XSF Discussion - 2018-03-27

  1. efrit has left
  2. Kev has left
  3. Tobias has joined
  4. alexis has left
  5. alexis has joined
  6. Dave Cridland has left
  7. Tobias has joined
  8. lumi has joined
  9. sezuan has left
  10. alexis has left
  11. alexis has joined
  12. Guus has left
  13. alexis has left
  14. alexis has joined
  15. alexis has left
  16. alexis has joined
  17. Zash has left
  18. alexis has joined
  19. la|r|ma has joined
  20. lskdjf has joined
  21. Tobias has joined
  22. alexis has joined
  23. alexis has left
  24. alexis has joined
  25. alexis has left
  26. alexis has joined
  27. Lance has left
  28. alexis has left
  29. alexis has joined
  30. Tobias has left
  31. ralphm has joined
  32. Guus has joined
  33. waqas has joined
  34. ralphm has left
  35. ralphm has joined
  36. Lance has joined
  37. ralphm has left
  38. ralphm has joined
  39. Guus has left
  40. Guus has left
  41. Tobias has joined
  42. Zash has joined
  43. Zash has left
  44. Zash has joined
  45. Zash has left
  46. Zash has joined
  47. Zash has left
  48. alexis has joined
  49. Lance has left
  50. Zash has joined
  51. alexis has left
  52. alexis has joined
  53. Tobias has joined
  54. alexis has joined
  55. moparisthebest has joined
  56. alexis has left
  57. alexis has joined
  58. Guus has joined
  59. Dave Cridland has left
  60. alexis has left
  61. alexis has joined
  62. Guus has left
  63. Guus has left
  64. Lance has joined
  65. alexis has left
  66. alexis has joined
  67. tux has joined
  68. Tobias has joined
  69. rion has joined
  70. @Alacer has joined
  71. @Alacer has left
  72. daniel has left
  73. @Alacer has joined
  74. jere has joined
  75. jere has joined
  76. alexis has left
  77. alexis has joined
  78. @Alacer has left
  79. alexis has left
  80. alexis has joined
  81. Tobias has joined
  82. alexis has joined
  83. rion has left
  84. rion has joined
  85. alexis has left
  86. alexis has joined
  87. daniel has left
  88. moparisthebest has left
  89. rion has left
  90. alexis has left
  91. alexis has joined
  92. daniel has left
  93. SamWhited has joined
  94. alexis has left
  95. alexis has joined
  96. daniel has left
  97. Guus has joined
  98. Tobias has joined
  99. Tobias has left
  100. moparisthebest I haven't read exactly but last I had heard that was out
  101. Guus has left
  102. Guus has left
  103. jere has left
  104. jere has joined
  105. jere has left
  106. matlag has left
  107. ibikk has joined
  108. moparisthebest has left
  109. jere has joined
  110. matlag has joined
  111. Tobias has joined
  112. lskdjf has joined
  113. jere has left
  114. ta has joined
  115. j.r has joined
  116. j.r has joined
  117. j.r has left
  118. j.r has joined
  119. alexis has left
  120. alexis has joined
  121. jere has joined
  122. mimi89999 has left
  123. mimi89999 has left
  124. Tobias has joined
  125. mimi89999 has joined
  126. alexis has left
  127. alexis has joined
  128. jere has left
  129. jere has joined
  130. Lance has left
  131. Neustradamus has joined
  132. j.r has joined
  133. goffi has joined
  134. jonasw has joined
  135. Tobias has joined
  136. Nekit has left
  137. jere has joined
  138. matlag has left
  139. Guus has joined
  140. Guus has left
  141. j.r has joined
  142. Guus has left
  143. Guus has left
  144. tim@boese-ban.de has joined
  145. lskdjf has joined
  146. SamWhited has left
  147. Tobias has joined
  148. Andrew Nenakhov has left
  149. Andrew Nenakhov has joined
  150. la|r|ma has joined
  151. Andrew Nenakhov has left
  152. Andrew Nenakhov has joined
  153. moparisthebest has joined
  154. Seve/SouL has joined
  155. j.r has joined
  156. daniel has left
  157. daniel has joined
  158. moparisthebest has joined
  159. ralphm has left
  160. ralphm has joined
  161. Guus has left
  162. mimi89999 has joined
  163. moparisthebest has joined
  164. alexis has left
  165. alexis has joined
  166. daniel has left
  167. Zash has left
  168. Guus has left
  169. alexis has left
  170. alexis has joined
  171. Williams W has joined
  172. Guus has left
  173. daniel has joined
  174. Williams W has left
  175. Williams W has joined
  176. Yagiza has joined
  177. Williams W has left
  178. Williams W has joined
  179. Williams W has left
  180. Williams W has joined
  181. Williams W has left
  182. Williams W has joined
  183. Williams W has left
  184. Williams W has joined
  185. Tobias has joined
  186. Williams W ?
  187. Williams W hello
  188. Williams W has left
  189. Williams W has joined
  190. Williams W has left
  191. Williams W has joined
  192. Williams W has left
  193. Williams W has joined
  194. Williams W ?
  195. Williams W ?
  196. Guus has left
  197. la|r|ma has joined
  198. Yagiza has left
  199. lskdjf has joined
  200. flow Williams W, hi
  201. Williams W has left
  202. Williams W has joined
  203. Williams W ?
  204. Williams W has left
  205. Andrew Nenakhov has left
  206. Williams W has joined
  207. jubalh has joined
  208. alexis has left
  209. Williams W has left
  210. Guus has left
  211. alexis has joined
  212. Yagiza has joined
  213. daniel has left
  214. Guus has left
  215. alexis has left
  216. alexis has joined
  217. Valerian has joined
  218. alexis has left
  219. Andrew Nenakhov has joined
  220. alexis has joined
  221. moparisthebest has joined
  222. moparisthebest has joined
  223. xnyhps has joined
  224. Valerian has left
  225. Valerian has joined
  226. alexis has left
  227. alexis has joined
  228. jubalh has left
  229. rion has joined
  230. alexis has left
  231. alexis has joined
  232. Tobias has joined
  233. Steve Kille has left
  234. daniel has joined
  235. Steve Kille has left
  236. ThibG has left
  237. ThibG has joined
  238. Steve Kille has joined
  239. Maranda has joined
  240. winfried has joined
  241. winfried has joined
  242. Valerian has left
  243. Valerian has joined
  244. Maranda has joined
  245. Yagiza has left
  246. Valerian has left
  247. Dave Cridland has left
  248. Dave Cridland has left
  249. Dave Cridland has joined
  250. vanitasvitae has left
  251. Yagiza has joined
  252. vanitasvitae has joined
  253. vanitasvitae has left
  254. Williams W has joined
  255. vanitasvitae has joined
  256. Williams W has left
  257. SaltyBones has left
  258. Williams W has joined
  259. Williams W has left
  260. Williams W has joined
  261. Williams W has left
  262. Valerian has joined
  263. Williams W has joined
  264. Williams W has left
  265. daniel has left
  266. daniel has joined
  267. Guus has left
  268. alexis has left
  269. alexis has joined
  270. alexis has left
  271. alexis has joined
  272. jubalh has joined
  273. nyco has left
  274. Yagiza has left
  275. Williams W has joined
  276. Williams W has left
  277. alexis has joined
  278. Dave Cridland has left
  279. Guus has left
  280. Yagiza has joined
  281. alexis has left
  282. alexis has joined
  283. Zash has left
  284. Alex has joined
  285. jubalh has left
  286. jubalh has joined
  287. jubalh has left
  288. moparisthebest has joined
  289. moparisthebest has joined
  290. alexis has left
  291. alexis has joined
  292. xnyhps has joined
  293. Zash has left
  294. Alex has left
  295. Alex has joined
  296. SaltyBones has left
  297. Dave Cridland has left
  298. marmistrz has joined
  299. ThibG has left
  300. ThibG has joined
  301. Dave Cridland has left
  302. Dave Cridland has left
  303. Guus has left
  304. Dave Cridland has left
  305. Dave Cridland has left
  306. Dave Cridland has left
  307. Dave Cridland has joined
  308. Dave Cridland has left
  309. Dave Cridland has joined
  310. Dave Cridland has left
  311. Dave Cridland has left
  312. Dave Cridland has left
  313. marmistrz has joined
  314. Dave Cridland has left
  315. waqas has left
  316. Dave Cridland has left
  317. Dave Cridland has left
  318. Dave Cridland has left
  319. Dave Cridland has joined
  320. Dave Cridland has left
  321. Dave Cridland has left
  322. Dave Cridland has joined
  323. Dave Cridland has left
  324. Dave Cridland has joined
  325. Dave Cridland has left
  326. Dave Cridland has joined
  327. Dave Cridland has left
  328. Dave Cridland has left
  329. xnyhps has joined
  330. Dave Cridland has left
  331. moparisthebest has joined
  332. sezuan has left
  333. moparisthebest has joined
  334. SaltyBones has left
  335. Dave Cridland has left
  336. vanitasvitae has left
  337. Guus has left
  338. Guus has left
  339. goffi has left
  340. Guus has left
  341. Guus has left
  342. goffi has joined
  343. Guus has left
  344. Guus has left
  345. Guus has left
  346. Guus has left
  347. Guus has left
  348. vanitasvitae has left
  349. Dave Cridland has left
  350. Dave Cridland has left
  351. Dave Cridland has joined
  352. jubalh has joined
  353. cookie has joined
  354. pep. GDPR thing in 10min
  355. winfried (y)
  356. jubalh has left
  357. Ge0rG winfried: do you happen to be using an old Gajim version?
  358. jonasw .
  359. Williams W has joined
  360. winfried Ge0rG: nope, Psi+
  361. jonasw can we discuss the time frame for this meeting real quick?
  362. winfried because of my (y)
  363. jonasw I allocated an hour, would be happy with less too, more would be an issue.
  364. Ge0rG yeah, we should attemt to get through this quickly, I'm 2hr over the time budget already.
  365. winfried good, I will aim for a close at 13:15 at max
  366. winfried (CEST)
  367. Williams W ```
  368. Dave Cridland has left
  369. Williams W 我想知道一个问题,tor加密下这样的对话被破解的几率有没有%0.1?
  370. julius has joined
  371. winfried pep.: are you there?
  372. jonasw .
  373. pep. !
  374. winfried nice aditions from peter btw
  375. jonasw yeah
  376. winfried I will try to setup a wiki page today
  377. winfried (beside my other work)
  378. pep. I'll continue with the minutes
  379. jonasw pep., will you be taking minutes again? :)
  380. jonasw thanks :)
  381. winfried great!
  382. Nekit has joined
  383. winfried think it is best to discuss federation right away now
  384. jonasw ok
  385. pep. Q1) 1. What consequences does the GDPR has for the Jabber network? 2. .. Jabber server operators? 3. .. what can/should do the XSF with that? Q2) What consequences does the GDPR has for the XSF running Jabber server? Q3) What consequences does the GDPR has for the work processes of the XSF itself (membership, voting, wiki etc)?
  386. Ge0rG I think we didn't cover d-f of Q1.1 yet?
  387. pep. d-f?
  388. Ge0rG pep.: from yesterday's list of aspects
  389. Dave Cridland has left
  390. Kev I'd suggest (and I don't really want to get involved in this) that Q2 and Q3 are much more urgently important for the XSF than Q1.
  391. pep. Both of them depend on Q1
  392. pep. Well, Q2 at lesat
  393. winfried yep
  394. pep. Well, Q2 at least
  395. goffi has left
  396. winfried Ge0rG: what is on your list about Q1.1?
  397. Ge0rG a is it in the GDPR jurisdiction, what data is b what data is processed c what processing is done d what ground does the processing have e possible consequences
  398. Ge0rG Maybe there was no f.
  399. pep. no f
  400. jonasw no f
  401. winfried we didn't fully cover grounds for c2s, true
  402. Ge0rG I'd like to cover the grounds before moving on with the other Qs
  403. winfried Ge0rG: good
  404. Ge0rG the potential consequences are vague at best anyway.
  405. Ge0rG vaguely scary.
  406. winfried Ge0rG: Yes, it is the GDPR ;-)
  407. Ge0rG I'd argue that if the user sends content via our server, they are giving implicit consent for us to process it.
  408. jonasw Ge0rG, I’m so sure this is false.
  409. jonasw the user could expect e.g. the server to forward it, but not to store it in MAM
  410. Ge0rG jonasw: I'd argue that either Art 6 §1 or §2 apply.
  411. jonasw or store it for less time
  412. moparisthebest has joined
  413. Ge0rG no, way. §1 a or b.
  414. jonasw consent needs to be explicit
  415. jonasw (b) may very well apply
  416. winfried I would vote for 6.1b
  417. jonasw but that is overridden by 9.1
  418. jonasw and after Peters comments I think that 9.1 very much applies to messages.
  419. Ge0rG jonasw: I'm not sure about that.
  420. Ge0rG maybe this is actually something to ask a lawyer about
  421. jonasw okay, so maybe let’s write that down as something somebody should definitely consult a lawyer on.
  422. jonasw ha
  423. pep. hmm, I don't see how 9.1 fits in that. I'll add a TODO
  424. Ge0rG LQ1: does 9.1 automatically apply to all (not e2ee encrypted) user-sent content, or only if we are analyzing it for profiling/other purposes?
  425. jonasw pep., in my mind, most of the GDPR handles general personal data, and 9.1 adds overrides for a certain type of personal data and prohibits all use except that outlined in 9.2
  426. winfried look at 9.2e...
  427. jonasw winfried, I’d argue that sending a message to another user is "not making it public"
  428. winfried hmmm, but the xmpp server(operator) is third party...
  429. jonasw winfried, I’d argue that sending a message to another user is not "making it public"
  430. winfried pep., can you note this as subject for further consulting?
  431. pep. hmm, let me see if I get this
  432. pep. what is "this" in your sentence
  433. jonasw LQ1?
  434. pep. Ah, yes it's aded already
  435. pep. Ah, yes it's added already
  436. Ge0rG jonasw: lawyer-question
  437. pep. This is for Q1.1.a then?
  438. jonasw Ge0rG, I am aware.
  439. jonasw Ge0rG, I made a suggestion for what winfried might be talking about :)
  440. pep. :)
  441. Ge0rG jonasw: ah, that wasn't clear to me. sorry
  442. pep. Next?
  443. winfried Ok: art 6.1 is explicit permission, art 6.2 is implicit permission. Article 9.1 overrides article 6 and sets its grounds in article 9.2. So if the messages are of the categories in 9.1, then we must go for explicit permission from 9.2a, otherwise we can do 6.2
  444. Ge0rG we need to cover d) for all data types
  445. winfried Ge0rG: exact
  446. Ge0rG server logs are the easiest thing.
  447. Ge0rG we have those under R49
  448. winfried so the question for a lawyer is: are message bodies 9.1 or not?
  449. jonasw winfried, yes.
  450. winfried Ge0rG: yes, agree with logs
  451. Ge0rG if we consider the usage of an XMPP server as a contract between the user and the server operator = controller, 6.1b should apply to most things
  452. Alex has left
  453. jonasw ... except that it should be clearly stated what happens, right?
  454. Ge0rG credentials are required, IP addresses might be argued under R49, timestamps / presence timestamps are complicated.
  455. jonasw presence timestamps shouldn’t be 9.1 at least
  456. Ge0rG presence timestamps are probably covered by user's consent when they accept a subscription
  457. jonasw I have the feeling you’re lax with consent.
  458. Alex has joined
  459. jonasw maybe it’s just me, but I think consent can’t be established without the user being informed. so unless we inform the user actively what "add a contact" means regarding metadata, we can’t talk about consent here.
  460. pep. I also feel that needs to be specified in EULA of some sort
  461. Ge0rG jonasw: > any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
  462. pep. Ge0rG, that means they understand the protocol though, right?
  463. jonasw > informed
  464. Ge0rG So XMPP clients need to show a warning in the add-contact dialog, that metadata will be published to their new contact?
  465. Dave Cridland has left
  466. jonasw possibly
  467. winfried Isn't that for permission according to 6.1?
  468. pep. I would say this needs to be specified when signing in for an account instead?
  469. jonasw pep., that would work too
  470. jonasw probably better
  471. jonasw because this takes the load off clients
  472. pep. yes
  473. jonasw (aside from that they need to support the EULA XEPρ
  474. jonasw (aside from that they need to support the EULA XEP)
  475. pep. yes, that still needs figuring out
  476. winfried I think 13.1 applies here
  477. Ge0rG winfried: is 13.1 in addition to asking for consent?
  478. nyco has left
  479. Ge0rG or is it possible to have a published data collection policy and assume implicit consent from users?
  480. jonasw 13.1 feels weird
  481. winfried the last
  482. Dave Cridland has left
  483. Valerian has left
  484. Valerian has joined
  485. pep. Ge0rG, [x] I have read the conditions and agree
  486. jonasw I think i need an epub of that thing and read it on the trains
  487. winfried btw: all of 13 is applicable
  488. winfried 13.4 is also interesting ;-)
  489. Valerian has left
  490. jonasw winfried, right
  491. pep. So that means EULA should do
  492. jonasw I think sot oo
  493. winfried IF we can do it under 6.2
  494. Ge0rG I'd argue that we don't need explicit consent for 6.2, and if we ask for explicit consent, we can tell the user not to upload 9.1 relevant data ;)
  495. jonasw Ge0rG, "so, hey, we’ve got an IM system here. but don’t use it for private communications."
  496. Ge0rG jonasw: yes
  497. jonasw great…
  498. Ge0rG jonasw: this is clearly legalese blame shifting.
  499. pep. Ge0rG, I feel 9.1 applies only if we do more than storage on the data, but yeah that's LQ1, we'll see
  500. jonasw Ge0rG, but if we ask for consent, why not ask for consent for 9.1 data, too?
  501. jonasw pep., storage IS processing
  502. pep. I know
  503. winfried I would say: if we go for consent, we should go for consent as in 9.2, so 9.1 is covered
  504. pep. That's why I specified
  505. Dave Cridland has left
  506. jonasw winfried, +1
  507. pep. Ah, hmm
  508. Dave Cridland has left
  509. Dave Cridland has joined
  510. pep. Ok so 9.1 is meh, and we should probably cover ourselves, ask for consent as well
  511. jonasw yes
  512. jonasw but also the risk things Peter mentioned
  513. Dave Cridland has left
  514. Dave Cridland has joined
  515. pep. let me read that, one sec
  516. jonasw specifically: > It could be argued that storing very sensitive personal information, albeit for a short time, unencrypted, visible to anyone with access to the backend server (and perhaps more), does not constitute proportional data protection measure, knowing how sensitive the information can be in some cases. It could therefore also be argued, that the processing “reveals” this information to unauthorized persons, by the way it is implemented. It could therefore be argued, that such processing is contrary to what is required by article 9.
  517. Dave Cridland has left
  518. Dave Cridland has joined
  519. jonasw his suggestions boil down to exactly what Ge0rG said
  520. winfried jonasw: yes, but at how many servers is it easy for the operator to read MAM archives or view their rosters and bookmarks?
  521. jonasw winfried, ssh myserver; cat /var/log/prosody/archive/**/*
  522. Dave Cridland has left
  523. Dave Cridland has joined
  524. jonasw winfried, ssh myserver; cat /var/lib/prosody/archive/**/*
  525. alexis has left
  526. Kev winfried: All, I'd assume.
  527. jonasw similarly for bookmarks and roster
  528. jonasw it’s trivial
  529. pep. Also, in any case, the hosting provider will have access to the data
  530. alexis has joined
  531. jonasw yes, but that surely is covered somehow.
  532. jonasw probably something about "processor"
  533. Ge0rG We need to do encryption!11
  534. jonasw Ge0rG, yes, that seems to be the safest course of action
  535. winfried jonasw: yes, controller / processor thing
  536. jonasw e2ee everywhere
  537. Dave Cridland has left
  538. pep. Ge0rG, even with full-drive encryption, as long as the provider has access to the virtualization software..
  539. jonasw pep., yes.
  540. winfried You can do technical protection and legal protection
  541. Ge0rG pep.: yes, but the checkmark is crossed.
  542. pep. hmm, I want to believe you
  543. Ge0rG Regulatory Compliance is a complicated thing.
  544. Dave Cridland has left
  545. jonasw i wanna burn something now
  546. winfried jonasw: my 320p bible on the GDPR?
  547. Ge0rG okay, we are not moving forward.
  548. pep. Ok so, where are we for d) ?
  549. pep. With this big passage about 9.1 and consent
  550. winfried we have LQ1
  551. Ge0rG pep.: somewhere between 6.1a, 6.1b and 9.2
  552. winfried and the question of privacy by design of storage at the server
  553. Ge0rG I'll ask my local GDPR expert as well, and maybe Peter can shed some light as well
  554. Ge0rG winfried: that's a technical question though.
  555. pep. Ge0rG, 9.2a specifically?
  556. Ge0rG pep.: "explicit consent"
  557. pep. yes
  558. winfried Ge0rG: but it may be a consequence that technical measure need to be taken :-(
  559. jonasw I’m pretty sure that we’ll need to take technical measures.
  560. Ge0rG we need to take technical measures anyway.
  561. Ge0rG even for 6.1a/b
  562. winfried Ge0rG: depending on the risk assesment, but looking at ubbers practices, yes...
  563. Ge0rG winfried: the exact amount of technical measures is subject to discussion.
  564. winfried Ge0rG: yes
  565. Ge0rG winfried: I think we can't cover that here.
  566. Ge0rG So I suggest we skip over "consequences" and follow to the next questions
  567. Ge0rG Or maybe we look at federation now
  568. winfried Ge0rG: not here, not now.
  569. winfried Ge0rG: we have got 20 minutes left, and need some time for discussing next steps/next appointments
  570. winfried so, lets say 10 minutes federation?
  571. alexis has left
  572. Ge0rG winfried: +1
  573. alexis has joined
  574. Ge0rG we need to differentiate whether the other server is under GDPR as well or not.
  575. jonasw has left
  576. winfried Ge0rG: yes and wether the server is making secondary use of the data or not
  577. pep. I'm sure it is, but how
  578. Ge0rG By sending a message to somebody, a user clearly wants us to deliver that message to somebody.
  579. jonasw I somehow managed to kill my poezio
  580. jonasw Ge0rG, aren’t all servers under GPDR potentially?
  581. pep. jonasw, I'm sure I can do that blindfolded
  582. jonasw Ge0rG, because they might receive data from entities from the EU
  583. jonasw 9.1 data even (if messages fall in that category)
  584. Dave Cridland has left
  585. Ge0rG So when we are the sending server, we just follow what the user asked for and we don't need to ensure the receiving server is GDPR compliant.
  586. Ge0rG jonasw: they can block federation with the EU ;)
  587. Ge0rG my point is: our user gave us that message with the explicit request to deliver it to some other entity.
  588. Ge0rG that's what we do (plus local archive storage), and that's where our responsibility ends
  589. pep. Ge0rG, delivery is a thing, processing on the other side is another. Maybe we should look into transfer regulations?
  590. jonasw Ge0rG, but does the user also consent to have their message stored by the other entity?
  591. lumi has joined
  592. winfried I think the line of reasoning is:
  593. winfried - transfer to an other controller is one possible processings to
  594. winfried - it can be covered by the same concent as the other processings (LQ1)
  595. Ge0rG jonasw: I think that the receiving user giving consent is sufficient.
  596. jonasw Ge0rG, I’d like to have that settled properly, though
  597. winfried - EXCEPT when the other server is making secondary use of the data (then at least 6.2 can't apply anymore)
  598. Ge0rG jonasw: the sender indicated that they want the message delivered
  599. jonasw Ge0rG, given that sharing phone contact info wiht WA is illegal in DE, I imagine that things might be worse with 9.1 data being stored without "proportional means of protection"
  600. Dave Cridland has left
  601. winfried jonasw: yes, that is the other issue: jurisdiction
  602. jonasw Ge0rG, in the WA case, the victim gave their phone number to the offender, which forwarded it to WA.
  603. jonasw I think this is a very similar case.
  604. jonasw but with more sensitive data
  605. jonasw but IANAL
  606. Ge0rG jonasw: I don't think it's the same.
  607. jonasw why not?
  608. pep. I think we need LQ2 here
  609. Dave Cridland has left
  610. Ge0rG jonasw: in this case, the victim sends the content to the offender via the evil server.
  611. Ge0rG I wonder how SMS/MMS processing is legally protected
  612. jonasw Ge0rG, I had the same thought.
  613. jonasw but probably that’s not an issue because they don’t store data for that long
  614. jonasw only as long as needed to deliver
  615. winfried Ge0rG:SMS/MMS seperate telecom laws
  616. jonasw which is reasonable or something
  617. pep. jonasw, sure but then processing is done on the other side
  618. jonasw Ge0rG, email would be more interesting
  619. Ge0rG winfried: how are we different from them? ;)
  620. alexis has left
  621. Ge0rG okay, I don't want to be required to do LE
  622. alexis has joined
  623. pep. I agree with Ge0rG it's pretty similar
  624. Ge0rG email is surely very similar, but I can't find any info on email GDPR short of email marketing
  625. pep. Can we try and ask big providers see how they deal with it
  626. Dave Cridland has left
  627. jonasw could probably read googles new privacy policy?
  628. pep. Anybody knows one somewhat open to questions/collaboration?
  629. pep. Right
  630. winfried I feel we need to structure this part of the discussen better next time... but don't know how yet
  631. pep. Basically lots of thing here will rely on user consent
  632. pep. But to what extent can we use it we don't seem to agree
  633. pep. Or who needs to ask for it
  634. winfried but LQ2 may be: can (implicit) consent also apply to transfer to other controller by addres
  635. andy has joined
  636. winfried (needs a bit better formulation)
  637. Ge0rG I think that we can apply 6.1f ("processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party") for federation
  638. pep. winfried, what do you mean with "by address"?
  639. Ge0rG the third party is the remote user, and their interest is to be able to communicate
  640. edhelas https://www.theregister.co.uk/2018/03/27/open_source_takes_on_facebook/
  641. Ge0rG that should cover storage and delivery, but not profiling
  642. winfried when using @other.domain (xmpp & e-mail)
  643. jonasw Ge0rG, maybe chapter 5 applies?
  644. Nekit has joined
  645. winfried Ge0rG: no, I think that article is meant for other cases
  646. jonasw in the end, the other service is a "third party"
  647. Dave Cridland has left
  648. andy has left
  649. winfried Chapter 5 applies, and that is also ..... lets say, interesting
  650. pep. Where is chapter 5 again?
  651. pep. Ah
  652. pep. got it
  653. winfried art 44-50
  654. jonasw pep., you might want to bookmark this: https://gdpr-info.eu
  655. pep. Yes I think that falls under this
  656. pep. jonasw, yeah I have it opened
  657. pep. So I propose we all study chapter 5 for next time? :P
  658. pep. And we can sum up here
  659. pep. 5min to go
  660. winfried pep.: +1 ;-)
  661. jonasw from a quick glimpse, it’s not directly applicable to federation between two entities within GDPR jurisdiction
  662. jonasw but yeah
  663. winfried jonasw: yes, but federation is not limited to GDPR jurisdiction....
  664. Dave Cridland has left
  665. jonasw so for next, I won’t be available until thursday next week (5th of April) aside from best-effort
  666. pep. Date of next?
  667. alexis has left
  668. alexis has joined
  669. ThibG has joined
  670. jonasw I suggest that we select a few dates from that thursday to the following monday and post them to the list
  671. jonasw maybe Peter can join at one of them
  672. jonasw does anyone know his timezone?
  673. winfried jonasw: +1
  674. Dave Cridland has left
  675. Ge0rG https://www.gdpreu.org/the-regulation/key-concepts/legitimate-interest/ is interesting here, scroll down to "Recital 47"
  676. pep. jonasw, no idea about his tz
  677. pep. jonasw, let's say date of next: 5th April, 12:15CEST, and also ask on the ML
  678. jonasw I can’t make that specific time on that thursday
  679. jonasw at least I can’t guarantee that
  680. jonasw 13:00CEST would probably work
  681. pep. works for me
  682. jonasw but if we assume that peter is more US based, later might be better
  683. jonasw but yeah
  684. Dave Cridland has left
  685. jonasw probably best to post that as a suggestion to the list and ask for suggestions if anyone wants to join
  686. pep. I would say decide of a date now, that we can move if we all agree. In the meantime we have a date.
  687. winfried on the 5th I have a meeting from 12:15 to 13:15 with appr. 1,5 hour offline time before and after
  688. pep. is Apr. 6th ok then?
  689. jonasw I can probably make 13:15 on apr. 6th
  690. winfried jonasw: #meetoo
  691. pep. Ok for me
  692. jonasw danger
  693. jonasw Ge0rG, ^
  694. Ge0rG I have no other appointments on 5th/6th, so whatever works
  695. pep. Ok, Apr. 6th 13:15CEST
  696. pep. *bang*
  697. jonasw \o/
  698. jonasw saved
  699. winfried thanks again guys!
  700. Williams W has left
  701. Dave Cridland has left
  702. alexis has left
  703. alexis has joined
  704. Dave Cridland has left
  705. Dave Cridland has left
  706. Williams W has joined
  707. Dave Cridland has left
  708. Dave Cridland has left
  709. Williams W has left
  710. Dave Cridland has left
  711. Valerian has joined
  712. Williams W has joined
  713. Williams W has left
  714. Dave Cridland has left
  715. Guus has left
  716. alexis has left
  717. alexis has joined
  718. blabla has left
  719. Dave Cridland has left
  720. alexis has joined
  721. Dave Cridland has left
  722. Dave Cridland has left
  723. la|r|ma has joined
  724. LNJ has joined
  725. Dave Cridland has left
  726. la|r|ma has joined
  727. la|r|ma has joined
  728. Dave Cridland has left
  729. Dave Cridland has left
  730. Guus has left
  731. Guus has left
  732. Dave Cridland has left
  733. Dave Cridland has left
  734. Kev has left
  735. Dave Cridland has left
  736. nyco has left
  737. Dave Cridland has left
  738. Dave Cridland has left
  739. Dave Cridland has left
  740. xnyhps has joined
  741. Dave Cridland has left
  742. Dave Cridland has left
  743. vanitasvitae has joined
  744. Dave Cridland has left
  745. Dave Cridland has left
  746. Dave Cridland has left
  747. Neustradamus has left
  748. Neustradamus has joined
  749. alexis has left
  750. alexis has joined
  751. jere has joined
  752. blabla has left
  753. Dave Cridland has left
  754. Dave Cridland has left
  755. Dave Cridland has left
  756. Dave Cridland has joined
  757. alexis has left
  758. alexis has joined
  759. matlag has joined
  760. Alex has left
  761. lskdjf has joined
  762. Dave Cridland has left
  763. alexis has left
  764. alexis has joined
  765. alexis has left
  766. alexis has joined
  767. jonasw I wonder how this plays with the GDPR:
  768. jonasw https://www.csoonline.com/article/3264658/privacy/microsoft-to-ban-offensive-language-from-skype-xbox-office-and-other-services.html
  769. Dave Cridland has left
  770. moparisthebest has joined
  771. moparisthebest has joined
  772. pep. jonasw, "EDIT: Except for EU citizen :-°"
  773. Dave Cridland has left
  774. jonasw hah
  775. daniel has left
  776. jere has left
  777. jere has joined
  778. daniel has left
  779. la|r|ma has joined
  780. daniel has left
  781. jjrh has left
  782. Andrew Nenakhov has left
  783. Dave Cridland has left
  784. daniel has left
  785. daniel has left
  786. Dave Cridland has left
  787. Dave Cridland has left
  788. Dave Cridland has left
  789. daniel has left
  790. daniel has left
  791. Dave Cridland has left
  792. LNJ has left
  793. daniel has left
  794. moparisthebest has joined
  795. Dave Cridland has left
  796. Dave Cridland has left
  797. j.r has joined
  798. Dave Cridland has left
  799. alexis has joined
  800. Dave Cridland has left
  801. lumi has left
  802. lumi has joined
  803. daniel has left
  804. daniel has joined
  805. Andrew Nenakhov has joined
  806. Dave Cridland has left
  807. daniel has left
  808. daniel has joined
  809. LNJ has joined
  810. daniel has left
  811. daniel has joined
  812. daniel has left
  813. daniel has joined
  814. moparisthebest has joined
  815. daniel has left
  816. daniel has joined
  817. Dave Cridland has left
  818. Dave Cridland has left
  819. Yagiza has left
  820. Guus has left
  821. jjrh has left
  822. jjrh has left
  823. pep. jonasw, what article was peter referring to again? I cna't seem to find it ("proportional means of protection")
  824. pep. Ah, he says article 9, and "revealing"
  825. Alex has joined
  826. waqas has joined
  827. pep. hmm, ok that's why LQ1 then.
  828. pep. That doesn't explain the part of our discussion about encryption
  829. LNJ has left
  830. Alex has left
  831. Guus has left
  832. jjrh has left
  833. LNJ has joined
  834. jjrh has left
  835. jjrh has left
  836. Ge0rG pep.: encryption is one of the mechanisms mandated to protect user data
  837. pep. I guess that's art 35
  838. Dave Cridland has left
  839. vanitasvitae has left
  840. jubalh has joined
  841. pep. https://mastodon.social/@Gargron/99730137003463631 they don't seem worried
  842. pep. Anybody what goes into that audit log? http://dougbelshaw.com/blog/2018/01/31/social-network/
  843. jubalh has left
  844. pep. (grep GDPR)
  845. Dave Cridland has left
  846. LNJ has left
  847. moparisthebest I wonder how far a non-EU citizen/service is required to go to ensure non-EU people use their service?
  848. moparisthebest is the GDPR only enforceable if an EU citizen sues you?
  849. jonasw moparisthebest, I wish I knew at least that
  850. pep. anybody knows*
  851. moparisthebest if so, then everyone can just put up notices like "EU citizens are forbidden from using this service"
  852. Dave Cridland has left
  853. moparisthebest because they wouldn't have standing to sue you about GDPR stuff in court, because they violated your terms?
  854. moparisthebest at least, I think
  855. jonasw I have no idea
  856. pep. I have a feeling I should prepend IANAL to any comment I make during our sessions
  857. jonasw pep., easy. /nick pep.> IANAL:
  858. pep. :D
  859. moparisthebest yea until we get a single lawyer in here ever, maybe a server plugin should do it automatically?
  860. jonasw> IANAL: has joined
  861. pep. jonasw, will do next time
  862. jonasw aww
  863. Dave Cridland has left
  864. jonasw the MUC won’t let you
  865. pep.> IANAL: has joined
  866. jonasw moparisthebest, yeah, no
  867. pep. pff
  868. jonasw that might be a solution for you USians
  869. jonasw for certain definitions of "solution"
  870. jonasw or, wait, you aren’t talking about the "no EU citizens" thing anymore?
  871. Ge0rG moparisthebest: I think it's about targeting. If you have a european domain, support languages spoken here, etc.
  872. moparisthebest I mean't a server plugin should prepend IANAL to what everyone says :)
  873. jonasw Ge0rG, "support languages spoken here". english?
  874. moparisthebest what languages *aren't* spoken in EU ?
  875. moparisthebest I feel like that'd be the shorter list
  876. Ge0rG :P
  877. pep. :D
  878. Dave Cridland has left
  879. pep. You could state "Here we speak only en_US"
  880. Dave Cridland has left
  881. moparisthebest or maybe you limit the character set to ASCII
  882. moparisthebest that would de-facto ban most of the EU
  883. Dave Cridland has left
  884. Ge0rG moparisthebest: switch to IBM EBCDIC
  885. jonasw to ban the whole world?
  886. Ge0rG jonasw: there is no world beyond the US of A
  887. jonasw I forogt
  888. Ge0rG I, for one, am proud to be an EU citizen, and to finally have legal remediation against Silicon Valley sucking up and reselling all my private data.
  889. moparisthebest except turns out it's the same kind of legal protection you had before
  890. moparisthebest that is, to just not use the services
  891. alexis has left
  892. alexis has joined
  893. Ge0rG moparisthebest: I'm not using Facebook. I'm not using WhatsApp. And still they have data about me.
  894. jonasw Ge0rG, +1
  895. moparisthebest not data you didn't share somehow, presumably
  896. jonasw moparisthebest, but did I share it intentionally?
  897. moparisthebest it's the #1 rule of the internet, put it on the internet, it's there forever
  898. jonasw moparisthebest, I didn’t put my phone number on the internet.
  899. jonasw yet, whatsapp has it most likely
  900. moparisthebest no laws are going to change that
  901. Ge0rG moparisthebest: oh yes, our laws will change that.
  902. moparisthebest yea the law changes things, now you can't use open federated services
  903. moparisthebest good work
  904. Ge0rG moparisthebest: but it depends on what you mean with "put it on the internet" - make it public? use some internet service? contact your friends?
  905. Kev has left
  906. SaltyBones has left
  907. Kev has joined
  908. Ge0rG related: https://twitter.com/iamdylancurran/status/977559925680467968
  909. Ge0rG BTW, that the BigCorps are required to provide all the data they store about you is also based on EU regulations
  910. alexis has left
  911. alexis has joined
  912. LNJ has joined
  913. pep. Ok so I have https://cryptpad.fr/code/#/1/edit/eitMC7lM6yOU4kFtNf1Nag/gvYO8K5YdRtKg-b7hNLd7mEz/ Ge0rG jonasw winfried, can you have a quick look
  914. jonasw f*ck!
  915. jonasw I hate that noscript b ug
  916. alexis has left
  917. jonasw pfew, I was in luck. but still
  918. alexis has joined
  919. Yagiza has joined
  920. alexis has left
  921. alexis has joined
  922. LNJ has left
  923. alexis has left
  924. jonasw pep., looks good to me
  925. pep. Most of what we talked about today goes into Q1.1d
  926. Zash has left
  927. pep. There's this "Server logs: r49" line that's kind of sitting alone there, the rest is about consent :P
  928. Dave Cridland has left
  929. winfried pep.: nice!
  930. pep. jonasw, also I'd be inclined to say 9.1 only applies to "processing revealing [such information]", as peter suggests? But IANAL
  931. jonasw pep., peter argues that processing which stores the data in plaintext may reveal it to operators
  932. pep. Ah, in that sense
  933. jonasw also, I think the recital is clear that the *data* reveals the information, not the processing
  934. pep. Well, so full-disk encryption is besides the point right?
  935. jonasw the legal text is ambiguous IMO
  936. jonasw in both translations oddly enough
  937. jonasw (it could be either the processing or the data which reveals info, in both en and de)
  938. pep. Because operators will most likely always have access to this information, except in the e2ee case
  939. jonasw pep., exactly.
  940. pep. Even in the e2ee case really, it's still possible, as not many people actually checks
  941. pep. That would be making significant effort though, for the operator, and could be caught as well
  942. jonasw that would require an additional action you normally wouldn’t do though
  943. pep. Security goes as far as one is wiling to apply it (and even then..)
  944. alexis has joined
  945. pep. So I'm tempted to remove the full-disk encryption part in the minutes, and add a bit about e2ee
  946. pep. (Since it was my misunderstanding)
  947. Ge0rG pep.: "encryption" is just a control you "need" to checkmark.
  948. jonasw I think tehre was talk about both
  949. pep. Ge0rG, what encryption, where
  950. pep. jonasw, yeah, right
  951. Guus has left
  952. Ge0rG pep.: a secure service will deploy a combination of disk encryption, stream encryption, user data encryption and e2ee
  953. jonasw pep., in line 64, it was definitely about FDE
  954. jonasw pep., maybe add a note about "ubiquitous E2EE would save us from 9.1"
  955. pep. I wish
  956. pep. Ge0rG, right
  957. pep. jonasw, here, done
  958. jonasw thanks
  959. pep. Ok, sending that
  960. Dave Cridland has left
  961. jonasw thank you for that already :)
  962. Dave Cridland has left
  963. alexis has left
  964. alexis has joined
  965. pep. Wow, the mails take quite some time to arrive
  966. Kev It takes a while for all the racial profiling the server needs to do before sending them out.
  967. pep. I see
  968. pep. Makes sense
  969. julius has left
  970. Dave Cridland has left
  971. jubalh has joined
  972. blabla has left
  973. blabla has left
  974. waqas has left
  975. Guus has left
  976. LNJ has joined
  977. alexis has left
  978. alexis has joined
  979. jere has left
  980. jere has joined
  981. Dave Cridland has left
  982. Andrew Nenakhov has left
  983. Andrew Nenakhov has joined
  984. Andrew Nenakhov has left
  985. Andrew Nenakhov has joined
  986. Dave Cridland has left
  987. alexis has left
  988. alexis has joined
  989. Dave Cridland has left
  990. Guus has left
  991. SamWhited has left
  992. waqas has joined
  993. jubalh has joined
  994. SamWhited has left
  995. SamWhited has left
  996. Dave Cridland has left
  997. Dave Cridland has left
  998. Dave Cridland has left
  999. lumi has joined
  1000. Dave Cridland has left
  1001. ThibG has left
  1002. ThibG has joined
  1003. moparisthebest is there a reason the members mailing list is not linked from here: https://xmpp.org/community/mailing-lists.html
  1004. jonasw moparisthebest, possibly because it’s only for members
  1005. moparisthebest I was trying to give a link to the GDPR discussion to someone and had to manually construct it
  1006. jonasw I don’t think you can subcsribe as non-member.
  1007. moparisthebest jonasw, if that's true it's incorrectly configured to be public https://mail.jabber.org/pipermail/members/2018-March/thread.html
  1008. Dave Cridland has left
  1009. pep. https://mail.jabber.org/mailman/listinfo
  1010. jonasw moparisthebest, maybe
  1011. moparisthebest (I clicked on 'standards' then changed 'standards' in the url to 'members')
  1012. jonasw iteam? (cc @ Kev, intosi) ^
  1013. pep. it's listed here
  1014. moparisthebest I personally don't see a reason for it to be private, I'd just like to see it listed next to the rest :)
  1015. Kev What's the problem here? The list should be invite-only, public archives.
  1016. jonasw Kev, then there’s no problem :)
  1017. moparisthebest except it's not listed on https://xmpp.org/community/mailing-lists.html
  1018. jonasw Kev, except htat maybe it should be moderated-by-default and free to subscribe, if the archives are public anyways.
  1019. Kev I see no benefit to that.
  1020. ludo has joined
  1021. jonasw Kev, ease of use
  1022. jubalh has left
  1023. Kev It's easy to use for members, and that's all that matters here.
  1024. Ge0rG I'm not even sure what the ML is *for*
  1025. jonasw Kev, arguably, that discussion is interesting for non-members too.
  1026. Dave Cridland has left
  1027. Zash has left
  1028. jonasw but I don’t think that standards@ would be the right venue
  1029. jonasw what would be the most appropriate list then?
  1030. Ge0rG operators probably
  1031. pep. Yeah I don't think either. Maybe _only_ operators, would be best
  1032. Kev I'd have thought if this is an XSF activity, members is appropriate, with CC to operators anything that will interest them.
  1033. moparisthebest yea I was just linking other people for some feedback
  1034. moparisthebest and it was super hard to find a link that I assumed would be on the mailing lists page that I assumed would list all mailing lists :)
  1035. Guus has left
  1036. marmistrz has joined
  1037. Dave Cridland has left
  1038. SaltyBones has left
  1039. marmistrz has joined
  1040. Neustradamus has joined
  1041. j.r has joined
  1042. Dave Cridland has left
  1043. Dave Cridland has left
  1044. Neustradamus Kev, intosi: it will be nice to have a ML for jabber.org service and updates on https://www.jabber.org/notices.html about problems like previously
  1045. Dave Cridland has left
  1046. Neustradamus has left
  1047. Dave Cridland has left
  1048. Neustradamus has joined
  1049. Neustradamus http://mail.jabber.org/mailman/listinfo/juser <-- not clear if it is for jabber.org service
  1050. Dave Cridland has left
  1051. Neustradamus has left
  1052. Neustradamus has joined
  1053. LNJ has left
  1054. Dave Cridland has left
  1055. Guus has left
  1056. Dave Cridland has left
  1057. Dave Cridland has left
  1058. LNJ has joined
  1059. SamWhited has joined
  1060. Dave Cridland has left
  1061. Guus has left
  1062. Dave Cridland has left
  1063. alexis has left
  1064. Dave Cridland has left
  1065. Dave Cridland has joined
  1066. Dave Cridland has left
  1067. Dave Cridland has left
  1068. david has joined
  1069. blabla has left
  1070. pep. has left
  1071. LNJ has left
  1072. Dave Cridland has left
  1073. LNJ has joined
  1074. Dave Cridland has left
  1075. Dave Cridland has left
  1076. Guus has left
  1077. Guus has left
  1078. Dave Cridland has left
  1079. Dave Cridland has left
  1080. j.r has joined
  1081. Dave Cridland has left
  1082. LNJ has left
  1083. Valerian has left
  1084. SamWhited IETF folks that also idle here: are you aware of any SASL mechanisms similar to SCRAM (active or in development) that use Argon2 instead of PBKDF.2? I was going to use Argon2 on some passwords since it's the current OWASP recommendation, but there's a chance I'll want to use the same credentials with an XMPP server later (though not in a way that requires wide support, so it doesn't matter if it's still in draft or something).
  1085. marc has left
  1086. Guus has left
  1087. sezuan has left
  1088. SamWhited I assume a quick search would have revealed it if it was already a thing, but I figured there might be an I-D which tend to be harder to find.
  1089. Dave Cridland has left
  1090. Zash Not sure if I qualify, but I'm pretty sure you can swap out PBKDF2 for some other equivalent construct.
  1091. Guus has left
  1092. Guus has left
  1093. Guus has left
  1094. Dave Cridland has left
  1095. daniel has left
  1096. Andrew Nenakhov has left
  1097. SamWhited In SCRAM you mean? I think it allows you to swap out the hash used in the HMAC, but not the key derivation function. Let me double check, it would be nice if I was mistaken.
  1098. nyco has left
  1099. Zash I do believe that the general construct still makes sense with a different key derivation function.
  1100. SamWhited Oh yah, it does, but I'm hesitant to do something completely non-standard
  1101. jonasw yeah, but it’s not standardised
  1102. Dave Cridland has left
  1103. jonasw SamWhited, cp scram-rfc.xml argon-scram-rfc.xml; sed -i s/pbkdf2/argon2/g argon-scram-rfc.xml; submitrfc argon-scram-rfc.xml? ;-)
  1104. SamWhited jonasw: what and where are those XML files located?
  1105. SamWhited "What are those XML files and where are the located", that is. That sentence got away from me.
  1106. SamWhited They… *facepalm* I really can't type.
  1107. alexis has joined
  1108. Dave Cridland has left
  1109. alexis has left
  1110. alexis has joined
  1111. Zash Yeah, where are those?
  1112. SamWhited I only recently discovered that there actually is a big XML file with RFC information… the IETF has even worse search engine rankings and visibility problems than we do, I'm pretty convinced.
  1113. SamWhited But it's not detailed and doesn't include I-Ds, as far as I know.
  1114. Dave Cridland has left
  1115. Andrew Nenakhov has left
  1116. Dave Cridland has left
  1117. Dave Cridland has left
  1118. Zash https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml#sasl-mechanisms-1
  1119. alexis has left
  1120. alexis has joined
  1121. Dave Cridland has left
  1122. Steve Kille has left
  1123. Steve Kille has left
  1124. peter has joined
  1125. ludo has joined
  1126. Dave Cridland has left
  1127. SamWhited ooh that's a good idea, thanks. Although I don't think that lists any I-Ds that might be floating around out there; still, good starting place!
  1128. moparisthebest hey, ALPN ids are listed now https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
  1129. moparisthebest kind of a strange way to word the protocol, but I guess it's correct enough?
  1130. moparisthebest XMPP jabber:client namespace
  1131. Steve Kille has joined
  1132. moparisthebest XMPP jabber:server namespace
  1133. Tobias wonder why some IDs are rather long and some others short
  1134. Zash SamWhited: There's http://www.ietf.org/download/id-index.txt but it's huuuuuuuuuuuuuuge
  1135. Dave Cridland has left
  1136. moparisthebest oh that's how it's listed in the XEP too, did I do that? hehe
  1137. Zash And maybe the kitten wg?
  1138. Tobias ah..it's the idrect textual representation
  1139. Dave Cridland has left
  1140. Dave Cridland has left
  1141. Lance has joined
  1142. alexis has left
  1143. alexis has joined
  1144. jubalh has joined
  1145. j.r has joined
  1146. Zash https://tools.ietf.org/wg/sasl/ https://tools.ietf.org/wg/kitten/
  1147. Dave Cridland has left
  1148. ta has joined
  1149. jere has left
  1150. jere has joined
  1151. alexis has left
  1152. alexis has joined
  1153. Valerian has joined
  1154. j.r has left
  1155. j.r has joined
  1156. Dave Cridland has left
  1157. la|r|ma has joined
  1158. jonasw has left
  1159. Dave Cridland has left
  1160. david has left
  1161. david has joined
  1162. Steve Kille has left
  1163. alexis has left
  1164. alexis has joined
  1165. mimi89999 has joined
  1166. mimi89999 has left
  1167. mimi89999 has joined
  1168. mimi89999 has joined
  1169. Dave Cridland has left
  1170. mimi89999 has joined
  1171. ludo has left
  1172. ludo has joined
  1173. marmistrz has joined
  1174. marmistrz has joined
  1175. alexis has left
  1176. alexis has joined
  1177. jubalh has left
  1178. tux has joined
  1179. lovetox has joined
  1180. alexis has left
  1181. alexis has joined
  1182. jere has joined
  1183. jere has joined
  1184. Dave Cridland has left
  1185. Dave Cridland has left
  1186. Dave Cridland has joined
  1187. Ge0rG has left
  1188. Kev has left
  1189. alexis has left
  1190. pep. https://bpaste.net/show/138cf21c832d irccloud.com just updated their term apparently, some IRC web client. I feel this will be relevant to movim instance admins, edhelas
  1191. jere has left
  1192. jere has joined
  1193. Ge0rG That's interesting, they claim to be a data processor.
  1194. pep. yeah I noticed as well
  1195. ludo has left
  1196. ludo has joined
  1197. Andrew Nenakhov has left
  1198. Andrew Nenakhov has joined
  1199. Andrew Nenakhov has left
  1200. jubalh has joined
  1201. Dave Cridland has left
  1202. lovetox Syndace, how is your omemo lib writing going
  1203. Andrew Nenakhov has joined
  1204. SaltyBones has left
  1205. Holger has left
  1206. alexis has joined
  1207. Andrew Nenakhov has left
  1208. Andrew Nenakhov has joined
  1209. Andrew Nenakhov has left
  1210. Andrew Nenakhov has joined
  1211. alexis has left
  1212. Valerian has left
  1213. Andrew Nenakhov has left
  1214. Andrew Nenakhov has joined
  1215. tux has joined
  1216. tux has joined
  1217. Andrew Nenakhov has left
  1218. Andrew Nenakhov has joined
  1219. alexis has joined
  1220. winfried has left
  1221. Andrew Nenakhov has joined
  1222. ibikk has left
  1223. alexis has left
  1224. alexis has joined
  1225. Andrew Nenakhov has left
  1226. Andrew Nenakhov has joined
  1227. Andrew Nenakhov has left
  1228. Andrew Nenakhov has joined
  1229. alexis has left
  1230. alexis has joined
  1231. Andrew Nenakhov has left
  1232. Andrew Nenakhov has joined
  1233. marc has left
  1234. Andrew Nenakhov has left
  1235. Andrew Nenakhov has joined
  1236. alexis has left
  1237. alexis has joined
  1238. Andrew Nenakhov has left
  1239. Andrew Nenakhov has joined
  1240. Dave Cridland has left
  1241. Dave Cridland has left
  1242. marc has left
  1243. marmistrz has left
  1244. Dave Cridland has left
  1245. blabla has left
  1246. Dave Cridland has left
  1247. jubalh has joined
  1248. Alex has left
  1249. Syndace lovetox, I spent the last days trying to get a simple client up and running that echoes OMEMO messages, with partial success. Debugging is extremely annoying as the OMEMO of the official clients is a mess. I once accidantly published some wrong data to the pep node and the OMEMO plugin for Gajim completely died and remained unusable till now. Trying to send messages just fills my terminal with stack traces. Conversations sends some weird empty message after the initial handshake. I thought I understood why it sends that message but then I found that Conversations 2.0 sends a different, even weirder message... The small success: If my handmade client does the active handshake, the echoing works with Conversations as expected, so the crypto should be fine :) I'm at the point where I'd probably need to dig into the code of conversations and gajim to understand the problem, but I really really really don't want to, got a lot of work atm. But thank you for asking, I just remembered that my goal is to provide the crypto and not to provide a working client. Tomorrow I'll clean up a last few things and release it, so you can try your luck with other clients :D
  1250. Syndace Neustradamus: Hi! I'm fine, thanks :D
  1251. Ge0rG has left
  1252. la|r|ma has left
  1253. Dave Cridland has left
  1254. lovetox im the developer of the omemo plugin
  1255. lovetox in gajim
  1256. lovetox so if you need help add me lovetox@conversations.im
  1257. lovetox also if you release your work i can adapt it to gajim, and then you dont have to put work into the whole client and xmpp protocol stuff
  1258. pep. Syndace, delegate! :)
  1259. pep. less work for you
  1260. lovetox yes, its really better you just release the work, and let client devs implement it
  1261. lovetox afterwards you can use the client to debug encryption related stuff
  1262. lovetox im offering to do this as soon as you release it
  1263. Syndace One question about the licensing stuff: I already have MIT checked into the repo currently. Now, I have to release GPL as we discussed recently. If I just commit the new license, then someone can clone an earlier commit and get the earlier code including the MIT file. Is that a problem?
  1264. Syndace Wow thank you!
  1265. Guus has left
  1266. j.r has left
  1267. j.r has joined
  1268. pep. hmm, I guess they can fork an ealier version of the work, though they would be liable? Maybe you can explain the reasons you're changing to GPL somewhere
  1269. peter It's always dangerous to change licenses in midstream...
  1270. Guus has left
  1271. pep. git-filter-branch!
  1272. Lance has left
  1273. marc has joined
  1274. LNJ has left
  1275. jonasw SamWhited, it was merely a convoluted way of saying "take the SCRAM rfc and do the same for argon2" sorry I got your hopes up (cc @ Zash)
  1276. Syndace pep.: Thing is, I'm not just "changing" the license because I want to but the first license was never the correct one and I could get sued if I don't publish as GPL. git filter branch? Those dark areas of git that I try to avoid :D
  1277. LNJ has joined
  1278. jonasw Syndace, git filter-branch or something equivalent is your only way.
  1279. jonasw alternatively, you can squash the history
  1280. jonasw why are you bound to GPL though?
  1281. Zash Are you, really?
  1282. Dave Cridland has left
  1283. Zash Probably should take what us non-lawyers say with a truckload of salt
  1284. lovetox Syndace, clone your repo somewhere for backup
  1285. lovetox squash everything into one inital commit before releasing
  1286. lovetox upload finished
  1287. pep. squash is meh :/
  1288. Syndace Zash, I am bound to GPL. Until we define our own wireformat.
  1289. jonasw Syndace, what
  1290. jonasw source for that?
  1291. Syndace jonasw, for what? That I'm bound to GPL?
  1292. Dave Cridland has left
  1293. jonasw yeah
  1294. Syndace I guess I could create a fresh repo with just the newest commit and release that one
  1295. jonasw that doesn’t make sense to me
  1296. lovetox someone told him here
  1297. lovetox because he looked into signal source for the wire format
  1298. Syndace jonasw, to be abled to talk to libsignal I needed to copy a few params from theit code
  1299. Syndace I don't think there is any way that is not GPL
  1300. jonasw isn’t there a specification aside from that code?
  1301. Dave Cridland has left
  1302. Syndace For large parts, yes
  1303. jonasw anyways, heading out.
  1304. Syndace But the specification says for example: "Set this parametet to an application specific ASCII string"
  1305. marc has left
  1306. Dave Cridland has left
  1307. Syndace Which I had to copy from libsignal because it is not defined anywhere
  1308. Syndace But then again, it's no problem to switch to MIT once we define our own parameters
  1309. pep. Not really sure what's frightening about GPL tbh
  1310. Dave Cridland has left
  1311. Zash Probably a bit of FUD on account of Moxie & co being weird with reimplementation of signalprotocol
  1312. marc has joined
  1313. pep. I meant, why not just stick to GPL
  1314. Syndace pep.: GPL is fine for now but I personally don't like the philosophy to force open sourcers to use some license.
  1315. jonasw has left
  1316. Yagiza has left
  1317. pep. Depends on your end goal
  1318. lovetox pep., because not every client can ship gpl code
  1319. lovetox there is a huge discussion about this
  1320. lovetox on the list
  1321. pep. lovetox, that can be distributed via another channel? You already have plugins for gajim for example
  1322. Zash pep.: I was on why GPL, not why not.
  1323. pep. But tbh if it were me I'd just put the client under GPL
  1324. lovetox poezio for example is not under GPL if i remember correctly
  1325. mathieui zlib indeed
  1326. lovetox also jitsi i think
  1327. pep. yeah but we also have plugins. There is no case for now for external plugins though, since all are commited in the source
  1328. lovetox smacks lib i think is also not
  1329. pep. But it would be doable
  1330. mathieui lovetox, it was gplv3 at the beginning though
  1331. lovetox yeah of course, but if someone does the work and rewrites a whole lib from scratch
  1332. lovetox why not work to the goal to make it with a good license
  1333. lovetox that lets every option open
  1334. Syndace lovetox: my thoughta
  1335. pep. good is definitely subjective here. It also lets the option for companies to just reuse it and use your work without giving anything back
  1336. pep. Or anybody really
  1337. SamWhited That seems perfectly fine… I don't really care if people give back to my work, I just want it to be as usable as possible.
  1338. pep. I do care
  1339. Lance has joined
  1340. Syndace I'll go with the beer license
  1341. SamWhited I'd rather not force a choice on the majority of people who will give back and use my open source in a good way. If one or two people are bad actors that's unfortunate, but it's not worth hurting the large number of people who aren't already using the GPL just for the possibility that one person might do something bad.
  1342. Syndace and make it copyleft
  1343. Guus has left
  1344. Guus has left
  1345. pep. SamWhited, I guess I see it the other way around. What would it cost you to release under GPL, and also have the one next to you release under GPL, etc. The main reason I see not wanting to use GPL is if you explicitely want to allow not giving back
  1346. SamWhited Why should I relicense my thing just because you want to use a different license? It seems arrogant of you to want me to change what I've already done just because you think something else is better.
  1347. lovetox pep. you use it if you want that as many people as possible use it
  1348. pep. lovetox, usage is not restricted in any case
  1349. lovetox yes it is if it means i have to publish my source
  1350. SamWhited But yes, I want my thing distributed as widely as possible, so I'm not going to put stupid restrictions on that. If someone abuses it, that's unfortunate, but most people won't.
  1351. lovetox you say its not restricted under X conditions
  1352. pep. lovetox, right sorry I was out
  1353. lovetox some people cant just live with these conditions so will not use it
  1354. pep. lovetox, I wouldn't go as far as that
  1355. SamWhited And especially if it's a security thing then I definitely want it to be usable by proprietary closed source software. We're not going to get rid of it by using the GPL, but we can possibly make it more secure by not using the GPL.
  1356. pep. SamWhited, I'm not sure where you want to go with the security thing.
  1357. Kev has joined
  1358. lovetox it simple if you have higher goals
  1359. pep. If people want to use a library they can'T, then too bad for them?
  1360. pep. either they comply or they don't use it
  1361. lovetox if my goal is government not spying on people because i think it makes a better world
  1362. SamWhited Exactly where I went; if someone is making a bunch of garbage IOT devices that are insecure, and I make a library that makes auth easy and they consider using it, I don't want them not to use it because I arrogantly claim that they have to release their source if they bundle my library.
  1363. lovetox i couldnt care less if companys use my encryption and make money with it
  1364. lovetox because my goal is still reached
  1365. SamWhited What lovetox said; of course, that's a very specific niche goal, I'm just sick of people pretending that there's no downside or tradeoffs with the GPL.
  1366. SamWhited There are plenty of reasons not to use it.
  1367. lovetox also companys like google do this
  1368. pep. Ok, well we definitely don't have the same goals, I guess I got that
  1369. lovetox this is my opinion of course
  1370. lovetox but often they release under licenses that allow not to give back
  1371. lovetox because if you use there stuff it gets spreaded
  1372. lovetox and when everyone uses it you depend on google stuff suddenly
  1373. lovetox they profit in other ways from it
  1374. marmistrz has left
  1375. pep. Note, I didn't say a word about me making profit
  1376. Guus has left
  1377. Guus has left
  1378. Guus has left
  1379. ThibG has left
  1380. ThibG has joined
  1381. ludo has joined
  1382. sezuan has left
  1383. sezuan has left
  1384. sezuan has joined
  1385. j.r has left
  1386. j.r has joined
  1387. Dave Cridland has left
  1388. lskdjf has left
  1389. j.r has left
  1390. Guus has left
  1391. lskdjf has joined
  1392. Ge0rG has left
  1393. Dave Cridland has left
  1394. j.r has joined
  1395. moparisthebest I think I'm the one that said that, and IANAL
  1396. moparisthebest but I believe that if you copy even any tiny part from a GPL library, or possibly even look at it before implementing a replacement, it's a derivitive work that must be licenensed GPL, does that sound right?
  1397. ta has joined
  1398. moparisthebest besides if API's are copyrightable I'm not sure anything matters anymore https://www.bloomberg.com/news/articles/2018-03-27/oracle-wins-revival-of-billion-dollar-case-against-google ...
  1399. ibikk has left
  1400. jubalh has joined
  1401. ibikk has left
  1402. lskdjf has joined
  1403. Dave Cridland has left
  1404. suzyo has joined
  1405. ludo has left
  1406. Guus has left
  1407. rion has left
  1408. flow moparisthebest, that is my interpretation too
  1409. goffi has left
  1410. lskdjf has left
  1411. lskdjf has left
  1412. lskdjf has left
  1413. lskdjf has left
  1414. ibikk has joined
  1415. lskdjf has left
  1416. lskdjf has joined
  1417. jubalh has joined
  1418. Dave Cridland has left
  1419. lskdjf has joined
  1420. marc has left
  1421. Guus has left
  1422. Dave Cridland has left
  1423. Dave Cridland has left
  1424. Dave Cridland has left
  1425. marc has left
  1426. Dave Cridland has left
  1427. winfried has joined
  1428. jubalh has joined
  1429. Andrew Nenakhov has left
  1430. Andrew Nenakhov has joined
  1431. Dave Cridland has left
  1432. Andrew Nenakhov has left
  1433. Andrew Nenakhov has joined
  1434. Andrew Nenakhov has left
  1435. Andrew Nenakhov has joined
  1436. winfried has joined
  1437. Dave Cridland has left
  1438. Andrew Nenakhov has left
  1439. Andrew Nenakhov has joined
  1440. Dave Cridland has left
  1441. Dave Cridland has left
  1442. lumi has joined
  1443. Dave Cridland has left
  1444. marc has joined
  1445. Dave Cridland has left
  1446. mimi89999 has joined
  1447. Dave Cridland has left
  1448. Dave Cridland has left
  1449. Dave Cridland has left
  1450. Dave Cridland has left
  1451. blabla has left
  1452. Dave Cridland has left
  1453. alexis has joined
  1454. jubalh has joined
  1455. Dave Cridland has left
  1456. ibikk has left
  1457. alexis has left
  1458. alexis has joined
  1459. alexis has left
  1460. Dave Cridland has left
  1461. sezuan has left
  1462. iiro.laiho has joined
  1463. ibikk has joined
  1464. Dave Cridland has left
  1465. iiro.laiho has left
  1466. Tobias has joined
  1467. iiro.laiho has joined
  1468. marc has left
  1469. Dave Cridland has left
  1470. Seve/SouL has joined
  1471. Tobias has joined
  1472. Dave Cridland has left
  1473. lskdjf has joined
  1474. david has joined
  1475. Dave Cridland has left
  1476. iiro.laiho has left
  1477. Dave Cridland has left
  1478. Dave Cridland has joined
  1479. Dave Cridland has left
  1480. Dave Cridland has joined
  1481. david has joined
  1482. Dave Cridland has left
  1483. Dave Cridland has left
  1484. suzyo has joined
  1485. Dave Cridland has left
  1486. ibikk has left
  1487. Guus has left
  1488. jubalh has joined
  1489. Tobias has joined
  1490. Holger has left
  1491. jubalh has left
  1492. jubalh has joined
  1493. jere has left
  1494. Dave Cridland has left
  1495. david has left
  1496. david has joined
  1497. tux has joined
  1498. Guus has left
  1499. Dave Cridland has left
  1500. Tobias has left
  1501. Zash has left
  1502. Dave Cridland has left
  1503. Ge0rG has left
  1504. Ge0rG has left
  1505. Dave Cridland has left
  1506. Ge0rG has left
  1507. jere has joined
  1508. Ge0rG has left
  1509. Ge0rG has left
  1510. Dave Cridland has left
  1511. Ge0rG has left
  1512. ThibG has left
  1513. ThibG has joined
  1514. Guus has left
  1515. Andrew Nenakhov has joined
  1516. david has joined
  1517. david has joined
  1518. jjrh has left
  1519. jjrh has left
  1520. jjrh has left
  1521. jubalh has left
  1522. jjrh has left
  1523. Seve/SouL has joined
  1524. LNJ has left
  1525. Tobias has joined
  1526. LNJ has joined
  1527. Dave Cridland has left
  1528. ThibG has left
  1529. peter has left
  1530. jere has joined
  1531. LNJ has left
  1532. Neustradamus has left
  1533. Syndace has joined
  1534. Syndace has joined
  1535. Guus has left
  1536. Ge0rG has joined
  1537. waqas has left
  1538. Ge0rG has joined
  1539. jjrh has left
  1540. Tobias has left
  1541. Dave Cridland has left
  1542. Guus has left
  1543. waqas has joined
  1544. Zash has left
  1545. lovetox has left
  1546. Guus has left
  1547. Guus has left
  1548. nyco has left
  1549. Ge0rG has joined
  1550. Ge0rG has joined
  1551. Guus has left
  1552. Guus has left
  1553. ThibG has joined
  1554. Guus has left
  1555. la|r|ma has joined