Hello! I have a noob question.
I have a muc on my personal server and someone with an account registered on conversation.im server enter my muc.
On conversation.im server the service operator can see all muc messages? or only messages that the user registered on conversation.im sends?
schäfchen726has left
schäfchen726has joined
leonard_pi
I mean, messages of my muc stay on my server or goes in other server where people opened their accounts?
mjk
leonard_pi, all MUC messages are broadcast to all participants
mjk
so yea, c.im will see all messages when someone is joined from there
mjk
standard disclaimer: unless e2e-encrypted
abdullahhas left
kbt100has joined
abdullahhas joined
leonard_pi
mjk: thank you.
so, the same but reverse.
I am trying to see on my server if I find messages of muc where I joined, like this one for example.
i use metronome so under /var/metronome i only find files of my server (muc and everything) but nothing stored of other servers.
wladmishas joined
Obscurahas joined
Alberthas left
Alberthas joined
riau.snihas left
mjk
well, MUC messages aren't archived (by default, at least)
mjk
but they pass through, so they _can_ be logged or archived
leonard_pi
but they pass s2s and if they are unencrypted the xmpp service operator can store them, correct?
mjk
yeah
mjk
some configuration or additional modules would be needed, can't help with beyond that :)
Alex (elaon.de)has left
leonard_pi
thank you very much. no i don't need it. I just want to know if it's possible. It's a big problem for me cause I can't accept on my muc trusted users that have registered their account on other servers.
Alex (elaon.de)has joined
Abbehas joined
karmehas left
Abbehas left
wladmishas left
wladmishas joined
'has left
'has joined
ernst.on.tour
It is a privat and crypred MUC, didn't you have to invite your members ?
abdullahhas left
abdullahhas joined
Silvio Titzmannhas left
bkil
It would be interesting if somebody analyzed XMPP/OMEMO from the same perspective https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients/ https://github.com/nebuchadnezzar-megolm/nebuchadnezzar-megolm.github.io/blob/main/index.md
msavoritiashas left
riau.snihas joined
Silvio Titzmannhas joined
antranigvhas joined
antranigvhas left
msavoritiashas joined
opensourcedhas left
opensourcedhas joined
Silvio Titzmannhas left
p42ityhas joined
p42ityhas left
msavoritiashas left
msavoritiashas joined
Steven Roosehas joined
Sapotaceaehas left
Silvio Titzmannhas joined
Dead Headhas joined
Alberthas left
Abbehas joined
Sapotaceaehas joined
Steven Roosehas left
Alberthas joined
abdullahhas left
abdullahhas joined
schäfchen726has left
schäfchen726has joined
schäfchen726has left
schäfchen726has joined
Obscurahas left
mjk
I mean, what's to analyze? practically every omemo client employs blind trust by default, making omemo useless against active attacks 🚎️
mjk
*:trollface:
mjk
at least we attach an IV to each encrypted file...✎
mjk
at least we attach an IV to each encrypted file link... ✏
leonard_pi
> ernst.on.tour:
> It is a privat and crypred MUC, didn't you have to invite your members ?
I don't understand the question, sorry.
Can you rewrite it?
I tryed to do encrypted muc (with omemo active) but it's a mess.
Not everyone has the omemo keys of everyone (someone may change device etc) and it becomes a mess pretty easly.
Abbehas left
Obscurahas joined
zreqhas joined
Licaon_Kter
leonard_pi:
> Not everyone has the omemo keys of everyone (someone may change device etc) and it becomes a mess pretty easly.
Since 2018 servers intermediate the exchange so members don't need to be contacts before joining... Is the proper pubsub node in "open" mode? Which server software?
Licaon_Kter
mjk:
> I mean, what's to analyze? practically every omemo client employs blind trust by default
But that's how the great silos are setup so that's good riiight? Riiiight??
j.r (jugendhacker.de)
> I mean, what's to analyze? practically every omemo client employs blind trust by default, making omemo useless against active attacks 🚎️
But at least OMEMO does pfs right, so an attacker could not decrypt old messages....
j.r (jugendhacker.de)
mjk,
miruxhas left
miruxhas joined
mjk
> But that's how the great silos are setup so that's good riiight? Riiiight??
"right". at least in some of the great silos' cases, unencrypted is not even an option, while in xmpp users often have to turn it on *and on top of that* disable blind trust (if that's even an option)
mjk
j.r (jugendhacker.de), I didn't read the entire disclosure document; was there an attack against past messages in matrix?!
sonnyhas left
Abbehas joined
Obscurahas left
kuba_has left
riau.snihas left
'has left
jzmartinhas left
'has joined
kuba_has joined
riau.snihas joined
leonard_pi
> Licaon_Kter:
> leonard_pi:
> Since 2018 servers intermediate the exchange so members don't need to be contacts before joining... Is the proper pubsub node in "open" mode? Which server software?
Oh, maybe I can understand better with an example.
Someone new join my muc while all other users are offline and he writes with OMEMO something then goes offline.
When I came online later I see the decrypted message or I see it encrypted?
If decrypted so I understand your sentence. Servers keeps all public keys of everyone so that users don't have to exchange the keys personally, right?
But why all groups (like this one) has OMEMO off? I can't event write with OMEMO here.
Maybe I am just using an old version of metronome. It's the 3.14.5
antranigvhas joined
opensourcedhas left
Licaon_Kter
leonard_pi: this is a public channel
See https://docs.modernxmpp.org/client/groupchat/
Users are anonymous, messages are not encrypted by design
Obscurahas joined
abdullahhas left
abdullahhas joined
j.r (jugendhacker.de)
> j.r (jugendhacker.de), I didn't read the entire disclosure document; was there an attack against past messages in matrix?!
As far as I understood, yes, but reading it again from the matrix.org perspective, I'm not totally sure anymore...
Yerayhas left
opensourcedhas joined
abdullahhas left
abdullahhas joined
j.r (jugendhacker.de)
But as far as I understand there was a bug, where an attacker could add an authenticated malicious device without the users knowledge, which in my understanding would mean they could now request old history from this device?
abdullahhas left
abdullahhas joined
jzmartinhas joined
Dead Headhas left
Dead Headhas joined
mjk
I don't really know how e2ee in matrix works, I'd assume this to be possible only if the server keeps a backup of old messages
mhhas left
balabol.imhas left
mjk
like, a symmetrically-encrypted backup
Yerayhas joined
ernst.on.tour
leonard_pi: Do you know who i am ?
You just see my nick *for this MUC*
To do OMEMO your client need to know my key, but therefor he has to know my real jid not my nick.
Anonymous MUC doesn't offer real JID
Dead Headhas left
Dead Headhas joined
balabol.imhas joined
j.r (jugendhacker.de)
> only if the server keeps a backup of old messages
No, the clients request it form older clients:
> In order to maintain the ability to decrypt conversation history, inbound sessions should store a copy of their earliest known ratchet value
See https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#advancing-the-ratchet
abdullahhas left
abdullahhas joined
mjk
fwiw, anon MUCs _could_ mediate public key exchange, but they, hopefully, don't, by design
mhhas joined
mjk
j.r (jugendhacker.de), ah, yes, c2c history transfer
Calvinhas joined
kryptoshas joined
kryptoshas left
j.r (jugendhacker.de)
mjk, not really history transfer, they AFAIK transfer the rachet/key material to a new client, for this client to replay the decription of the history, which IMHO defeats the porpose of using pfs in the first place.
mjk
leonard_pi:
> Someone new join my muc while all other users are offline and he writes with OMEMO something then goes offline.
> When I came online later I see the decrypted message or I see it encrypted?
BTW, if you experienced issues with this scenario in practice, it could have been a client bug (on the new user's side) that causes it to encrypt only to online members. e.g. Gajim briefly had this issue.
bookadouhas joined
mjk
j.r (jugendhacker.de), 😱️ (no sarcasm)
abdullahhas left
abdullahhas joined
leonard_pi
> mjk:
> leonard_pi:
> BTW, if you experienced issues with this scenario in practice, it could have been a client bug (on the new user's side) that causes it to encrypt only to online members. e.g. Gajim briefly had this issue.
Thank you very much, I have to study more. Do you know the version of gajim that fixed this issue?
leonard_pi
> Licaon_Kter:
> leonard_pi: this is a public channel
> See https://docs.modernxmpp.org/client/groupchat/
> Users are anonymous, messages are not encrypted by design
You are right, thank you very much.
I have to read and understand well everything.
p55shas left
Dead Headhas left
abdullahhas left
abdullahhas joined
mjk
leonard_pi, one of the very latest omemo plugin versions, iirc
abdullahhas left
abdullahhas joined
kryptoshas joined
kryptoshas left
Albert
> leonard_pi, one of the very latest omemo plugin versions, iirc
but if other members of a private group using omemo still have the old version of gajim he other members still face the problem, don't they?
I am using 1.4.7 and I cannot read the messages (sent when I was offline)of some users of a private group that uses omemo
balabol.imhas joined
abdullahhas left
abdullahhas joined
schäfchen726has left
schäfchen726has joined
mjk
as I mentioned, it's an issue on the sending side(s), so depends on their clients and versions
Albert
I see thanks
Licaon_Kter
1.5.2 release notes have info on something like this
*IM*has joined
Sam@!has left
Albert
> 1.5.2 release notes have info on something like this
This tag has no release notes.
Albert
https://dev.gajim.org/gajim/gajim/-/tags/1.5.2
Albert
could you share what you found?
william.chatnerhas joined
Licaon_Kter
gajim.org News?
beanhas left
Abbehas left
kryptoshas joined
kryptoshas left
test1has left
test1has joined
wurstsalat
Afaik this has been an issue before 1.5 as well.
wurstsalat
(but it's fixed now)
Dead Headhas joined
resolihas joined
patascahas left
schäfchen726has left
schäfchen726has joined
patascahas joined
p55shas joined
kryptoshas joined
kryptoshas left
schäfchen726has left
schäfchen726has joined
Sam@!has joined
Alberthas left
Alberthas joined
kryptoshas joined
kryptoshas left
resolihas left
riau.snihas left
Alberthas left
John has left
kryptoshas joined
kryptoshas left
Obscurahas left
froghas left
froghas joined
kryptoshas joined
kryptoshas left
Sam@!has left
Sam@!has joined
schäfchen726has left
schäfchen726has joined
kikuchiyo
Is wiuwiu's TOR service down ?
qawb5xl3mxiixobjsw2d45dffngyyacp4yd3wjpmhdrazwvt4ytxvayd.onion
wiuwiu admin is not responding
xmpp:sebastian@wiuwiu.de✎
Silvio Titzmannhas left
belonghas joined
riau.snihas joined
John has joined
Silvio Titzmannhas joined
Obscurahas joined
kryptoshas joined
kryptoshas left
*IM*has left
wladmishas left
p42ityhas joined
abdullahhas left
abdullahhas joined
wladmishas joined
catchyhas joined
kbt100has left
riau.snihas left
Obscurahas left
abdullahhas left
abdullahhas joined
*IM*has joined
schäfchen726has left
schäfchen726has joined
abdullahhas left
abdullahhas joined
sonnyhas joined
riau.snihas joined
abdullahhas left
abdullahhas joined
wladmishas left
wladmishas joined
opensourcedhas left
opensourcedhas joined
ernst.on.tourhas left
Obscurahas joined
sonnyhas left
kuba_has left
kuba_has joined
sonnyhas joined
ernst.on.tourhas joined
riau.snihas left
sonnyhas left
sonnyhas joined
karimhas left
karimhas joined
abdullahhas left
froghas left
abdullahhas joined
froghas joined
abdullahhas left
abdullahhas joined
Obscurahas left
sonnyhas left
bkil
leonard_pi I would like to recommend this note that targets Matrix, but some of the points may also apply to other similar systems https://bkil.gitlab.io/secuchart/#public_room_e2ee
Steven Roosehas joined
bkil
ernst.on.tour: Couldn't the client generate a new key pair per room?
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
riau.snihas joined
Obscurahas joined
kryptoshas joined
kryptoshas left
opensourcedhas left
Alberthas joined
Licaon_Kter
bkil: no, wait, wat?
schäfchen726has left
schäfchen726has joined
kryptoshas joined
kryptoshas left
opensourcedhas joined
abdullahhas left
abdullahhas joined
bkil
I don't know the answer, was just some brainstorming.
sonnyhas joined
schäfchen726has left
schäfchen726has joined
abdullahhas left
Licaon_Kter
bkil: keys are per device
abdullahhas joined
sanderhas left
miruxhas left
miruxhas joined
belonghas left
leonard_pi
A member may lose the ability to decode messages while all of their sessions are signed out (e.g., closing an incognito browser window) and until the encryption keys are not recovered manually following a new login (if they haven't forgot to set that up)
is this point good for xmpp too?
Obscurahas left
bkil
Licaon_Kter: Yeah, I mean they could consider to write a XEP about generating a new key pair per room per device to enhance anonymity.
abdullahhas left
abdullahhas joined
Licaon_Kter
leonard_pi: if your web client does that, then yes... change your broken client
Licaon_Kter
bkil: 👏 threat 👏 model 👏
sonnyhas left
Sam@!has left
sonnyhas joined
bkil
Sure, I agree it would be much cheaper just to create a new account to join in on the OMEMO whistleblower MUC. 🤷
abdullahhas left
abdullahhas joined
kbt100has joined
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
ijhas left
miruxhas left
Licaon_Kter
bkil: riiight
homebeachhas left
homebeachhas joined
miruxhas joined
p42ityhas left
mjkhas left
schäfchen726has left
schäfchen726has joined
schäfchen726has left
schäfchen726has joined
jzmartinhas left
mjkhas joined
dissenshas left
Steven Roosehas left
jzmartinhas joined
*IM*has left
schäfchen726has left
schäfchen726has joined
ijhas joined
schäfchen726has left
schäfchen726has joined
jzmartinhas left
jzmartinhas joined
karlhas left
antranigvhas left
krzhas left
krzhas joined
jzmartinhas left
jzmartinhas joined
timothyhas left
timothyhas joined
riau.snihas left
Ionelhas joined
schäfchen726has left
schäfchen726has joined
karmehas joined
sonnyhas left
leonard_pihas left
sonnyhas joined
'has left
Alberthas left
opensourcedhas left
opensourcedhas joined
Obscurahas joined
'has joined
Obscurahas left
karimhas left
krzhas left
karimhas joined
abdullahhas left
krzhas joined
karimhas left
jzmartinhas left
karimhas joined
karimhas left
karimhas joined
miruxhas left
miruxhas joined
patascahas left
jzmartinhas joined
karimhas left
karimhas joined
kbt100has left
wladmishas left
wladmishas joined
wladmishas left
wladmishas joined
karimhas left
karimhas joined
karlhas joined
patascahas joined
kbt100has joined
riau.snihas joined
schäfchen726has left
schäfchen726has joined
abdullahhas joined
karimhas left
karimhas joined
leonard_pihas joined
abdullahhas left
jzmartinhas left
abdullahhas joined
sanderhas joined
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
Obscurahas joined
abdullahhas left
abdullahhas joined
Chris Machas left
opensourcedhas left
Calvinhas left
opensourcedhas joined
Steven Roosehas joined
jzmartinhas joined
Chris Machas joined
karimhas left
sanderhas left
karimhas joined
Obscurahas left
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
*IM*has joined
karimhas left
karimhas joined
raghavgururajanhas left
Chris Machas left
Chris Machas joined
abdullahhas left
abdullahhas joined
jzmartinhas left
sanderhas joined
jzmartinhas joined
Obscurahas joined
Calvinhas joined
Calvinhas left
Steven Roosehas left
Calvinhas joined
riau.snihas left
Obscurahas left
Sam@!has joined
patascahas left
Calvinhas left
patascahas joined
Calvinhas joined
jzmartinhas left
Calvinhas left
karlhas left
Calvinhas joined
Calvinhas left
Calvinhas joined
waelhas left
waelhas joined
Calvinhas left
opensourcedhas left
Calvinhas joined
jzmartinhas joined
opensourcedhas joined
Calvinhas left
Calvinhas joined
karmehas left
karmehas joined
Steven Roosehas joined
schäfchen726has left
schäfchen726has joined
xihas left
xihas joined
abdullahhas left
abdullahhas joined
Calvinhas left
Calvinhas joined
Calvinhas left
abdullahhas left
abdullahhas joined
Calvinhas joined
abdullahhas left
abdullahhas joined
catchyhas left
catchyhas joined
kikuchiyo
> wiuwiu admin is not responding
> xmpp:sebastian@wiuwiu.de
Sorry just realized this operator is not participating here atm. Has he ever? ✏
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
bookadouhas left
bookadouhas joined
Ionelhas left
riau.snihas joined
Calvinhas left
*IM*has left
Calvinhas joined
Obscurahas joined
keyzerhas left
Calvinhas left
Calvinhas joined
Calvinhas left
sanderhas left
opensourcedhas left
opensourcedhas joined
Obscurahas left
karlhas joined
abdullahhas left
abdullahhas joined
Calvinhas joined
kapadhas joined
dissenshas joined
Calvinhas left
sanderhas joined
abdullahhas left
abdullahhas joined
riau.snihas left
keyzerhas joined
neoxhas left
neoxhas joined
riau.snihas joined
keyzerhas left
keyzerhas joined
'has left
schäfchen726has left
schäfchen726has joined
'has joined
Dead Headhas left
Dead Headhas joined
Obscurahas joined
Obscurahas left
Alberthas joined
Chris Machas left
riau.snihas left
Chris Machas joined
msavoritiashas left
msavoritiashas joined
zreqhas left
p55shas left
Calvinhas joined
miruxhas left
Calvinhas left
miruxhas joined
riau.snihas joined
abdullahhas left
abdullahhas joined
p55shas joined
homebeachhas left
homebeachhas joined
msavoritiashas left
ijhas left
Obscurahas joined
msavoritiashas joined
leonard_pi
> leonard_pi: if your web client does that, then yes... change your broken client
Can I disturb you one more time?
I can't understand, I have now the latest version of gajim 1.5.2 and the OMEMO plugin 2.8.15
I did some tests and I can't read messages in muc encrypted when i'm offline.
patascahas left
djorzhas joined
riau.snihas left
abdullahhas left
abdullahhas joined
belovehas left
belovehas joined
ijhas joined
belovehas left
belovehas joined
j.r (jugendhacker.de)has left
Obscurahas left
mjk
leonard_pi, you need at least 2.8.16, and on the _sending_ side
j.r (jugendhacker.de)has joined
miruxhas left
miruxhas joined
mjk
but yeah, for future, better consult at xmpp:gajim@conference.gajim.org?join
adnanhas joined
John has left
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
miruxhas left
miruxhas joined
John has joined
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
balabol.imhas left
abdullahhas left
abdullahhas joined
catchyhas left
adnanhas left
balabol.imhas joined
patascahas joined
Ray22has joined
Bjarkanhas left
krzhas left
abdullahhas left
abdullahhas joined
krzhas joined
balabol.imhas left
homebeachhas left
homebeachhas joined
jzmartinhas left
abdullahhas left
abdullahhas joined
Ray22has left
Chris Machas left
abdullahhas left
abdullahhas joined
jzmartinhas joined
abdullahhas left
abdullahhas joined
balabol.imhas joined
abdullahhas left
abdullahhas joined
abdullahhas left
abdullahhas joined
riau.snihas joined
abdullahhas left
abdullahhas joined
Chris Machas joined
Ray22has joined
Calvinhas joined
John has left
Calvinhas left
jzmartinhas left
sonnyhas left
loopboomhas joined
John has joined
alacerhas left
alacerhas joined
dinosaurdynastyhas left
leonard_pi
> mjk:
> leonard_pi, you need at least 2.8.16, and on the _sending_ side
Thanks! 🙏
leonard_pi
> bkil:
> leonard_pi I would like to recommend this note that targets Matrix, but some of the points may also apply to other similar systems https://bkil.gitlab.io/secuchart/#public_room_e2ee
I read your site, very interesting, thanks.