XMPP Service Operators - 2020-11-02


  1. Martin

    Can you s2s with voip-push.eightysoft.de? I always get `Forbidding insecure connection to/from voip-push.eightysoft.de because its certificate is not valid for this name` but according to Thilo it should serve the right certificate.

  2. jc

    Hey everyone I'm curious what best practices are regarding law enforcement requests. I'm assuming some people here have received them before. What do you generally do? Do you ask for a legally binding document before handing over (meta-)data of a particular user? Thanks

  3. jc

    with "legally binding" I mean something that legally compels you to do so, instead of just someone asking nicely

  4. Ge0rG

    jc: I suppose as long as they are only "asking nicely", you aren't even allowed to hand over any data

  5. jc

    Yeah, that's what I'm wondering

  6. Ge0rG

    but that highly depends on your local legislation, as well as on the legislation of the user asked about

  7. Ge0rG

    like e.g. the GDPR

  8. jc

    Seems problematic to just hand over data to someone who claims they're law enforcement

  9. Ge0rG

    that's even worse.

  10. Ge0rG

    I could claim I'm law enforcement ;)

  11. Ge0rG

    so you need to authenticate them, and you need them to provide you with a legal basis for their request

  12. Ge0rG

    and then you~r lawyer~ must check the law text on whether it is actually sufficient to require that data

  13. jc

    my wat

  14. Ge0rG

    yup

  15. TMakarios

    > Ge0rG wrote: > but that highly depends on your local legislation, as well as on the legislation of the user asked about > like e.g. the GDPR If I'm in New Zealand, with my server in New Zealand, accessed only via New Zealand IP addresses and domain names, but with a user in, say, Bhutan, am I bound by Bhutanese privacy and anti-privacy laws? How would they be enforced?