XMPP Service Operators - 2021-06-22

Since only neraly only matrix.org deploys bifrost its sufficient to block "matrix.org"

Reminder to everyone who's still on v2 onion, they are going to be discontinued soon and won't be well reachable through Tor. You are adviced to switch to v3.

And something different: A user of xmpp.zp1.net and creep.im have been spamming and sharing conspiracy theories into a Coronavirus related MUC. I don't know how to reach the admins of those server. If you know, the users are: noname@creep.im and v-mann@xmpp.zp1.net The MUC in question is: xmpp:corona@chat.yax.im?join

I am not going to ban anyone because of conspiracy theories

It was dominating the MUC through the means of spamming and trolling to spread conspiracy ideology. You neither care about spamming?

creep.im: ^^^ ^

https://github.com/JabberSPAM/blacklist/commits/master

Ah, lol, creep.im is already on that blocklist.

Yes, because there was spam and the admin was not reachable by that time. But seems creep.im never tried to get unlisted now that they are reachable here.

throughaway123 are you the responsible for yax.im?

christian: no, sorry can't help you with that.

throughaway123, the room admin is not taking care of that?

Room admin did respond well.

throughaway123, ok, thanks

(It happend during their sleeping time. Next morning they got blocked)

at that stage I think escalation to the service operators is not necessary or helpful. especially with that coronavirus topic (as much as I despise conspiracy theories), I don’t think that a network-wide ban (deletion of the account) would be beneficial to anyone.

if the behaviour spreads to other places, that’s a different story obviously

Why do you believe it's not helpful?

it is a slippery slope we need to be careful around

in the end, I run netiher of the involved servers and if the room admin is taking care of it, it’s also fine from the search.jabber.network perspective, so these are just my private ramblings anyway

and I need to attend to other things now :)

throughaway123, though, it may be useful if you posted screenshots or logs maybe of the specific things which took place, so that involved admins can make a better judgement

Borrowing the slippery slope argument, keep in mind that the slippery slope argument is by itself often a slippery slope, following a bias that devalues the risk from remaining passive lower then thr risk from being active, without a rationale explanation. Do nothing because doing something has a risk too, is a slippery slope. Nevertheless I agree, that with power comes great responsibility.

> throughaway123, though, it may be useful if you posted screenshots or logs maybe of the specific things which took place, so that involved admins can make a better judgement Oh, I thought the posts of the spammers are still publicly visable. They aren't?

throughaway123, it requires joining though, which one might not watn to

(Oh, ok. i guess that is due to the spam. )

(I personally left that room because it was too much to bear mentally, so I’d prefer not to join -- I can imagine that others might want to keep their contact with that topic as low as possible, too, so screenshots help :))

https://share.conversations.im/throughaway123/BQJj6HRXEYrCgZro/YGTMzaOuQS69u-PwwfhIGQ.jpg

https://share.conversations.im/throughaway123/bV5P1lCZu2s9oxfR/BEPAC7g4QJ6DFy_UZqQ4WA.jpg

https://share.conversations.im/throughaway123/1NEIJ35O3R6vbSMX/FfMDj8NWTle6TC3cG5-fLg.jpg

https://share.conversations.im/throughaway123/1OgenLfvQG8ekgbX/psJfzyNlTKmYVZCifrOwgA.jpg

https://share.conversations.im/throughaway123/7zHVgVSbDwXuPSS4/6qyfYgGeRHyB8tgJk5X7Hw.jpg

(kleine auswahl)

(It's in german, don't know how helpfull that is)

Anyway, to report this is spamming or not should only be reported by MUC admins. Why to escalade this here while we don't even know this is not in accordance with MUC policy or not. Disclaimer: I don't support these theories.

Last pic is pretty clear but this is MUC admin business

croax: 1. if someone spreads racist conspiracy theories I consider this to be a problem 2. if the MUC policy is against or in support of racist conspiracy theories is a different question. 3. It's not, and I said this already. The MUC is well moderated. 4. Why do you believe your input is of any use in that debate?

This is not where to escalate it, throughaway123. IM or mail the yax.im admins if you can't get a resolution from the MUC mods

creep.im admin responded with: I don't care.

throughaway123: what? Only saying this is not the place. There could be a murder we do not operate this scope of issue.

throughaway123: https://yaxim.org/yax.im/tos/ covers what is legal and what is not legal on yax.im.

throughaway123: The MUC is on yax.im, not creep.im

Ellenor Malik, the offender is not on yax.im though

jonas’: correct! :-)

MUC admin can block or report to authority.

throughaway123, how do you know the JID of the spammers if you aren't admin of that muc?

jonas’: The chat.* admin (usually = Jabber service admin) can revoke access to terrible people, at home and overseas.

so it's in-scope for Yax.

But this is under admin responsabiltiy. If admin needs federation help, this is the right place. But as far as I understand, that's not the case (yet) ✏

> throughaway123, how do you know the JID of the spammers if you aren't admin of that muc? it's public soon as one shares a pic.

Their rhs is.

Bravo, you found a chat channel that's not well moderated. Cookie?

hmm http upload shares jid? not just server?

only the server

Ok, here I have a question to fellow service operator: What is the correct process to limit the spread of racism, spammers, conspiracy theroies, sexism...? (Hint: if your answer is a singular solution, you do not have the required knowledge to answer the question, and so please keep the noise out)

Ejabberd can be configured to include the jid in the get url. mod_http_upload - jid_in_url

throughaway123: there's MUC policy, server policy, law, and free speech. Guess who to report to.

croax: can you please stop being a reply-guy, if you're obviously not able to answer my question? ✏

Right

Thanks.

throughaway123, it seems to me like you already made up your mind what kind of answer you want

I'm not sure this is the best venue for that discussion. These are complex social issues.

We're not likely to solve them here to everyone's satisfaction, and I'd rather not be responsible for moderating any attempt

Every MUC and server admin has their own policies, so if you have specific problems, it's best to reach out to them directly

And if they're not interested in solving the problem to your satisfaction, just leave and/or block them as needed

Ok, your MUC, your rules. Everyone is here welcome, as long they are MUC operator?

No, service op.

The primary focus of this channel is for XMPP server operators to discuss with each other the XMPP network. This can be to resolve technical issues with federation, or share advice, tips and other relevant information about running a server.

(Yes sorry, what was what I ment)

throughaway123, there are ways to get banned even from here, for sure

the XSF is currently in the process of establishing a CoC which will also apply to this venue I suppose.

We don't exclude others from participating in such discussions, as long as discussion stays on this topic. In some cases we have muted non-operators for a while when it was necessary to keep the channel useful for its purpose.

disco is used for getting member, correct?

Харпер, members of a MUC? No, there is a specific query for that (only available to MUC admins or when the MUC is configured to show JIDs publicly)

no in this room

by authbot

Oh, I see

It's based on the contact addresses advertised by your server: https://xmpp.org/extensions/xep-0152.html

> The primary focus of this channel is for XMPP server operators to discuss with each other the XMPP network. My question was about that. To discuss how to deal with such issues as a network. So I'm confused what you mean with "xmpp nerwork". Onky the technology, or the technology + the human interaction which makes it a social network?

Primarily the technology, but no, not only. The tools already exist to, for example, block other servers, MUCs, etc. and also to contact service admins. You indicated this is not the kind of answer you wanted, though

an 'xmpp network' is just used to describe the public facing XMPP client-server infrastructure, no?

It seems you want discussion of actual policies... however opinions will vary strongly (I know that for a fact), so we're unlikely to reach an agreement here

Already there is mild disagreement about whether e.g. conspiracy theories should be blocked, and at what level they should be blocked. The thing about a decentralized network is that these disagreements are okay... we all have the power to choose what services we use and what MUCs we join

> You indicated this is not the kind of answer you wanted, though They are fine and useful as answers, if they respect the cultural and social aspects that lead to the rise of [racism, sexism, conspiracy theories...]

You can't solve social problems with technical means. This has been true since the invention of technology.

For example, evidence I have read suggests that engaging with many conspiracy theorists is the recommended route over shutting them out (which just reinforces their belief that they are right)

But this is not the venue to really decide that, it's up to service and MUC admins to decide for themselves what policy they will follow

> You can't solve social problems with technical means. This has been true since the invention of technology. Technolgy impacts social interactions. There's a reason that by the means of youtube and facebook a new rise of conspiracy theory and a new rise of facists can be observed.

In a coronavirus news channel, I can totally see a ban on non-authoritative sources making sense, for example. A more informal discussion channel might prefer to engage such people instead.

throughaway123: well, you can make social problems worse with technical means, that's true.

> opinions vary strongly I'd think this would be more the place to refine XMPP implementation as a whole or a specific policy one already has in mind, yeah. I'm not necessarily here to tell you what you ought to do, throughaway123, so much as give conjecture on how it might be well done. I suspect many here are of the same disposition, beyond kindly informing other hosts of spam sources and such *strictly* janitorial matters.

where the harm is not merely social, but infrastructurally damaging.

> For example, evidence I have read suggests that engaging with many conspiracy theorists is the recommended route over shutting them out (which just reinforces their belief that they are right) That is from this one singular study? (I saw it being shared some time ago in some MUC, can't remember exactly. The assumption that engaging is more effective then shutting them down, is false, because it depends on the circumstances. If you want to push out professional trolling effort that aim to shift the overtone window (yes, facists and conspiracy ideologists educate themselves about such means of communication) you push them out, but engage with the rest, for example.

Providing an extensible service that suits wide needs via modularity; that is XMPP to me. Taking social footholds at the core level is beyond that scope imo, and should be left to individual administration (or modules ;D) ✏

> throughaway123: well, you can make social problems worse with technical means, that's true. You impact it, for the better or the worse. (What's better/worse obviosly depends on eachs individual position).

throughaway123, right, and this is exactly the thing that I *don't* want to debate in this chat :)

UX, it's about UX

Maybe you are right that the study is false, maybe you are wrong - but we're not going to agree here

(I mean "we" collectively)

> throughaway123 wrote: > UX, it's about UX UX?

In what way?

user experience

I personally don't know what the right answer is to dealing with conspiracy theorists, but I do know how to contact XMPP admins and block servers, if that's what you want to do

But you have to respect that some people may not believe that is the right course of action

> shut them down This isn't a social steering committee, imo.

UX will differ depening if service operator and xmpp developers take countering conspiracy theories, sexism, racism as an important part to improofe UX. It will impact code, it will impact admin behaviour.

This is an infrastructure chat. These people pose a social threat to you, not infrastructure. ✏

(The infastructure as no meaning, without the social interaction)

And you need more than XMPP to properly implement your censorship. Call your gov. surveillance agency or the FCC, or something.

> throughaway123 wrote: > (The infastructure as no meaning, without the social interaction) Then you don't need to go through us, the XMPP operators, because we are not the independent variable here.

Your princess is in another castle.

(I don't call for cencorship. I call to think about how our admin and development decisions can have an impact on [social things)

throughaway123: And you've been told how this topic is off-topic in here.

And how do you plan to act based on that thinking? 'shutting down' people is censorship.

no slicing this pie differently.

If everybody is good at detecting and ignoring racism and propaganda, then we don't need to implement any technical measures. All we need to do is elect governments that put proper education first, and then wait for 40 years.

make a bot that picks up on certain conspiracy phrases and ridicules them. There, fixed that problem for you /s

If you aren't going to speculate on how to infrastructurally implement your wish here, not just socially, your result will be partial and your desires unfulfilled. At least brainstorm some sort of module for this, y'know? For example: a room or message keyword field exposed to the user.

> throughaway123: And you've been told how this topic is off-topic in here. I've been first told it's offtopic, then explained how it's ontopic, to then again it would be offtopic. The reasoning is not consitancy, so I have trouble to understand what it ok to say, and what not. All I notice that I'm not welcomed, but I am unable to use the presented arguments to form a logical reasoning out of it. (Sorry that might be my autism. Humans confuse me....)

a bonus of such a module would be quick search of messages within a certain range, and if the keywords display near the body onscreen, one might even remember the simple keyword when looking back for a long ago message.

for rooms, it could display near the topic and orient discussion more strictly.

thoughts?

pintosesk, such specifc implementation topics can better be discussed in a general muc like chat@joinjabber.org or the specific server's mucs if you want to talk actual module creation

(See, now people engage on how a XEP meeting my need could look like. Am I acting against the MUC rules if I engage with it...it's hell of a confusion to me)

hmm.

throughaway123: Issues/questions regarding the infrastructure itself ("why is s2s with jabber.org broken?", "how do I block jabber.org?") are on-topic. Issues/questions regarding the impact of infrastructure decisions on social things ("will blocking jabber.org result in a desired social outcome"?) are off-topic.

So this is purely a janitorial chat then.

server admin, yes

Yes, discussions of policies are off-topic, and discussions of client UX are off-topic (this channel is not for client developers) and discussions of XEPs are generally off-topic (this room is not about general XMPP protocol development)

don't call them glorified janitors 😉

Gotcha. Well, throughaway123 , sorry to mislead you, there actually really is nothing constructive you can say here, but if you care to join me in chat@joinjabber.org, you might be more satisfied.

Thanks, by the by, Kris .

> glorified janitors I guess it's more like plumbing or a post office. ✏

authbot: help

authbot cannot help you, Martin

😔

Ok, I think finally I understand what this MUC is for. Please update your MUC description acording to your expectations. That confusion easily leads to frustration and a waste of time.

TIL authbot.

How does it work? Muting people who spam after joining?

throughaway123, I think the topic is clear enough for a topic, but we are working on a more throrough page explaining this channel for the xmpp.org site

Martin, it requests contact info of the domain of the real jid. if real jid == relevant contact && affiliation == none, set affiliation to member ✏

Ah, sweet.

(on join)

you might want to change the topic from 'discussions between XMPP server operators about the XMPP network' to '[...] about maintenance and status of the XMPP network'

so as to clarify that general discussion of the network itself is off topic.

I want a 'verified server operator' blue tick. 😂

Maybe one day we can finish the hats XEP and you can have one, it would indeed be perfect for this chat :)

just make people members and mute guests?

I (and authbot) do make people members, but not everyone has XEP-0152 enabled or joins from a JID listed there if they do

(nor should they have to)

and I think this is a valid place for non operators to e.g. ask for help reaching an admin of a particular service, or other enquiries that we might be able to help with

Oh yes, I meant that

MattJ: maybe to create a dedicated MUC for this

For what?

if you mean for seeking admins of a particular service, that's basically saying that admins should join both rooms

and we (I, at least) have enough MUCs already

(It's obviously ok to be offtopic from time to time, and the following question is just to verify that I understand the rules of this MUC correctly: you're all offtopic atm? ((sorry if that'a all obvious to you, can't help with my autism)) ✏

throughaway123, yes, kinda. We're discussing the rules of the room... not really a better place to do that :)

We had no problems when it was small and there were ~30 people here who just got along fine

growing pains?

But nowadays we have many people, new people, and I think it has grown faster than the "community"

There could be a MUC providing help for users on general XMPP service questions. But maintenance of federation and technical advices is not same subject to me.

As I said, we're working on publishing some guidelines

The XMPP hype is getting out of hands.

croax, this has never before been a "strictly maintenance and status discussions" chat

MattJ: yes not saying this is or has to be. Just a wish :-)

I only started being strict about staying on topic in recent months because of things getting out of hand

If everyone really wishes it to become that, it can be

and then it may make sense to close it entirely and have it be invite/registration only, after verifying you are an operator

I don't know if that's the best route, but... meh

This seems to be a maintenance and status discussions chat with select benefits to me.

Mmm.

I can't say much more than that.

Well it's clear that some people these days *expect* it to be that

Can there be an operators-meta@ for this kind of bikeshedding?

Ellenor Malik, not if I'm a moderator there, and I don't know who else would volunteer

Anyone is free to go and make one anywhere, of course

ah

> MattJ wrote: > and then it may make sense to close it entirely and have it be invite/registration only, after verifying you are an operator > I don't know if that's the best route, but... meh Doesn't that possibly shut out new operators?

Yes, which is why I don't really like it

I also think it's fine and valuable to have an open place where non-operators can reach operators

But maybe most other operators don't feel that way

MattJ, I think making everyone happy is not going to work. So if anything, the room should be a place you (or whoever has that role, the XSF, ...) is happy owning with.

if most other operators disagree with that, someone can step up and improve on it, one way or another.

jonas’, well, I get complaints when I enforce strict on-topic discussions, I get complaints when I don't ban people immediately for being off-topic... I'm not sure how happy I'll ever get :)

though I don’t think that a "closed" group where at the same time all XMPP operator have access is especially useful.

I consider myself to be among new service operators. I have less than 5 years' experience in this field.

You don't have to ban people immediately, but drawing a clear line between on and off topic is best to make non regulars or different crowds at ease here.

Otherwise we can't tell if we're dancing on your head or not.

I could imagine (a) everyone being happy with having non-ops reaching out, (b) most being happy with occasional off-topic smalltalk, and (c) most being (very) unhappy with endless discussions on random political topics. Problem is a policy that takes care of (c) easily conflicts with (a) and (b).

Yes, (b) is the problem, because it used to be fine when it was not controversial discussions, but these days we get more and more controversial discussions coming up... and the only impartial way to deal with it is to ban the lot

IMHO this place should be primarily for reaching out to server operators about technical issues. We have no technology to solve social issues and thus I'm fully okay with flagging them as off topic, and muting repeat offenders

Otherwise we lose the real value of this room

The fact I've not quit completely falls to a mixture of causes: the welcoming and apparently collegial nature of places like here, stubbornness after banishment from support chats, and an ideological interest in ensuring a future for the Jabber federation.

I think it's possible to resolve the conflict so long as nobody makes smalltalk with any intent or motive behind it.

pintosesk, but I don't want to be the judge of whether people have intent or motive... it just puts me in an awkward position

So just, 'if you want something from us, it better be about our servers and not us as people' would do I think

I end up with PMs from people who think I am personally opposed to them, and unfair

MattJ: that's the expected effect of all moderation

you just gotta make it clear that the smalltalk is pleasant talk and not a therapy session or thinktank, the latter being what I thought it might partially have been.

I want to preserve what we had, which is what is in the topic... a place for server operators to discuss the network in a civil manner

But I believe that is becoming increasingly impossible as the channel grows

I feel like you're being a bit condemning about it, although perhaps I'm just new to the phenomenon.

I don't think there's much else left for me to say about it though.

How's the price of gas?

This channel has been one of the most unpleasant parts of my participation in XMPP in recent months

So yeah

"pintosesk, who cares, don’t drive a car or do you hate the planet?!"

(just to drive the point home, I guess :()

Hovercars or bust

but I digress

MattJ: I think you are doing a great job with the moderation here

Ge0rG, sure, some people think so. Others don't :)

I don't think you're a bad fellow.

what bothers me most is that this is taking valuable time from MattJ :)

and I know I'll never please everyone. But I don't really want server operators leaving because of whatever policies we decide upon here.

Obviously some will, but it's mostly valuable if we can keep it useful for its original purpose

I think the next step is to get that page up on xmpp.org, and then we have some concrete points on record that we can agree to and/or iterate upon

MattJ: if the goal of this place is to have server operators available for civil discourse, you should weigh the feedback from them higher, or you'll end up without them

I don't think anything or one of value will leave is you say 'no ad hominems or unsolicited requests for personal reform'.

Ge0rG, indeed, I try

or something like that.

I'm just a soft animal

that's cool

My hat has arrived

nice hat

nice (mystery) hat

> I want to preserve what we had, which is what is in the topic... a place for server operators to discuss the network in a civil manner So either I'm again confused what this room is for, or you just wish to preserve an old status quo that was: I don't care about minorities, I don't care about white supremacy and sexism, please I want my privilidged comfort being protected. What ever, I understand I'm not welcomed here. Bye.

and there we go

MattJ: you can't make it fit for the people who *want* to misunderstand you

We can build best message protocols, it seems humans have built-in firewalls and hardcoded stanza length limits. So do I.

:o

Hopefully I didn't miss anything important 😵‍💫

MattJ: > I (and authbot) do make people members, but not everyone has XEP-0152 enabled or joins from a JID listed there if they do 0157?

yes

So I should join with the user admin mentioned in 157 to get upgraded to "member"?

yes

you can add multiple too

Licaon_Kter: You are already member. ;-)

Martin: because I asked at one point when the room went members only, sameish offtopic iirc

Licaon_Kter, that’ll stay, authbot is only an aid for the room owners to not have to allowlist *everyone* manually :) ✏

Right

FYI in the Offtopic room we have lots of fun being ontopic, so if you wanna redirect them to xmpp:conversations-offtopic-reloaded@conference.trashserver.net?join feel free. /end of advertisment

Licaon_Kter, not sure where else I have you, do you intend to incorproate the feedback in https://github.com/xsf/xeps/pull/1062 ?

jonas’: yes, but lack of time, also was afk for the week.

Licaon_Kter, ok, just wanted to make sure, take your time :)

MattJ: thank you!

> MattJ: you can't make it fit for the people who *want* to misunderstand you Troll from first post. There is nothing to understand. Comes up with different nicks in several mucs.

4223: Called Morph?

Should tell stories about morph to non-xmpp folk. Irritating though he is, he's basically folklore now, and that would drag in users

Everyone loves a herobrine

Especially a real-life schizophrenic one

Ellenor&c Bjornsdottir: don't know, the first friendly but never ending questions, mixed with more and more agressive noise reminds me off different nicks (but I do not remind the exact nicks).

I am sure conversations-offtopic-reloaded@conference.trashserver.net welcomes your morph discussions :)

:)

MattJ: /me 🤐

qy: ??

Herobrine?

> I am sure conversations-offtopic-reloaded@conference.trashserver.net welcomes your morph discussions :) No more morphing please. 🙂

why not

MattJ: ^

on his way

This message contains inappropriate content for this forum

Remember this name MORPH! All of you will pray! Fuck! Fuck! Fuck! Morph is god XMPP!

Remember this name MORPH! All of you will pray! Fuck! Fuck! Fuck! Morph is god XMPP!

Remember this name MORPH! All of you will pray! Fuck! Fuck! Fuck! Morph is god XMPP!

Remember this name MORPH! All of you will pray! Fuck! Fuck! Fuck! Morph is god XMPP!

Remember this name MORPH! All of you will pray! Fuck! Fuck! Fuck! Morph is god XMPP!

did anybody happen to catch the ip address of that one?

I think so.

it happened on my server too, but i don't log such information

jonas’: did they use the anonymous logon componet?

yes

s2s discloses IP of users?

no

anonymous logon only works on local services

Харпер, no, this was someone abusing anon.xmpp.org

so the IP address was locally available

nice, didn't know xmpp.org had anon services

too bad someone's abusing that though

it happens

jonas’: can you please share the ip with me so i can prevent that ip from using my anon as well

no

well, I probably could, I realize, because I’m in iteam, but the number I saw elsewhere indicated a Tor exit node.

(of course)

so it’s not gonna help anyway.

oh ok

well it does help to temporarily block those as their abused

I expect them to switch exit nodes for each attempt

that way your not blocking tor, but just degrading service enough until the spammer stops

if they go as far as using Tor and the anon service fo rthis

yeah but you can't choose your exit node. so the more you block temporarily the less likely and harder it gets to spam

blocking a single tor exit is silly

when the spam waves stops service levels return to normal

tom, seems like a lot of resources wasted on maintaining a list of IP addresses if you could also just use a Tor-blocking RBL for a while :)

security is just a game of making it harder than the bad guy wants to put effort to do

no i don't reccomend using a tor rbl

also

this should be automated

how? :)

you don't want to completely block tor

https://iplists.firehol.org/?ipset=firehol_anonymous

jonas’: with something like fail2ban to manage ttls

uhh, interesting

that would require feeding the fact that a message was retracted by an admin (or that a ban was placed on the IP via XMPP) into fail2ban

treat it like a spam score when doing email filtering

if you want to allow tor, just make an onion and require an account

but then you’re still faced with lots of abuse you could’ve blocked by blocking the entirety Tor for a while. it’s trade-offs all the way down.

Харпер: what difference does having an onion make?

tom, accountability, because the user is authenticated

i don't understand

it's still encrypted

you just added another layer of encryption on top of the tls

what does encryption have to do with anything?

current situation: user -> Tor --c2s-> anon.xmpp.org --s2s-> muc.xmpp.org; bans only work based on IP addresses. proposed situation: user --c2s-> whatever.onion XMPP server --s2s-> muc.xmpp.org; bans work based on the XMPP account (which is presumably harder to change than IP addresess, and if the server operator is not acting on the abuse, we can block the entire whatever.onion)

what difference does saslanon and saslanon+onion make

or i mean

what jonas’ said

tom, onion+non-anon sasl was the proposal

saslanon+torexit and saslanon+onion

your hosting both whatever.onion and muc.xmpp.org

no

outsourcing the problem isn't fixing the problem

and there's still an actual need for anonymous logon

yes, but that could then be limited to non-tor users

this is similar to what IRC networks have been doing

defeats the whole purposes of anonymity

no

it defeats some purposes, but not all of them

breaks things for tor users

how?

yes, but that’s the fault of the people abusing tor

if your block tor entirly

re anonymity: muc.xmpp.org can still not know who the user really is. the onion service also does not learn the users real IP address.

just just treat tor exit nodes like any other ip on the internet and do automatic temporary blocks

it would only be blocked entirely for anon

there's an accessibility factor too

that’d be feasible if fully automatic blocks were feasible, but they are not

manual action is required to determine that an XMPP message is spam, nobody has figured an automatism so far.

that means the user has to know about and setup an account on a onion server

yes

that’s tough

but on the other side of the equation there is the factor of limited resources of dealing with abuse.

that's an accessibility issue. the whole point of anonsasl was to make things more accessible to everybody

as always

either way

» <jonas’> manual action is required to determine that an XMPP message is spam, nobody has figured an automatism so far. when someone bans someone on your server, and other channels start banning them too that could be a good indicator if we had something to track

that’s... way too slow in my opinion

and the spam came from at least two different IP addresses in two different channels, so it’s not going to work

what's a reasonable time for you to metigate spam?

(with IP based bans from tor abuse)

but yes, we need such a protocol to exchange information about abusers in real time, however, it’s complex and this is not the venue to develop it

do we though?

no.

torexit abusers don't happen nearly as much or to every single ip on the internet as people seam to think it does

my small site is probably fine

in fact

tom, yes, we need such a protocol, but it’s unrelated to Tor abuse, more a general spam-wave thing

chinese telecom ip addresses and russian cellphones are much more of a problem for me than tor exits

and it's not really that big of a problem with my fail2ban sensors

jonas’: look at DCC and pyzor

(distributed checksum clearinhouse)

it's one of the protocols i use for that exact purpose on email

https://www.rhyolite.com/dcc/

doesn’t sound like something which would help with all of that "hello" spam.

https://www.pyzor.org/en/latest/

on a different note why is it not possible to apply bogofilter to xmpp?

moparisthebest, said it was because messages are too short

to be clear that's what I recall reading somewhere, I'm no expert

not disagreeing with you, it sounds reasonable

but is it one of those things that really isn't possible, or does it happen that it might actually work really well just no one has tried

i don't see why you couldn't anyways

surely someone has tried?

just reduce the weight of the bogo or fuzzy hash scoring system in your overwall anomaly scoring system

i bet like most spam metigation tech actually in use it would be beneficial as one componet as part of a large collection of things

> messages are too short Concat multiple messages? Won't do insta-filtering, and wouldn't help with one-shot messages, but could still help by marking users as spammy

proof of work for friend requests? is there a XEP for this already?

does Pleroma chat use XMPP?

No it's all done with activitypub over HTTPS.

great

gives me a new idea for a round shaped object

what is that xorman?

it's intended for carrying objects

gotta patent it

I shall call it "wheel"

>not naming a trendy new re-implementation of a tech thing after greek mythology

> or purposefully misspelling it and then adding ify to the end

or r