12/new-anti-spam-measures/ - example write-up from Ge0rG for Prosody
Licaon_Kter
stvn: open for other people does not mean public necessary, eg. You can create the account and share the credentials.
MattJ
Licaon_Kter: noooooooooooo
MattJ
Why do XMPP folk think that handing around passwords is acceptable in 2020?
Ge0rG
MattJ: because there is no other way with an UX that is understandable by users
MattJ
Ge0rG: that's demonstrably not true?
stvnhas left
Ge0rG
MattJ: ...in XMPP
Beherithas joined
MattJ
Easy invites work great
Ge0rG
MattJ: I tried it once with a family member, and it wasn't perfect.
MattJ
Oh?
MattJ
I tried it with 8 family members and about 20 people at FOSDEM
stvnhas joined
Ge0rG
MattJ: maybe it's better if we push the JID and token through Google Play.
MattJ
That's what Snikket does, works great
stvn
Dont think id had much public traffic tbh
stvn
But id defently allow public acces, i will look around spam protection then
MattJ
stvn: spam bots scan for servers that allow registration and can register thousands of accounts each day
stvn
Is there some xmpp monitor ?
MattJ
Also see https://prosody.im/doc/public_servers
Ge0rG
MattJ: it still lacks a big bold 30pt statement about the rule #1 of running public xmpp servers
cuchas joined
Licaon_Kter
> I tried it with 8 family members and about 20 people at FOSDEM
I'm not doing this ^^^ so it scales :))
Licaon_Kter
Also clients can change passwords...c'mon
cuchas left
cuchas joined
Licaon_Kter
Ge0rG: what's that? _"DON'T"_?
pep.
Licaon_Kter, how many of these users are going to it (change passwords)
stvnhas left
stvnhas joined
Licaon_Kter
Let's not move the goalpost :))
stpeterhas joined
mehdihas joined
derventiohas joined
stvnhas left
pep.
"Why do XMPP folk think that handing around passwords is acceptable in 2020?" < I'm not moving this one. I agree with the statement behind the question and I was just continuing to highlight pitfalls of your approach :)
Licaon_Kter
¯\_(ツ)_/¯
Licaon_Kter
ejabberd lol
Beherithas left
Martin
> Why do XMPP folk think that handing around passwords is acceptable in 2020?
I had to do those for my apples.
Beherithas joined
Licaon_Kter
MattJ:
> Why do XMPP folk think that handing around passwords is acceptable in 2020?
Having one client on one platform and one server...is acceptable? What is this now, Matrix?
seandreashas joined
pep.
I agree that's a fair point. Neither protocols nor implementations are close to fixing this. That doesn't make handling around passwords more acceptable though
MattJ
Martin: Siskin has supported invite links since FOSDEM
Ge0rG
Licaon_Kter: exactly!
MattJ
And the invite page allows you to enter a password manually to create the account
MattJ
So no, I don't think a single implementation is healthy, and I don't think it's what we have
cuchas left
pep.
MattJ, prosody's original mod_invite you mean?
Martin
MattJ: Hmm, didn't know that.
Licaon_Kter
MattJ: I do want all this ofcourse, but I can't erlang so there's that....
MattJ
pep.: original and the Snikket one
pep.
ok
MattJ
So from the user perspective the only difference with the new stuff is that you can register right within the app instead of on the site