XMPP Service Operators - 2022-10-09

喵喵喵？

en_GB?

Hello! I have a noob question. I have a muc on my personal server and someone with an account registered on conversation.im server enter my muc. On conversation.im server the service operator can see all muc messages? or only messages that the user registered on conversation.im sends?

I mean, messages of my muc stay on my server or goes in other server where people opened their accounts?

leonard_pi, all MUC messages are broadcast to all participants

so yea, c.im will see all messages when someone is joined from there

standard disclaimer: unless e2e-encrypted

mjk: thank you. so, the same but reverse. I am trying to see on my server if I find messages of muc where I joined, like this one for example. i use metronome so under /var/metronome i only find files of my server (muc and everything) but nothing stored of other servers.

well, MUC messages aren't archived (by default, at least)

but they pass through, so they _can_ be logged or archived

but they pass s2s and if they are unencrypted the xmpp service operator can store them, correct?

yeah

some configuration or additional modules would be needed, can't help with beyond that :)

thank you very much. no i don't need it. I just want to know if it's possible. It's a big problem for me cause I can't accept on my muc trusted users that have registered their account on other servers.

It is a privat and crypred MUC, didn't you have to invite your members ?

It would be interesting if somebody analyzed XMPP/OMEMO from the same perspective https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients/ https://github.com/nebuchadnezzar-megolm/nebuchadnezzar-megolm.github.io/blob/main/index.md

I mean, what's to analyze? practically every omemo client employs blind trust by default, making omemo useless against active attacks 🚎️

*:trollface:

at least we attach an IV to each encrypted file link... ✏

> ernst.on.tour: > It is a privat and crypred MUC, didn't you have to invite your members ? I don't understand the question, sorry. Can you rewrite it? I tryed to do encrypted muc (with omemo active) but it's a mess. Not everyone has the omemo keys of everyone (someone may change device etc) and it becomes a mess pretty easly.

leonard_pi: > Not everyone has the omemo keys of everyone (someone may change device etc) and it becomes a mess pretty easly. Since 2018 servers intermediate the exchange so members don't need to be contacts before joining... Is the proper pubsub node in "open" mode? Which server software?

mjk: > I mean, what's to analyze? practically every omemo client employs blind trust by default But that's how the great silos are setup so that's good riiight? Riiiight??

> I mean, what's to analyze? practically every omemo client employs blind trust by default, making omemo useless against active attacks 🚎️ But at least OMEMO does pfs right, so an attacker could not decrypt old messages....

mjk,

> But that's how the great silos are setup so that's good riiight? Riiiight?? "right". at least in some of the great silos' cases, unencrypted is not even an option, while in xmpp users often have to turn it on *and on top of that* disable blind trust (if that's even an option)

j.r (jugendhacker.de), I didn't read the entire disclosure document; was there an attack against past messages in matrix?!

> Licaon_Kter: > leonard_pi: > Since 2018 servers intermediate the exchange so members don't need to be contacts before joining... Is the proper pubsub node in "open" mode? Which server software? Oh, maybe I can understand better with an example. Someone new join my muc while all other users are offline and he writes with OMEMO something then goes offline. When I came online later I see the decrypted message or I see it encrypted? If decrypted so I understand your sentence. Servers keeps all public keys of everyone so that users don't have to exchange the keys personally, right? But why all groups (like this one) has OMEMO off? I can't event write with OMEMO here. Maybe I am just using an old version of metronome. It's the 3.14.5

leonard_pi: this is a public channel See https://docs.modernxmpp.org/client/groupchat/ Users are anonymous, messages are not encrypted by design

> j.r (jugendhacker.de), I didn't read the entire disclosure document; was there an attack against past messages in matrix?! As far as I understood, yes, but reading it again from the matrix.org perspective, I'm not totally sure anymore...

But as far as I understand there was a bug, where an attacker could add an authenticated malicious device without the users knowledge, which in my understanding would mean they could now request old history from this device?

I don't really know how e2ee in matrix works, I'd assume this to be possible only if the server keeps a backup of old messages

like, a symmetrically-encrypted backup

leonard_pi: Do you know who i am ? You just see my nick *for this MUC* To do OMEMO your client need to know my key, but therefor he has to know my real jid not my nick. Anonymous MUC doesn't offer real JID

> only if the server keeps a backup of old messages No, the clients request it form older clients: > In order to maintain the ability to decrypt conversation history, inbound sessions should store a copy of their earliest known ratchet value See https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#advancing-the-ratchet

fwiw, anon MUCs _could_ mediate public key exchange, but they, hopefully, don't, by design

j.r (jugendhacker.de), ah, yes, c2c history transfer

mjk, not really history transfer, they AFAIK transfer the rachet/key material to a new client, for this client to replay the decription of the history, which IMHO defeats the porpose of using pfs in the first place.

leonard_pi: > Someone new join my muc while all other users are offline and he writes with OMEMO something then goes offline. > When I came online later I see the decrypted message or I see it encrypted? BTW, if you experienced issues with this scenario in practice, it could have been a client bug (on the new user's side) that causes it to encrypt only to online members. e.g. Gajim briefly had this issue.

j.r (jugendhacker.de), 😱️ (no sarcasm)

> mjk: > leonard_pi: > BTW, if you experienced issues with this scenario in practice, it could have been a client bug (on the new user's side) that causes it to encrypt only to online members. e.g. Gajim briefly had this issue. Thank you very much, I have to study more. Do you know the version of gajim that fixed this issue?

> Licaon_Kter: > leonard_pi: this is a public channel > See https://docs.modernxmpp.org/client/groupchat/ > Users are anonymous, messages are not encrypted by design You are right, thank you very much. I have to read and understand well everything.

leonard_pi, one of the very latest omemo plugin versions, iirc

> leonard_pi, one of the very latest omemo plugin versions, iirc but if other members of a private group using omemo still have the old version of gajim he other members still face the problem, don't they?

https://dev.gajim.org/gajim/gajim-plugins/-/commit/eb6243bb37d62eb0dadd87a68b6deeb7980139bd (2.8.16)

Albert, no, it was a sending issue

note that it was broken only since Gajim 1.5 ✏

1.5.0?

the commit message says just 1.5

but yeah. probably

I am using 1.4.7 and I cannot read the messages (sent when I was offline)of some users of a private group that uses omemo

as I mentioned, it's an issue on the sending side(s), so depends on their clients and versions

I see thanks

1.5.2 release notes have info on something like this

> 1.5.2 release notes have info on something like this This tag has no release notes.

https://dev.gajim.org/gajim/gajim/-/tags/1.5.2

could you share what you found?

gajim.org News?

Afaik this has been an issue before 1.5 as well.

(but it's fixed now)

leonard_pi I would like to recommend this note that targets Matrix, but some of the points may also apply to other similar systems https://bkil.gitlab.io/secuchart/#public_room_e2ee

ernst.on.tour: Couldn't the client generate a new key pair per room?

bkil: no, wait, wat?

I don't know the answer, was just some brainstorming.

bkil: keys are per device

A member may lose the ability to decode messages while all of their sessions are signed out (e.g., closing an incognito browser window) and until the encryption keys are not recovered manually following a new login (if they haven't forgot to set that up) is this point good for xmpp too?

Licaon_Kter: Yeah, I mean they could consider to write a XEP about generating a new key pair per room per device to enhance anonymity.

leonard_pi: if your web client does that, then yes... change your broken client

bkil: 👏 threat 👏 model 👏

Sure, I agree it would be much cheaper just to create a new account to join in on the OMEMO whistleblower MUC. 🤷

bkil: riiight

> wiuwiu admin is not responding > xmpp:sebastian@wiuwiu.de Sorry just realized this operator is not participating here atm. Has he ever? ✏

> leonard_pi: if your web client does that, then yes... change your broken client Can I disturb you one more time? I can't understand, I have now the latest version of gajim 1.5.2 and the OMEMO plugin 2.8.15 I did some tests and I can't read messages in muc encrypted when i'm offline.

leonard_pi, you need at least 2.8.16, and on the _sending_ side

but yeah, for future, better consult at xmpp:gajim@conference.gajim.org?join

> mjk: > leonard_pi, you need at least 2.8.16, and on the _sending_ side Thanks! 🙏

> bkil: > leonard_pi I would like to recommend this note that targets Matrix, but some of the points may also apply to other similar systems https://bkil.gitlab.io/secuchart/#public_room_e2ee I read your site, very interesting, thanks.