-
zcy
喵喵喵?
-
Ellenor Bjornsd.
en_GB?
-
leonard_pi
Hello! I have a noob question. I have a muc on my personal server and someone with an account registered on conversation.im server enter my muc. On conversation.im server the service operator can see all muc messages? or only messages that the user registered on conversation.im sends?
-
leonard_pi
I mean, messages of my muc stay on my server or goes in other server where people opened their accounts?
-
mjk
leonard_pi, all MUC messages are broadcast to all participants
-
mjk
so yea, c.im will see all messages when someone is joined from there
-
mjk
standard disclaimer: unless e2e-encrypted
-
leonard_pi
mjk: thank you. so, the same but reverse. I am trying to see on my server if I find messages of muc where I joined, like this one for example. i use metronome so under /var/metronome i only find files of my server (muc and everything) but nothing stored of other servers.
-
mjk
well, MUC messages aren't archived (by default, at least)
-
mjk
but they pass through, so they _can_ be logged or archived
-
leonard_pi
but they pass s2s and if they are unencrypted the xmpp service operator can store them, correct?
-
mjk
yeah
-
mjk
some configuration or additional modules would be needed, can't help with beyond that :)
-
leonard_pi
thank you very much. no i don't need it. I just want to know if it's possible. It's a big problem for me cause I can't accept on my muc trusted users that have registered their account on other servers.
-
ernst.on.tour
It is a privat and crypred MUC, didn't you have to invite your members ?
-
bkil
It would be interesting if somebody analyzed XMPP/OMEMO from the same perspective https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients/ https://github.com/nebuchadnezzar-megolm/nebuchadnezzar-megolm.github.io/blob/main/index.md
-
mjk
I mean, what's to analyze? practically every omemo client employs blind trust by default, making omemo useless against active attacks 🚎️
-
mjk
*:trollface:
-
mjk
at least we attach an IV to each encrypted file...✎ -
mjk
at least we attach an IV to each encrypted file link... ✏
-
leonard_pi
> ernst.on.tour: > It is a privat and crypred MUC, didn't you have to invite your members ? I don't understand the question, sorry. Can you rewrite it? I tryed to do encrypted muc (with omemo active) but it's a mess. Not everyone has the omemo keys of everyone (someone may change device etc) and it becomes a mess pretty easly.
-
Licaon_Kter
leonard_pi: > Not everyone has the omemo keys of everyone (someone may change device etc) and it becomes a mess pretty easly. Since 2018 servers intermediate the exchange so members don't need to be contacts before joining... Is the proper pubsub node in "open" mode? Which server software?
-
Licaon_Kter
mjk: > I mean, what's to analyze? practically every omemo client employs blind trust by default But that's how the great silos are setup so that's good riiight? Riiiight??
-
j.r (jugendhacker.de)
> I mean, what's to analyze? practically every omemo client employs blind trust by default, making omemo useless against active attacks 🚎️ But at least OMEMO does pfs right, so an attacker could not decrypt old messages....
-
j.r (jugendhacker.de)
mjk,
-
mjk
> But that's how the great silos are setup so that's good riiight? Riiiight?? "right". at least in some of the great silos' cases, unencrypted is not even an option, while in xmpp users often have to turn it on *and on top of that* disable blind trust (if that's even an option)
-
mjk
j.r (jugendhacker.de), I didn't read the entire disclosure document; was there an attack against past messages in matrix?!
-
leonard_pi
> Licaon_Kter: > leonard_pi: > Since 2018 servers intermediate the exchange so members don't need to be contacts before joining... Is the proper pubsub node in "open" mode? Which server software? Oh, maybe I can understand better with an example. Someone new join my muc while all other users are offline and he writes with OMEMO something then goes offline. When I came online later I see the decrypted message or I see it encrypted? If decrypted so I understand your sentence. Servers keeps all public keys of everyone so that users don't have to exchange the keys personally, right? But why all groups (like this one) has OMEMO off? I can't event write with OMEMO here. Maybe I am just using an old version of metronome. It's the 3.14.5
-
Licaon_Kter
leonard_pi: this is a public channel See https://docs.modernxmpp.org/client/groupchat/ Users are anonymous, messages are not encrypted by design
-
j.r (jugendhacker.de)
> j.r (jugendhacker.de), I didn't read the entire disclosure document; was there an attack against past messages in matrix?! As far as I understood, yes, but reading it again from the matrix.org perspective, I'm not totally sure anymore...
-
j.r (jugendhacker.de)
But as far as I understand there was a bug, where an attacker could add an authenticated malicious device without the users knowledge, which in my understanding would mean they could now request old history from this device?
-
mjk
I don't really know how e2ee in matrix works, I'd assume this to be possible only if the server keeps a backup of old messages
-
mjk
like, a symmetrically-encrypted backup
-
ernst.on.tour
leonard_pi: Do you know who i am ? You just see my nick *for this MUC* To do OMEMO your client need to know my key, but therefor he has to know my real jid not my nick. Anonymous MUC doesn't offer real JID
-
j.r (jugendhacker.de)
> only if the server keeps a backup of old messages No, the clients request it form older clients: > In order to maintain the ability to decrypt conversation history, inbound sessions should store a copy of their earliest known ratchet value See https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#advancing-the-ratchet
-
mjk
fwiw, anon MUCs _could_ mediate public key exchange, but they, hopefully, don't, by design
-
mjk
j.r (jugendhacker.de), ah, yes, c2c history transfer
-
j.r (jugendhacker.de)
mjk, not really history transfer, they AFAIK transfer the rachet/key material to a new client, for this client to replay the decription of the history, which IMHO defeats the porpose of using pfs in the first place.
-
mjk
leonard_pi: > Someone new join my muc while all other users are offline and he writes with OMEMO something then goes offline. > When I came online later I see the decrypted message or I see it encrypted? BTW, if you experienced issues with this scenario in practice, it could have been a client bug (on the new user's side) that causes it to encrypt only to online members. e.g. Gajim briefly had this issue.
-
mjk
j.r (jugendhacker.de), 😱️ (no sarcasm)
-
leonard_pi
> mjk: > leonard_pi: > BTW, if you experienced issues with this scenario in practice, it could have been a client bug (on the new user's side) that causes it to encrypt only to online members. e.g. Gajim briefly had this issue. Thank you very much, I have to study more. Do you know the version of gajim that fixed this issue?
-
leonard_pi
> Licaon_Kter: > leonard_pi: this is a public channel > See https://docs.modernxmpp.org/client/groupchat/ > Users are anonymous, messages are not encrypted by design You are right, thank you very much. I have to read and understand well everything.
-
mjk
leonard_pi, one of the very latest omemo plugin versions, iirc
-
Albert
> leonard_pi, one of the very latest omemo plugin versions, iirc but if other members of a private group using omemo still have the old version of gajim he other members still face the problem, don't they?
-
mjk
https://dev.gajim.org/gajim/gajim-plugins/-/commit/eb6243bb37d62eb0dadd87a68b6deeb7980139bd (2.8.16)
-
mjk
Albert, no, it was a sending issue
-
mjk
note that it was broken only since Gajim .5✎ -
mjk
note that it was broken only since Gajim 1.5 ✏
-
Albert
1.5.0?
-
mjk
the commit message says just 1.5
-
mjk
but yeah. probably
-
Albert
I am using 1.4.7 and I cannot read the messages (sent when I was offline)of some users of a private group that uses omemo
-
mjk
as I mentioned, it's an issue on the sending side(s), so depends on their clients and versions
-
Albert
I see thanks
-
Licaon_Kter
1.5.2 release notes have info on something like this
-
Albert
> 1.5.2 release notes have info on something like this This tag has no release notes.
-
Albert
https://dev.gajim.org/gajim/gajim/-/tags/1.5.2
-
Albert
could you share what you found?
-
Licaon_Kter
gajim.org News?
-
wurstsalat
Afaik this has been an issue before 1.5 as well.
-
wurstsalat
(but it's fixed now)
-
kikuchiyo
Is wiuwiu's TOR service down ? qawb5xl3mxiixobjsw2d45dffngyyacp4yd3wjpmhdrazwvt4ytxvayd.onion wiuwiu admin is not responding xmpp:sebastian@wiuwiu.de✎ -
bkil
leonard_pi I would like to recommend this note that targets Matrix, but some of the points may also apply to other similar systems https://bkil.gitlab.io/secuchart/#public_room_e2ee
-
bkil
ernst.on.tour: Couldn't the client generate a new key pair per room?
-
Licaon_Kter
bkil: no, wait, wat?
-
bkil
I don't know the answer, was just some brainstorming.
-
Licaon_Kter
bkil: keys are per device
-
leonard_pi
A member may lose the ability to decode messages while all of their sessions are signed out (e.g., closing an incognito browser window) and until the encryption keys are not recovered manually following a new login (if they haven't forgot to set that up) is this point good for xmpp too?
-
bkil
Licaon_Kter: Yeah, I mean they could consider to write a XEP about generating a new key pair per room per device to enhance anonymity.
-
Licaon_Kter
leonard_pi: if your web client does that, then yes... change your broken client
-
Licaon_Kter
bkil: 👏 threat 👏 model 👏
-
bkil
Sure, I agree it would be much cheaper just to create a new account to join in on the OMEMO whistleblower MUC. 🤷
-
Licaon_Kter
bkil: riiight
-
kikuchiyo
> wiuwiu admin is not responding > xmpp:sebastian@wiuwiu.de Sorry just realized this operator is not participating here atm. Has he ever? ✏
-
leonard_pi
> leonard_pi: if your web client does that, then yes... change your broken client Can I disturb you one more time? I can't understand, I have now the latest version of gajim 1.5.2 and the OMEMO plugin 2.8.15 I did some tests and I can't read messages in muc encrypted when i'm offline.
-
mjk
leonard_pi, you need at least 2.8.16, and on the _sending_ side
-
mjk
but yeah, for future, better consult at xmpp:gajim@conference.gajim.org?join
-
leonard_pi
> mjk: > leonard_pi, you need at least 2.8.16, and on the _sending_ side Thanks! 🙏
-
leonard_pi
> bkil: > leonard_pi I would like to recommend this note that targets Matrix, but some of the points may also apply to other similar systems https://bkil.gitlab.io/secuchart/#public_room_e2ee I read your site, very interesting, thanks.