XSF Discussion - 2018-03-27

  1. efrit has left

  2. Kev has left

  3. Tobias has joined

  4. alexis has left

  5. alexis has joined

  6. Dave Cridland has left

  7. Tobias has joined

  8. lumi has joined

  9. sezuan has left

  10. alexis has left

  11. alexis has joined

  12. Guus has left

  13. alexis has left

  14. alexis has joined

  15. alexis has left

  16. alexis has joined

  17. Zash has left

  18. alexis has joined

  19. la|r|ma has joined

  20. lskdjf has joined

  21. Tobias has joined

  22. alexis has joined

  23. alexis has left

  24. alexis has joined

  25. alexis has left

  26. alexis has joined

  27. Lance has left

  28. alexis has left

  29. alexis has joined

  30. Tobias has left

  31. ralphm has joined

  32. Guus has joined

  33. waqas has joined

  34. ralphm has left

  35. ralphm has joined

  36. Lance has joined

  37. ralphm has left

  38. ralphm has joined

  39. Guus has left

  40. Guus has left

  41. Tobias has joined

  42. Zash has joined

  43. Zash has left

  44. Zash has joined

  45. Zash has left

  46. Zash has joined

  47. Zash has left

  48. alexis has joined

  49. Lance has left

  50. Zash has joined

  51. alexis has left

  52. alexis has joined

  53. Tobias has joined

  54. alexis has joined

  55. moparisthebest has joined

  56. alexis has left

  57. alexis has joined

  58. Guus has joined

  59. Dave Cridland has left

  60. alexis has left

  61. alexis has joined

  62. Guus has left

  63. Guus has left

  64. Lance has joined

  65. alexis has left

  66. alexis has joined

  67. tux has joined

  68. Tobias has joined

  69. rion has joined

  70. @Alacer has joined

  71. @Alacer has left

  72. daniel has left

  73. @Alacer has joined

  74. jere has joined

  75. jere has joined

  76. alexis has left

  77. alexis has joined

  78. @Alacer has left

  79. alexis has left

  80. alexis has joined

  81. Tobias has joined

  82. alexis has joined

  83. rion has left

  84. rion has joined

  85. alexis has left

  86. alexis has joined

  87. daniel has left

  88. moparisthebest has left

  89. rion has left

  90. alexis has left

  91. alexis has joined

  92. daniel has left

  93. SamWhited has joined

  94. alexis has left

  95. alexis has joined

  96. daniel has left

  97. Guus has joined

  98. Tobias has joined

  99. Tobias has left

  100. moparisthebest

    I haven't read exactly but last I had heard that was out

  101. Guus has left

  102. Guus has left

  103. jere has left

  104. jere has joined

  105. jere has left

  106. matlag has left

  107. ibikk has joined

  108. moparisthebest has left

  109. jere has joined

  110. matlag has joined

  111. Tobias has joined

  112. lskdjf has joined

  113. jere has left

  114. ta has joined

  115. j.r has joined

  116. j.r has joined

  117. j.r has left

  118. j.r has joined

  119. alexis has left

  120. alexis has joined

  121. jere has joined

  122. mimi89999 has left

  123. mimi89999 has left

  124. Tobias has joined

  125. mimi89999 has joined

  126. alexis has left

  127. alexis has joined

  128. jere has left

  129. jere has joined

  130. Lance has left

  131. Neustradamus has joined

  132. j.r has joined

  133. goffi has joined

  134. jonasw has joined

  135. Tobias has joined

  136. Nekit has left

  137. jere has joined

  138. matlag has left

  139. Guus has joined

  140. Guus has left

  141. j.r has joined

  142. Guus has left

  143. Guus has left

  144. tim@boese-ban.de has joined

  145. lskdjf has joined

  146. SamWhited has left

  147. Tobias has joined

  148. Andrew Nenakhov has left

  149. Andrew Nenakhov has joined

  150. la|r|ma has joined

  151. Andrew Nenakhov has left

  152. Andrew Nenakhov has joined

  153. moparisthebest has joined

  154. Seve/SouL has joined

  155. j.r has joined

  156. daniel has left

  157. daniel has joined

  158. moparisthebest has joined

  159. ralphm has left

  160. ralphm has joined

  161. Guus has left

  162. mimi89999 has joined

  163. moparisthebest has joined

  164. alexis has left

  165. alexis has joined

  166. daniel has left

  167. Zash has left

  168. Guus has left

  169. alexis has left

  170. alexis has joined

  171. Williams W has joined

  172. Guus has left

  173. daniel has joined

  174. Williams W has left

  175. Williams W has joined

  176. Yagiza has joined

  177. Williams W has left

  178. Williams W has joined

  179. Williams W has left

  180. Williams W has joined

  181. Williams W has left

  182. Williams W has joined

  183. Williams W has left

  184. Williams W has joined

  185. Tobias has joined

  186. Williams W


  187. Williams W


  188. Williams W has left

  189. Williams W has joined

  190. Williams W has left

  191. Williams W has joined

  192. Williams W has left

  193. Williams W has joined

  194. Williams W


  195. Williams W


  196. Guus has left

  197. la|r|ma has joined

  198. Yagiza has left

  199. lskdjf has joined

  200. flow

    Williams W, hi

  201. Williams W has left

  202. Williams W has joined

  203. Williams W


  204. Williams W has left

  205. Andrew Nenakhov has left

  206. Williams W has joined

  207. jubalh has joined

  208. alexis has left

  209. Williams W has left

  210. Guus has left

  211. alexis has joined

  212. Yagiza has joined

  213. daniel has left

  214. Guus has left

  215. alexis has left

  216. alexis has joined

  217. Valerian has joined

  218. alexis has left

  219. Andrew Nenakhov has joined

  220. alexis has joined

  221. moparisthebest has joined

  222. moparisthebest has joined

  223. xnyhps has joined

  224. Valerian has left

  225. Valerian has joined

  226. alexis has left

  227. alexis has joined

  228. jubalh has left

  229. rion has joined

  230. alexis has left

  231. alexis has joined

  232. Tobias has joined

  233. Steve Kille has left

  234. daniel has joined

  235. Steve Kille has left

  236. ThibG has left

  237. ThibG has joined

  238. Steve Kille has joined

  239. Maranda has joined

  240. winfried has joined

  241. winfried has joined

  242. Valerian has left

  243. Valerian has joined

  244. Maranda has joined

  245. Yagiza has left

  246. Valerian has left

  247. Dave Cridland has left

  248. Dave Cridland has left

  249. Dave Cridland has joined

  250. vanitasvitae has left

  251. Yagiza has joined

  252. vanitasvitae has joined

  253. vanitasvitae has left

  254. Williams W has joined

  255. vanitasvitae has joined

  256. Williams W has left

  257. SaltyBones has left

  258. Williams W has joined

  259. Williams W has left

  260. Williams W has joined

  261. Williams W has left

  262. Valerian has joined

  263. Williams W has joined

  264. Williams W has left

  265. daniel has left

  266. daniel has joined

  267. Guus has left

  268. alexis has left

  269. alexis has joined

  270. alexis has left

  271. alexis has joined

  272. jubalh has joined

  273. nyco has left

  274. Yagiza has left

  275. Williams W has joined

  276. Williams W has left

  277. alexis has joined

  278. Dave Cridland has left

  279. Guus has left

  280. Yagiza has joined

  281. alexis has left

  282. alexis has joined

  283. Zash has left

  284. Alex has joined

  285. jubalh has left

  286. jubalh has joined

  287. jubalh has left

  288. moparisthebest has joined

  289. moparisthebest has joined

  290. alexis has left

  291. alexis has joined

  292. xnyhps has joined

  293. Zash has left

  294. Alex has left

  295. Alex has joined

  296. SaltyBones has left

  297. Dave Cridland has left

  298. marmistrz has joined

  299. ThibG has left

  300. ThibG has joined

  301. Dave Cridland has left

  302. Dave Cridland has left

  303. Guus has left

  304. Dave Cridland has left

  305. Dave Cridland has left

  306. Dave Cridland has left

  307. Dave Cridland has joined

  308. Dave Cridland has left

  309. Dave Cridland has joined

  310. Dave Cridland has left

  311. Dave Cridland has left

  312. Dave Cridland has left

  313. marmistrz has joined

  314. Dave Cridland has left

  315. waqas has left

  316. Dave Cridland has left

  317. Dave Cridland has left

  318. Dave Cridland has left

  319. Dave Cridland has joined

  320. Dave Cridland has left

  321. Dave Cridland has left

  322. Dave Cridland has joined

  323. Dave Cridland has left

  324. Dave Cridland has joined

  325. Dave Cridland has left

  326. Dave Cridland has joined

  327. Dave Cridland has left

  328. Dave Cridland has left

  329. xnyhps has joined

  330. Dave Cridland has left

  331. moparisthebest has joined

  332. sezuan has left

  333. moparisthebest has joined

  334. SaltyBones has left

  335. Dave Cridland has left

  336. vanitasvitae has left

  337. Guus has left

  338. Guus has left

  339. goffi has left

  340. Guus has left

  341. Guus has left

  342. goffi has joined

  343. Guus has left

  344. Guus has left

  345. Guus has left

  346. Guus has left

  347. Guus has left

  348. vanitasvitae has left

  349. Dave Cridland has left

  350. Dave Cridland has left

  351. Dave Cridland has joined

  352. jubalh has joined

  353. cookie has joined

  354. pep.

    GDPR thing in 10min

  355. winfried


  356. jubalh has left

  357. Ge0rG

    winfried: do you happen to be using an old Gajim version?

  358. jonasw


  359. Williams W has joined

  360. winfried

    Ge0rG: nope, Psi+

  361. jonasw

    can we discuss the time frame for this meeting real quick?

  362. winfried

    because of my (y)

  363. jonasw

    I allocated an hour, would be happy with less too, more would be an issue.

  364. Ge0rG

    yeah, we should attemt to get through this quickly, I'm 2hr over the time budget already.

  365. winfried

    good, I will aim for a close at 13:15 at max

  366. winfried


  367. Williams W


  368. Dave Cridland has left

  369. Williams W


  370. julius has joined

  371. winfried

    pep.: are you there?

  372. jonasw


  373. pep.


  374. winfried

    nice aditions from peter btw

  375. jonasw


  376. winfried

    I will try to setup a wiki page today

  377. winfried

    (beside my other work)

  378. pep.

    I'll continue with the minutes

  379. jonasw

    pep., will you be taking minutes again? :)

  380. jonasw

    thanks :)

  381. winfried


  382. Nekit has joined

  383. winfried

    think it is best to discuss federation right away now

  384. jonasw


  385. pep.

    Q1) 1. What consequences does the GDPR has for the Jabber network? 2. .. Jabber server operators? 3. .. what can/should do the XSF with that? Q2) What consequences does the GDPR has for the XSF running Jabber server? Q3) What consequences does the GDPR has for the work processes of the XSF itself (membership, voting, wiki etc)?

  386. Ge0rG

    I think we didn't cover d-f of Q1.1 yet?

  387. pep.


  388. Ge0rG

    pep.: from yesterday's list of aspects

  389. Dave Cridland has left

  390. Kev

    I'd suggest (and I don't really want to get involved in this) that Q2 and Q3 are much more urgently important for the XSF than Q1.

  391. pep.

    Both of them depend on Q1

  392. pep.

    Well, Q2 at lesat

  393. winfried


  394. pep.

    Well, Q2 at least

  395. goffi has left

  396. winfried

    Ge0rG: what is on your list about Q1.1?

  397. Ge0rG

    a is it in the GDPR jurisdiction, what data is b what data is processed c what processing is done d what ground does the processing have e possible consequences

  398. Ge0rG

    Maybe there was no f.

  399. pep.

    no f

  400. jonasw

    no f

  401. winfried

    we didn't fully cover grounds for c2s, true

  402. Ge0rG

    I'd like to cover the grounds before moving on with the other Qs

  403. winfried

    Ge0rG: good

  404. Ge0rG

    the potential consequences are vague at best anyway.

  405. Ge0rG

    vaguely scary.

  406. winfried

    Ge0rG: Yes, it is the GDPR ;-)

  407. Ge0rG

    I'd argue that if the user sends content via our server, they are giving implicit consent for us to process it.

  408. jonasw

    Ge0rG, I’m so sure this is false.

  409. jonasw

    the user could expect e.g. the server to forward it, but not to store it in MAM

  410. Ge0rG

    jonasw: I'd argue that either Art 6 §1 or §2 apply.

  411. jonasw

    or store it for less time

  412. moparisthebest has joined

  413. Ge0rG

    no, way. §1 a or b.

  414. jonasw

    consent needs to be explicit

  415. jonasw

    (b) may very well apply

  416. winfried

    I would vote for 6.1b

  417. jonasw

    but that is overridden by 9.1

  418. jonasw

    and after Peters comments I think that 9.1 very much applies to messages.

  419. Ge0rG

    jonasw: I'm not sure about that.

  420. Ge0rG

    maybe this is actually something to ask a lawyer about

  421. jonasw

    okay, so maybe let’s write that down as something somebody should definitely consult a lawyer on.

  422. jonasw


  423. pep.

    hmm, I don't see how 9.1 fits in that. I'll add a TODO

  424. Ge0rG

    LQ1: does 9.1 automatically apply to all (not e2ee encrypted) user-sent content, or only if we are analyzing it for profiling/other purposes?

  425. jonasw

    pep., in my mind, most of the GDPR handles general personal data, and 9.1 adds overrides for a certain type of personal data and prohibits all use except that outlined in 9.2

  426. winfried

    look at 9.2e...

  427. jonasw

    winfried, I’d argue that sending a message to another user is "not making it public"

  428. winfried

    hmmm, but the xmpp server(operator) is third party...

  429. jonasw

    winfried, I’d argue that sending a message to another user is not "making it public"

  430. winfried

    pep., can you note this as subject for further consulting?

  431. pep.

    hmm, let me see if I get this

  432. pep.

    what is "this" in your sentence

  433. jonasw


  434. pep.

    Ah, yes it's aded already

  435. pep.

    Ah, yes it's added already

  436. Ge0rG

    jonasw: lawyer-question

  437. pep.

    This is for Q1.1.a then?

  438. jonasw

    Ge0rG, I am aware.

  439. jonasw

    Ge0rG, I made a suggestion for what winfried might be talking about :)

  440. pep.


  441. Ge0rG

    jonasw: ah, that wasn't clear to me. sorry

  442. pep.


  443. winfried

    Ok: art 6.1 is explicit permission, art 6.2 is implicit permission. Article 9.1 overrides article 6 and sets its grounds in article 9.2. So if the messages are of the categories in 9.1, then we must go for explicit permission from 9.2a, otherwise we can do 6.2

  444. Ge0rG

    we need to cover d) for all data types

  445. winfried

    Ge0rG: exact

  446. Ge0rG

    server logs are the easiest thing.

  447. Ge0rG

    we have those under R49

  448. winfried

    so the question for a lawyer is: are message bodies 9.1 or not?

  449. jonasw

    winfried, yes.

  450. winfried

    Ge0rG: yes, agree with logs

  451. Ge0rG

    if we consider the usage of an XMPP server as a contract between the user and the server operator = controller, 6.1b should apply to most things

  452. Alex has left

  453. jonasw

    ... except that it should be clearly stated what happens, right?

  454. Ge0rG

    credentials are required, IP addresses might be argued under R49, timestamps / presence timestamps are complicated.

  455. jonasw

    presence timestamps shouldn’t be 9.1 at least

  456. Ge0rG

    presence timestamps are probably covered by user's consent when they accept a subscription

  457. jonasw

    I have the feeling you’re lax with consent.

  458. Alex has joined

  459. jonasw

    maybe it’s just me, but I think consent can’t be established without the user being informed. so unless we inform the user actively what "add a contact" means regarding metadata, we can’t talk about consent here.

  460. pep.

    I also feel that needs to be specified in EULA of some sort

  461. Ge0rG

    jonasw: > any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

  462. pep.

    Ge0rG, that means they understand the protocol though, right?

  463. jonasw

    > informed

  464. Ge0rG

    So XMPP clients need to show a warning in the add-contact dialog, that metadata will be published to their new contact?

  465. Dave Cridland has left

  466. jonasw


  467. winfried

    Isn't that for permission according to 6.1?

  468. pep.

    I would say this needs to be specified when signing in for an account instead?

  469. jonasw

    pep., that would work too

  470. jonasw

    probably better

  471. jonasw

    because this takes the load off clients

  472. pep.


  473. jonasw

    (aside from that they need to support the EULA XEPρ

  474. jonasw

    (aside from that they need to support the EULA XEP)

  475. pep.

    yes, that still needs figuring out

  476. winfried

    I think 13.1 applies here

  477. Ge0rG

    winfried: is 13.1 in addition to asking for consent?

  478. nyco has left

  479. Ge0rG

    or is it possible to have a published data collection policy and assume implicit consent from users?

  480. jonasw

    13.1 feels weird

  481. winfried

    the last

  482. Dave Cridland has left

  483. Valerian has left

  484. Valerian has joined

  485. pep.

    Ge0rG, [x] I have read the conditions and agree

  486. jonasw

    I think i need an epub of that thing and read it on the trains

  487. winfried

    btw: all of 13 is applicable

  488. winfried

    13.4 is also interesting ;-)

  489. Valerian has left

  490. jonasw

    winfried, right

  491. pep.

    So that means EULA should do

  492. jonasw

    I think sot oo

  493. winfried

    IF we can do it under 6.2

  494. Ge0rG

    I'd argue that we don't need explicit consent for 6.2, and if we ask for explicit consent, we can tell the user not to upload 9.1 relevant data ;)

  495. jonasw

    Ge0rG, "so, hey, we’ve got an IM system here. but don’t use it for private communications."

  496. Ge0rG

    jonasw: yes

  497. jonasw


  498. Ge0rG

    jonasw: this is clearly legalese blame shifting.

  499. pep.

    Ge0rG, I feel 9.1 applies only if we do more than storage on the data, but yeah that's LQ1, we'll see

  500. jonasw

    Ge0rG, but if we ask for consent, why not ask for consent for 9.1 data, too?

  501. jonasw

    pep., storage IS processing

  502. pep.

    I know

  503. winfried

    I would say: if we go for consent, we should go for consent as in 9.2, so 9.1 is covered

  504. pep.

    That's why I specified

  505. Dave Cridland has left

  506. jonasw

    winfried, +1

  507. pep.

    Ah, hmm

  508. Dave Cridland has left

  509. Dave Cridland has joined

  510. pep.

    Ok so 9.1 is meh, and we should probably cover ourselves, ask for consent as well

  511. jonasw


  512. jonasw

    but also the risk things Peter mentioned

  513. Dave Cridland has left

  514. Dave Cridland has joined

  515. pep.

    let me read that, one sec

  516. jonasw

    specifically: > It could be argued that storing very sensitive personal information, albeit for a short time, unencrypted, visible to anyone with access to the backend server (and perhaps more), does not constitute proportional data protection measure, knowing how sensitive the information can be in some cases. It could therefore also be argued, that the processing “reveals” this information to unauthorized persons, by the way it is implemented. It could therefore be argued, that such processing is contrary to what is required by article 9.

  517. Dave Cridland has left

  518. Dave Cridland has joined

  519. jonasw

    his suggestions boil down to exactly what Ge0rG said

  520. winfried

    jonasw: yes, but at how many servers is it easy for the operator to read MAM archives or view their rosters and bookmarks?

  521. jonasw

    winfried, ssh myserver; cat /var/log/prosody/archive/**/*

  522. Dave Cridland has left

  523. Dave Cridland has joined

  524. jonasw

    winfried, ssh myserver; cat /var/lib/prosody/archive/**/*

  525. alexis has left

  526. Kev

    winfried: All, I'd assume.

  527. jonasw

    similarly for bookmarks and roster

  528. jonasw

    it’s trivial

  529. pep.

    Also, in any case, the hosting provider will have access to the data

  530. alexis has joined

  531. jonasw

    yes, but that surely is covered somehow.

  532. jonasw

    probably something about "processor"

  533. Ge0rG

    We need to do encryption!11

  534. jonasw

    Ge0rG, yes, that seems to be the safest course of action

  535. winfried

    jonasw: yes, controller / processor thing

  536. jonasw

    e2ee everywhere

  537. Dave Cridland has left

  538. pep.

    Ge0rG, even with full-drive encryption, as long as the provider has access to the virtualization software..

  539. jonasw

    pep., yes.

  540. winfried

    You can do technical protection and legal protection

  541. Ge0rG

    pep.: yes, but the checkmark is crossed.

  542. pep.

    hmm, I want to believe you

  543. Ge0rG

    Regulatory Compliance is a complicated thing.

  544. Dave Cridland has left

  545. jonasw

    i wanna burn something now

  546. winfried

    jonasw: my 320p bible on the GDPR?

  547. Ge0rG

    okay, we are not moving forward.

  548. pep.

    Ok so, where are we for d) ?

  549. pep.

    With this big passage about 9.1 and consent

  550. winfried

    we have LQ1

  551. Ge0rG

    pep.: somewhere between 6.1a, 6.1b and 9.2

  552. winfried

    and the question of privacy by design of storage at the server

  553. Ge0rG

    I'll ask my local GDPR expert as well, and maybe Peter can shed some light as well

  554. Ge0rG

    winfried: that's a technical question though.

  555. pep.

    Ge0rG, 9.2a specifically?

  556. Ge0rG

    pep.: "explicit consent"

  557. pep.


  558. winfried

    Ge0rG: but it may be a consequence that technical measure need to be taken :-(

  559. jonasw

    I’m pretty sure that we’ll need to take technical measures.

  560. Ge0rG

    we need to take technical measures anyway.

  561. Ge0rG

    even for 6.1a/b

  562. winfried

    Ge0rG: depending on the risk assesment, but looking at ubbers practices, yes...

  563. Ge0rG

    winfried: the exact amount of technical measures is subject to discussion.

  564. winfried

    Ge0rG: yes

  565. Ge0rG

    winfried: I think we can't cover that here.

  566. Ge0rG

    So I suggest we skip over "consequences" and follow to the next questions

  567. Ge0rG

    Or maybe we look at federation now

  568. winfried

    Ge0rG: not here, not now.

  569. winfried

    Ge0rG: we have got 20 minutes left, and need some time for discussing next steps/next appointments

  570. winfried

    so, lets say 10 minutes federation?

  571. alexis has left

  572. Ge0rG

    winfried: +1

  573. alexis has joined

  574. Ge0rG

    we need to differentiate whether the other server is under GDPR as well or not.

  575. jonasw has left

  576. winfried

    Ge0rG: yes and wether the server is making secondary use of the data or not

  577. pep.

    I'm sure it is, but how

  578. Ge0rG

    By sending a message to somebody, a user clearly wants us to deliver that message to somebody.

  579. jonasw

    I somehow managed to kill my poezio

  580. jonasw

    Ge0rG, aren’t all servers under GPDR potentially?

  581. pep.

    jonasw, I'm sure I can do that blindfolded

  582. jonasw

    Ge0rG, because they might receive data from entities from the EU

  583. jonasw

    9.1 data even (if messages fall in that category)

  584. Dave Cridland has left

  585. Ge0rG

    So when we are the sending server, we just follow what the user asked for and we don't need to ensure the receiving server is GDPR compliant.

  586. Ge0rG

    jonasw: they can block federation with the EU ;)

  587. Ge0rG

    my point is: our user gave us that message with the explicit request to deliver it to some other entity.

  588. Ge0rG

    that's what we do (plus local archive storage), and that's where our responsibility ends

  589. pep.

    Ge0rG, delivery is a thing, processing on the other side is another. Maybe we should look into transfer regulations?

  590. jonasw

    Ge0rG, but does the user also consent to have their message stored by the other entity?

  591. lumi has joined

  592. winfried

    I think the line of reasoning is:

  593. winfried

    - transfer to an other controller is one possible processings to

  594. winfried

    - it can be covered by the same concent as the other processings (LQ1)

  595. Ge0rG

    jonasw: I think that the receiving user giving consent is sufficient.

  596. jonasw

    Ge0rG, I’d like to have that settled properly, though

  597. winfried

    - EXCEPT when the other server is making secondary use of the data (then at least 6.2 can't apply anymore)

  598. Ge0rG

    jonasw: the sender indicated that they want the message delivered

  599. jonasw

    Ge0rG, given that sharing phone contact info wiht WA is illegal in DE, I imagine that things might be worse with 9.1 data being stored without "proportional means of protection"

  600. Dave Cridland has left

  601. winfried

    jonasw: yes, that is the other issue: jurisdiction

  602. jonasw

    Ge0rG, in the WA case, the victim gave their phone number to the offender, which forwarded it to WA.

  603. jonasw

    I think this is a very similar case.

  604. jonasw

    but with more sensitive data

  605. jonasw

    but IANAL

  606. Ge0rG

    jonasw: I don't think it's the same.

  607. jonasw

    why not?

  608. pep.

    I think we need LQ2 here

  609. Dave Cridland has left

  610. Ge0rG

    jonasw: in this case, the victim sends the content to the offender via the evil server.

  611. Ge0rG

    I wonder how SMS/MMS processing is legally protected

  612. jonasw

    Ge0rG, I had the same thought.

  613. jonasw

    but probably that’s not an issue because they don’t store data for that long

  614. jonasw

    only as long as needed to deliver

  615. winfried

    Ge0rG:SMS/MMS seperate telecom laws

  616. jonasw

    which is reasonable or something

  617. pep.

    jonasw, sure but then processing is done on the other side

  618. jonasw

    Ge0rG, email would be more interesting

  619. Ge0rG

    winfried: how are we different from them? ;)

  620. alexis has left

  621. Ge0rG

    okay, I don't want to be required to do LE

  622. alexis has joined

  623. pep.

    I agree with Ge0rG it's pretty similar

  624. Ge0rG

    email is surely very similar, but I can't find any info on email GDPR short of email marketing

  625. pep.

    Can we try and ask big providers see how they deal with it

  626. Dave Cridland has left

  627. jonasw

    could probably read googles new privacy policy?

  628. pep.

    Anybody knows one somewhat open to questions/collaboration?

  629. pep.


  630. winfried

    I feel we need to structure this part of the discussen better next time... but don't know how yet

  631. pep.

    Basically lots of thing here will rely on user consent

  632. pep.

    But to what extent can we use it we don't seem to agree

  633. pep.

    Or who needs to ask for it

  634. winfried

    but LQ2 may be: can (implicit) consent also apply to transfer to other controller by addres

  635. andy has joined

  636. winfried

    (needs a bit better formulation)

  637. Ge0rG

    I think that we can apply 6.1f ("processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party") for federation

  638. pep.

    winfried, what do you mean with "by address"?

  639. Ge0rG

    the third party is the remote user, and their interest is to be able to communicate

  640. edhelas


  641. Ge0rG

    that should cover storage and delivery, but not profiling

  642. winfried

    when using @other.domain (xmpp & e-mail)

  643. jonasw

    Ge0rG, maybe chapter 5 applies?

  644. Nekit has joined

  645. winfried

    Ge0rG: no, I think that article is meant for other cases

  646. jonasw

    in the end, the other service is a "third party"

  647. Dave Cridland has left

  648. andy has left

  649. winfried

    Chapter 5 applies, and that is also ..... lets say, interesting

  650. pep.

    Where is chapter 5 again?

  651. pep.


  652. pep.

    got it

  653. winfried

    art 44-50

  654. jonasw

    pep., you might want to bookmark this: https://gdpr-info.eu

  655. pep.

    Yes I think that falls under this

  656. pep.

    jonasw, yeah I have it opened

  657. pep.

    So I propose we all study chapter 5 for next time? :P

  658. pep.

    And we can sum up here

  659. pep.

    5min to go

  660. winfried

    pep.: +1 ;-)

  661. jonasw

    from a quick glimpse, it’s not directly applicable to federation between two entities within GDPR jurisdiction

  662. jonasw

    but yeah

  663. winfried

    jonasw: yes, but federation is not limited to GDPR jurisdiction....

  664. Dave Cridland has left

  665. jonasw

    so for next, I won’t be available until thursday next week (5th of April) aside from best-effort

  666. pep.

    Date of next?

  667. alexis has left

  668. alexis has joined

  669. ThibG has joined

  670. jonasw

    I suggest that we select a few dates from that thursday to the following monday and post them to the list

  671. jonasw

    maybe Peter can join at one of them

  672. jonasw

    does anyone know his timezone?

  673. winfried

    jonasw: +1

  674. Dave Cridland has left

  675. Ge0rG

    https://www.gdpreu.org/the-regulation/key-concepts/legitimate-interest/ is interesting here, scroll down to "Recital 47"

  676. pep.

    jonasw, no idea about his tz

  677. pep.

    jonasw, let's say date of next: 5th April, 12:15CEST, and also ask on the ML

  678. jonasw

    I can’t make that specific time on that thursday

  679. jonasw

    at least I can’t guarantee that

  680. jonasw

    13:00CEST would probably work

  681. pep.

    works for me

  682. jonasw

    but if we assume that peter is more US based, later might be better

  683. jonasw

    but yeah

  684. Dave Cridland has left

  685. jonasw

    probably best to post that as a suggestion to the list and ask for suggestions if anyone wants to join

  686. pep.

    I would say decide of a date now, that we can move if we all agree. In the meantime we have a date.

  687. winfried

    on the 5th I have a meeting from 12:15 to 13:15 with appr. 1,5 hour offline time before and after

  688. pep.

    is Apr. 6th ok then?

  689. jonasw

    I can probably make 13:15 on apr. 6th

  690. winfried

    jonasw: #meetoo

  691. pep.

    Ok for me

  692. jonasw


  693. jonasw

    Ge0rG, ^

  694. Ge0rG

    I have no other appointments on 5th/6th, so whatever works

  695. pep.

    Ok, Apr. 6th 13:15CEST

  696. pep.


  697. jonasw


  698. jonasw


  699. winfried

    thanks again guys!

  700. Williams W has left

  701. Dave Cridland has left

  702. alexis has left

  703. alexis has joined

  704. Dave Cridland has left

  705. Dave Cridland has left

  706. Williams W has joined

  707. Dave Cridland has left

  708. Dave Cridland has left

  709. Williams W has left

  710. Dave Cridland has left

  711. Valerian has joined

  712. Williams W has joined

  713. Williams W has left

  714. Dave Cridland has left

  715. Guus has left

  716. alexis has left

  717. alexis has joined

  718. blabla has left

  719. Dave Cridland has left

  720. alexis has joined

  721. Dave Cridland has left

  722. Dave Cridland has left

  723. la|r|ma has joined

  724. LNJ has joined

  725. Dave Cridland has left

  726. la|r|ma has joined

  727. la|r|ma has joined

  728. Dave Cridland has left

  729. Dave Cridland has left

  730. Guus has left

  731. Guus has left

  732. Dave Cridland has left

  733. Dave Cridland has left

  734. Kev has left

  735. Dave Cridland has left

  736. nyco has left

  737. Dave Cridland has left

  738. Dave Cridland has left

  739. Dave Cridland has left

  740. xnyhps has joined

  741. Dave Cridland has left

  742. Dave Cridland has left

  743. vanitasvitae has joined

  744. Dave Cridland has left

  745. Dave Cridland has left

  746. Dave Cridland has left

  747. Neustradamus has left

  748. Neustradamus has joined

  749. alexis has left

  750. alexis has joined

  751. jere has joined

  752. blabla has left

  753. Dave Cridland has left

  754. Dave Cridland has left

  755. Dave Cridland has left

  756. Dave Cridland has joined

  757. alexis has left

  758. alexis has joined

  759. matlag has joined

  760. Alex has left

  761. lskdjf has joined

  762. Dave Cridland has left

  763. alexis has left

  764. alexis has joined

  765. alexis has left

  766. alexis has joined

  767. jonasw

    I wonder how this plays with the GDPR:

  768. jonasw


  769. Dave Cridland has left

  770. moparisthebest has joined

  771. moparisthebest has joined

  772. pep.

    jonasw, "EDIT: Except for EU citizen :-°"

  773. Dave Cridland has left

  774. jonasw


  775. daniel has left

  776. jere has left

  777. jere has joined

  778. daniel has left

  779. la|r|ma has joined

  780. daniel has left

  781. jjrh has left

  782. Andrew Nenakhov has left

  783. Dave Cridland has left

  784. daniel has left

  785. daniel has left

  786. Dave Cridland has left

  787. Dave Cridland has left

  788. Dave Cridland has left

  789. daniel has left

  790. daniel has left

  791. Dave Cridland has left

  792. LNJ has left

  793. daniel has left

  794. moparisthebest has joined

  795. Dave Cridland has left

  796. Dave Cridland has left

  797. j.r has joined

  798. Dave Cridland has left

  799. alexis has joined

  800. Dave Cridland has left

  801. lumi has left

  802. lumi has joined

  803. daniel has left

  804. daniel has joined

  805. Andrew Nenakhov has joined

  806. Dave Cridland has left

  807. daniel has left

  808. daniel has joined

  809. LNJ has joined

  810. daniel has left

  811. daniel has joined

  812. daniel has left

  813. daniel has joined

  814. moparisthebest has joined

  815. daniel has left

  816. daniel has joined

  817. Dave Cridland has left

  818. Dave Cridland has left

  819. Yagiza has left

  820. Guus has left

  821. jjrh has left

  822. jjrh has left

  823. pep.

    jonasw, what article was peter referring to again? I cna't seem to find it ("proportional means of protection")

  824. pep.

    Ah, he says article 9, and "revealing"

  825. Alex has joined

  826. waqas has joined

  827. pep.

    hmm, ok that's why LQ1 then.

  828. pep.

    That doesn't explain the part of our discussion about encryption

  829. LNJ has left

  830. Alex has left

  831. Guus has left

  832. jjrh has left

  833. LNJ has joined

  834. jjrh has left

  835. jjrh has left

  836. Ge0rG

    pep.: encryption is one of the mechanisms mandated to protect user data

  837. pep.

    I guess that's art 35

  838. Dave Cridland has left

  839. vanitasvitae has left

  840. jubalh has joined

  841. pep.

    https://mastodon.social/@Gargron/99730137003463631 they don't seem worried

  842. pep.

    Anybody what goes into that audit log? http://dougbelshaw.com/blog/2018/01/31/social-network/

  843. jubalh has left

  844. pep.

    (grep GDPR)

  845. Dave Cridland has left

  846. LNJ has left

  847. moparisthebest

    I wonder how far a non-EU citizen/service is required to go to ensure non-EU people use their service?

  848. moparisthebest

    is the GDPR only enforceable if an EU citizen sues you?

  849. jonasw

    moparisthebest, I wish I knew at least that

  850. pep.

    anybody knows*

  851. moparisthebest

    if so, then everyone can just put up notices like "EU citizens are forbidden from using this service"

  852. Dave Cridland has left

  853. moparisthebest

    because they wouldn't have standing to sue you about GDPR stuff in court, because they violated your terms?

  854. moparisthebest

    at least, I think

  855. jonasw

    I have no idea

  856. pep.

    I have a feeling I should prepend IANAL to any comment I make during our sessions

  857. jonasw

    pep., easy. /nick pep.> IANAL:

  858. pep.


  859. moparisthebest

    yea until we get a single lawyer in here ever, maybe a server plugin should do it automatically?

  860. jonasw> IANAL: has joined

  861. pep.

    jonasw, will do next time

  862. jonasw


  863. Dave Cridland has left

  864. jonasw

    the MUC won’t let you

  865. pep.> IANAL: has joined

  866. jonasw

    moparisthebest, yeah, no

  867. pep.


  868. jonasw

    that might be a solution for you USians

  869. jonasw

    for certain definitions of "solution"

  870. jonasw

    or, wait, you aren’t talking about the "no EU citizens" thing anymore?

  871. Ge0rG

    moparisthebest: I think it's about targeting. If you have a european domain, support languages spoken here, etc.

  872. moparisthebest

    I mean't a server plugin should prepend IANAL to what everyone says :)

  873. jonasw

    Ge0rG, "support languages spoken here". english?

  874. moparisthebest

    what languages *aren't* spoken in EU ?

  875. moparisthebest

    I feel like that'd be the shorter list

  876. Ge0rG


  877. pep.


  878. Dave Cridland has left

  879. pep.

    You could state "Here we speak only en_US"

  880. Dave Cridland has left

  881. moparisthebest

    or maybe you limit the character set to ASCII

  882. moparisthebest

    that would de-facto ban most of the EU

  883. Dave Cridland has left

  884. Ge0rG

    moparisthebest: switch to IBM EBCDIC

  885. jonasw

    to ban the whole world?

  886. Ge0rG

    jonasw: there is no world beyond the US of A

  887. jonasw

    I forogt

  888. Ge0rG

    I, for one, am proud to be an EU citizen, and to finally have legal remediation against Silicon Valley sucking up and reselling all my private data.

  889. moparisthebest

    except turns out it's the same kind of legal protection you had before

  890. moparisthebest

    that is, to just not use the services

  891. alexis has left

  892. alexis has joined

  893. Ge0rG

    moparisthebest: I'm not using Facebook. I'm not using WhatsApp. And still they have data about me.

  894. jonasw

    Ge0rG, +1

  895. moparisthebest

    not data you didn't share somehow, presumably

  896. jonasw

    moparisthebest, but did I share it intentionally?

  897. moparisthebest

    it's the #1 rule of the internet, put it on the internet, it's there forever

  898. jonasw

    moparisthebest, I didn’t put my phone number on the internet.

  899. jonasw

    yet, whatsapp has it most likely

  900. moparisthebest

    no laws are going to change that

  901. Ge0rG

    moparisthebest: oh yes, our laws will change that.

  902. moparisthebest

    yea the law changes things, now you can't use open federated services

  903. moparisthebest

    good work

  904. Ge0rG

    moparisthebest: but it depends on what you mean with "put it on the internet" - make it public? use some internet service? contact your friends?

  905. Kev has left

  906. SaltyBones has left

  907. Kev has joined

  908. Ge0rG

    related: https://twitter.com/iamdylancurran/status/977559925680467968

  909. Ge0rG

    BTW, that the BigCorps are required to provide all the data they store about you is also based on EU regulations

  910. alexis has left

  911. alexis has joined

  912. LNJ has joined

  913. pep.

    Ok so I have https://cryptpad.fr/code/#/1/edit/eitMC7lM6yOU4kFtNf1Nag/gvYO8K5YdRtKg-b7hNLd7mEz/ Ge0rG jonasw winfried, can you have a quick look

  914. jonasw


  915. jonasw

    I hate that noscript b ug

  916. alexis has left

  917. jonasw

    pfew, I was in luck. but still

  918. alexis has joined

  919. Yagiza has joined

  920. alexis has left

  921. alexis has joined

  922. LNJ has left

  923. alexis has left

  924. jonasw

    pep., looks good to me

  925. pep.

    Most of what we talked about today goes into Q1.1d

  926. Zash has left

  927. pep.

    There's this "Server logs: r49" line that's kind of sitting alone there, the rest is about consent :P

  928. Dave Cridland has left

  929. winfried

    pep.: nice!

  930. pep.

    jonasw, also I'd be inclined to say 9.1 only applies to "processing revealing [such information]", as peter suggests? But IANAL

  931. jonasw

    pep., peter argues that processing which stores the data in plaintext may reveal it to operators

  932. pep.

    Ah, in that sense

  933. jonasw

    also, I think the recital is clear that the *data* reveals the information, not the processing

  934. pep.

    Well, so full-disk encryption is besides the point right?

  935. jonasw

    the legal text is ambiguous IMO

  936. jonasw

    in both translations oddly enough

  937. jonasw

    (it could be either the processing or the data which reveals info, in both en and de)

  938. pep.

    Because operators will most likely always have access to this information, except in the e2ee case

  939. jonasw

    pep., exactly.

  940. pep.

    Even in the e2ee case really, it's still possible, as not many people actually checks

  941. pep.

    That would be making significant effort though, for the operator, and could be caught as well

  942. jonasw

    that would require an additional action you normally wouldn’t do though

  943. pep.

    Security goes as far as one is wiling to apply it (and even then..)

  944. alexis has joined

  945. pep.

    So I'm tempted to remove the full-disk encryption part in the minutes, and add a bit about e2ee

  946. pep.

    (Since it was my misunderstanding)

  947. Ge0rG

    pep.: "encryption" is just a control you "need" to checkmark.

  948. jonasw

    I think tehre was talk about both

  949. pep.

    Ge0rG, what encryption, where

  950. pep.

    jonasw, yeah, right

  951. Guus has left

  952. Ge0rG

    pep.: a secure service will deploy a combination of disk encryption, stream encryption, user data encryption and e2ee

  953. jonasw

    pep., in line 64, it was definitely about FDE

  954. jonasw

    pep., maybe add a note about "ubiquitous E2EE would save us from 9.1"

  955. pep.

    I wish

  956. pep.

    Ge0rG, right

  957. pep.

    jonasw, here, done

  958. jonasw


  959. pep.

    Ok, sending that

  960. Dave Cridland has left

  961. jonasw

    thank you for that already :)

  962. Dave Cridland has left

  963. alexis has left

  964. alexis has joined

  965. pep.

    Wow, the mails take quite some time to arrive

  966. Kev

    It takes a while for all the racial profiling the server needs to do before sending them out.

  967. pep.

    I see

  968. pep.

    Makes sense

  969. julius has left

  970. Dave Cridland has left

  971. jubalh has joined

  972. blabla has left

  973. blabla has left

  974. waqas has left

  975. Guus has left

  976. LNJ has joined

  977. alexis has left

  978. alexis has joined

  979. jere has left

  980. jere has joined

  981. Dave Cridland has left

  982. Andrew Nenakhov has left

  983. Andrew Nenakhov has joined

  984. Andrew Nenakhov has left

  985. Andrew Nenakhov has joined

  986. Dave Cridland has left

  987. alexis has left

  988. alexis has joined

  989. Dave Cridland has left

  990. Guus has left

  991. SamWhited has left

  992. waqas has joined

  993. jubalh has joined

  994. SamWhited has left

  995. SamWhited has left

  996. Dave Cridland has left

  997. Dave Cridland has left

  998. Dave Cridland has left

  999. lumi has joined

  1000. Dave Cridland has left

  1001. ThibG has left

  1002. ThibG has joined

  1003. moparisthebest

    is there a reason the members mailing list is not linked from here: https://xmpp.org/community/mailing-lists.html

  1004. jonasw

    moparisthebest, possibly because it’s only for members

  1005. moparisthebest

    I was trying to give a link to the GDPR discussion to someone and had to manually construct it

  1006. jonasw

    I don’t think you can subcsribe as non-member.

  1007. moparisthebest

    jonasw, if that's true it's incorrectly configured to be public https://mail.jabber.org/pipermail/members/2018-March/thread.html

  1008. Dave Cridland has left

  1009. pep.


  1010. jonasw

    moparisthebest, maybe

  1011. moparisthebest

    (I clicked on 'standards' then changed 'standards' in the url to 'members')

  1012. jonasw

    iteam? (cc @ Kev, intosi) ^

  1013. pep.

    it's listed here

  1014. moparisthebest

    I personally don't see a reason for it to be private, I'd just like to see it listed next to the rest :)

  1015. Kev

    What's the problem here? The list should be invite-only, public archives.

  1016. jonasw

    Kev, then there’s no problem :)

  1017. moparisthebest

    except it's not listed on https://xmpp.org/community/mailing-lists.html

  1018. jonasw

    Kev, except htat maybe it should be moderated-by-default and free to subscribe, if the archives are public anyways.

  1019. Kev

    I see no benefit to that.

  1020. ludo has joined

  1021. jonasw

    Kev, ease of use

  1022. jubalh has left

  1023. Kev

    It's easy to use for members, and that's all that matters here.

  1024. Ge0rG

    I'm not even sure what the ML is *for*

  1025. jonasw

    Kev, arguably, that discussion is interesting for non-members too.

  1026. Dave Cridland has left

  1027. Zash has left

  1028. jonasw

    but I don’t think that standards@ would be the right venue

  1029. jonasw

    what would be the most appropriate list then?

  1030. Ge0rG

    operators probably

  1031. pep.

    Yeah I don't think either. Maybe _only_ operators, would be best

  1032. Kev

    I'd have thought if this is an XSF activity, members is appropriate, with CC to operators anything that will interest them.

  1033. moparisthebest

    yea I was just linking other people for some feedback

  1034. moparisthebest

    and it was super hard to find a link that I assumed would be on the mailing lists page that I assumed would list all mailing lists :)

  1035. Guus has left

  1036. marmistrz has joined

  1037. Dave Cridland has left

  1038. SaltyBones has left

  1039. marmistrz has joined

  1040. Neustradamus has joined

  1041. j.r has joined

  1042. Dave Cridland has left

  1043. Dave Cridland has left

  1044. Neustradamus

    Kev, intosi: it will be nice to have a ML for jabber.org service and updates on https://www.jabber.org/notices.html about problems like previously

  1045. Dave Cridland has left

  1046. Neustradamus has left

  1047. Dave Cridland has left

  1048. Neustradamus has joined

  1049. Neustradamus

    http://mail.jabber.org/mailman/listinfo/juser <-- not clear if it is for jabber.org service

  1050. Dave Cridland has left

  1051. Neustradamus has left

  1052. Neustradamus has joined

  1053. LNJ has left

  1054. Dave Cridland has left

  1055. Guus has left

  1056. Dave Cridland has left

  1057. Dave Cridland has left

  1058. LNJ has joined

  1059. SamWhited has joined

  1060. Dave Cridland has left

  1061. Guus has left

  1062. Dave Cridland has left

  1063. alexis has left

  1064. Dave Cridland has left

  1065. Dave Cridland has joined

  1066. Dave Cridland has left

  1067. Dave Cridland has left

  1068. david has joined

  1069. blabla has left

  1070. pep. has left

  1071. LNJ has left

  1072. Dave Cridland has left

  1073. LNJ has joined

  1074. Dave Cridland has left

  1075. Dave Cridland has left

  1076. Guus has left

  1077. Guus has left

  1078. Dave Cridland has left

  1079. Dave Cridland has left

  1080. j.r has joined

  1081. Dave Cridland has left

  1082. LNJ has left

  1083. Valerian has left

  1084. SamWhited

    IETF folks that also idle here: are you aware of any SASL mechanisms similar to SCRAM (active or in development) that use Argon2 instead of PBKDF.2? I was going to use Argon2 on some passwords since it's the current OWASP recommendation, but there's a chance I'll want to use the same credentials with an XMPP server later (though not in a way that requires wide support, so it doesn't matter if it's still in draft or something).

  1085. marc has left

  1086. Guus has left

  1087. sezuan has left

  1088. SamWhited

    I assume a quick search would have revealed it if it was already a thing, but I figured there might be an I-D which tend to be harder to find.

  1089. Dave Cridland has left

  1090. Zash

    Not sure if I qualify, but I'm pretty sure you can swap out PBKDF2 for some other equivalent construct.

  1091. Guus has left

  1092. Guus has left

  1093. Guus has left

  1094. Dave Cridland has left

  1095. daniel has left

  1096. Andrew Nenakhov has left

  1097. SamWhited

    In SCRAM you mean? I think it allows you to swap out the hash used in the HMAC, but not the key derivation function. Let me double check, it would be nice if I was mistaken.

  1098. nyco has left

  1099. Zash

    I do believe that the general construct still makes sense with a different key derivation function.

  1100. SamWhited

    Oh yah, it does, but I'm hesitant to do something completely non-standard

  1101. jonasw

    yeah, but it’s not standardised

  1102. Dave Cridland has left

  1103. jonasw

    SamWhited, cp scram-rfc.xml argon-scram-rfc.xml; sed -i s/pbkdf2/argon2/g argon-scram-rfc.xml; submitrfc argon-scram-rfc.xml? ;-)

  1104. SamWhited

    jonasw: what and where are those XML files located?

  1105. SamWhited

    "What are those XML files and where are the located", that is. That sentence got away from me.

  1106. SamWhited

    They… *facepalm* I really can't type.

  1107. alexis has joined

  1108. Dave Cridland has left

  1109. alexis has left

  1110. alexis has joined

  1111. Zash

    Yeah, where are those?

  1112. SamWhited

    I only recently discovered that there actually is a big XML file with RFC information… the IETF has even worse search engine rankings and visibility problems than we do, I'm pretty convinced.

  1113. SamWhited

    But it's not detailed and doesn't include I-Ds, as far as I know.

  1114. Dave Cridland has left

  1115. Andrew Nenakhov has left

  1116. Dave Cridland has left

  1117. Dave Cridland has left

  1118. Zash


  1119. alexis has left

  1120. alexis has joined

  1121. Dave Cridland has left

  1122. Steve Kille has left

  1123. Steve Kille has left

  1124. peter has joined

  1125. ludo has joined

  1126. Dave Cridland has left

  1127. SamWhited

    ooh that's a good idea, thanks. Although I don't think that lists any I-Ds that might be floating around out there; still, good starting place!

  1128. moparisthebest

    hey, ALPN ids are listed now https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids

  1129. moparisthebest

    kind of a strange way to word the protocol, but I guess it's correct enough?

  1130. moparisthebest

    XMPP jabber:client namespace

  1131. Steve Kille has joined

  1132. moparisthebest

    XMPP jabber:server namespace

  1133. Tobias

    wonder why some IDs are rather long and some others short

  1134. Zash

    SamWhited: There's http://www.ietf.org/download/id-index.txt but it's huuuuuuuuuuuuuuge

  1135. Dave Cridland has left

  1136. moparisthebest

    oh that's how it's listed in the XEP too, did I do that? hehe

  1137. Zash

    And maybe the kitten wg?

  1138. Tobias

    ah..it's the idrect textual representation

  1139. Dave Cridland has left

  1140. Dave Cridland has left

  1141. Lance has joined

  1142. alexis has left

  1143. alexis has joined

  1144. jubalh has joined

  1145. j.r has joined

  1146. Zash

    https://tools.ietf.org/wg/sasl/ https://tools.ietf.org/wg/kitten/

  1147. Dave Cridland has left

  1148. ta has joined

  1149. jere has left

  1150. jere has joined

  1151. alexis has left

  1152. alexis has joined

  1153. Valerian has joined

  1154. j.r has left

  1155. j.r has joined

  1156. Dave Cridland has left

  1157. la|r|ma has joined

  1158. jonasw has left

  1159. Dave Cridland has left

  1160. david has left

  1161. david has joined

  1162. Steve Kille has left

  1163. alexis has left

  1164. alexis has joined

  1165. mimi89999 has joined

  1166. mimi89999 has left

  1167. mimi89999 has joined

  1168. mimi89999 has joined

  1169. Dave Cridland has left

  1170. mimi89999 has joined

  1171. ludo has left

  1172. ludo has joined

  1173. marmistrz has joined

  1174. marmistrz has joined

  1175. alexis has left

  1176. alexis has joined

  1177. jubalh has left

  1178. tux has joined

  1179. lovetox has joined

  1180. alexis has left

  1181. alexis has joined

  1182. jere has joined

  1183. jere has joined

  1184. Dave Cridland has left

  1185. Dave Cridland has left

  1186. Dave Cridland has joined

  1187. Ge0rG has left

  1188. Kev has left

  1189. alexis has left

  1190. pep.

    https://bpaste.net/show/138cf21c832d irccloud.com just updated their term apparently, some IRC web client. I feel this will be relevant to movim instance admins, edhelas

  1191. jere has left

  1192. jere has joined

  1193. Ge0rG

    That's interesting, they claim to be a data processor.

  1194. pep.

    yeah I noticed as well

  1195. ludo has left

  1196. ludo has joined

  1197. Andrew Nenakhov has left

  1198. Andrew Nenakhov has joined

  1199. Andrew Nenakhov has left

  1200. jubalh has joined

  1201. Dave Cridland has left

  1202. lovetox

    Syndace, how is your omemo lib writing going

  1203. Andrew Nenakhov has joined

  1204. SaltyBones has left

  1205. Holger has left

  1206. alexis has joined

  1207. Andrew Nenakhov has left

  1208. Andrew Nenakhov has joined

  1209. Andrew Nenakhov has left

  1210. Andrew Nenakhov has joined

  1211. alexis has left

  1212. Valerian has left

  1213. Andrew Nenakhov has left

  1214. Andrew Nenakhov has joined

  1215. tux has joined

  1216. tux has joined

  1217. Andrew Nenakhov has left

  1218. Andrew Nenakhov has joined

  1219. alexis has joined

  1220. winfried has left

  1221. Andrew Nenakhov has joined

  1222. ibikk has left

  1223. alexis has left

  1224. alexis has joined

  1225. Andrew Nenakhov has left

  1226. Andrew Nenakhov has joined

  1227. Andrew Nenakhov has left

  1228. Andrew Nenakhov has joined

  1229. alexis has left

  1230. alexis has joined

  1231. Andrew Nenakhov has left

  1232. Andrew Nenakhov has joined

  1233. marc has left

  1234. Andrew Nenakhov has left

  1235. Andrew Nenakhov has joined

  1236. alexis has left

  1237. alexis has joined

  1238. Andrew Nenakhov has left

  1239. Andrew Nenakhov has joined

  1240. Dave Cridland has left

  1241. Dave Cridland has left

  1242. marc has left

  1243. marmistrz has left

  1244. Dave Cridland has left

  1245. blabla has left

  1246. Dave Cridland has left

  1247. jubalh has joined

  1248. Alex has left

  1249. Syndace

    lovetox, I spent the last days trying to get a simple client up and running that echoes OMEMO messages, with partial success. Debugging is extremely annoying as the OMEMO of the official clients is a mess. I once accidantly published some wrong data to the pep node and the OMEMO plugin for Gajim completely died and remained unusable till now. Trying to send messages just fills my terminal with stack traces. Conversations sends some weird empty message after the initial handshake. I thought I understood why it sends that message but then I found that Conversations 2.0 sends a different, even weirder message... The small success: If my handmade client does the active handshake, the echoing works with Conversations as expected, so the crypto should be fine :) I'm at the point where I'd probably need to dig into the code of conversations and gajim to understand the problem, but I really really really don't want to, got a lot of work atm. But thank you for asking, I just remembered that my goal is to provide the crypto and not to provide a working client. Tomorrow I'll clean up a last few things and release it, so you can try your luck with other clients :D

  1250. Syndace

    Neustradamus: Hi! I'm fine, thanks :D

  1251. Ge0rG has left

  1252. la|r|ma has left

  1253. Dave Cridland has left

  1254. lovetox

    im the developer of the omemo plugin

  1255. lovetox

    in gajim

  1256. lovetox

    so if you need help add me lovetox@conversations.im

  1257. lovetox

    also if you release your work i can adapt it to gajim, and then you dont have to put work into the whole client and xmpp protocol stuff

  1258. pep.

    Syndace, delegate! :)

  1259. pep.

    less work for you

  1260. lovetox

    yes, its really better you just release the work, and let client devs implement it

  1261. lovetox

    afterwards you can use the client to debug encryption related stuff

  1262. lovetox

    im offering to do this as soon as you release it

  1263. Syndace

    One question about the licensing stuff: I already have MIT checked into the repo currently. Now, I have to release GPL as we discussed recently. If I just commit the new license, then someone can clone an earlier commit and get the earlier code including the MIT file. Is that a problem?

  1264. Syndace

    Wow thank you!

  1265. Guus has left

  1266. j.r has left

  1267. j.r has joined

  1268. pep.

    hmm, I guess they can fork an ealier version of the work, though they would be liable? Maybe you can explain the reasons you're changing to GPL somewhere

  1269. peter

    It's always dangerous to change licenses in midstream...

  1270. Guus has left

  1271. pep.


  1272. Lance has left

  1273. marc has joined

  1274. LNJ has left

  1275. jonasw

    SamWhited, it was merely a convoluted way of saying "take the SCRAM rfc and do the same for argon2" sorry I got your hopes up (cc @ Zash)

  1276. Syndace

    pep.: Thing is, I'm not just "changing" the license because I want to but the first license was never the correct one and I could get sued if I don't publish as GPL. git filter branch? Those dark areas of git that I try to avoid :D

  1277. LNJ has joined

  1278. jonasw

    Syndace, git filter-branch or something equivalent is your only way.

  1279. jonasw

    alternatively, you can squash the history

  1280. jonasw

    why are you bound to GPL though?

  1281. Zash

    Are you, really?

  1282. Dave Cridland has left

  1283. Zash

    Probably should take what us non-lawyers say with a truckload of salt

  1284. lovetox

    Syndace, clone your repo somewhere for backup

  1285. lovetox

    squash everything into one inital commit before releasing

  1286. lovetox

    upload finished

  1287. pep.

    squash is meh :/

  1288. Syndace

    Zash, I am bound to GPL. Until we define our own wireformat.

  1289. jonasw

    Syndace, what

  1290. jonasw

    source for that?

  1291. Syndace

    jonasw, for what? That I'm bound to GPL?

  1292. Dave Cridland has left

  1293. jonasw


  1294. Syndace

    I guess I could create a fresh repo with just the newest commit and release that one

  1295. jonasw

    that doesn’t make sense to me

  1296. lovetox

    someone told him here

  1297. lovetox

    because he looked into signal source for the wire format

  1298. Syndace

    jonasw, to be abled to talk to libsignal I needed to copy a few params from theit code

  1299. Syndace

    I don't think there is any way that is not GPL

  1300. jonasw

    isn’t there a specification aside from that code?

  1301. Dave Cridland has left

  1302. Syndace

    For large parts, yes

  1303. jonasw

    anyways, heading out.

  1304. Syndace

    But the specification says for example: "Set this parametet to an application specific ASCII string"

  1305. marc has left

  1306. Dave Cridland has left

  1307. Syndace

    Which I had to copy from libsignal because it is not defined anywhere

  1308. Syndace

    But then again, it's no problem to switch to MIT once we define our own parameters

  1309. pep.

    Not really sure what's frightening about GPL tbh

  1310. Dave Cridland has left

  1311. Zash

    Probably a bit of FUD on account of Moxie & co being weird with reimplementation of signalprotocol

  1312. marc has joined

  1313. pep.

    I meant, why not just stick to GPL

  1314. Syndace

    pep.: GPL is fine for now but I personally don't like the philosophy to force open sourcers to use some license.

  1315. jonasw has left

  1316. Yagiza has left

  1317. pep.

    Depends on your end goal

  1318. lovetox

    pep., because not every client can ship gpl code

  1319. lovetox

    there is a huge discussion about this

  1320. lovetox

    on the list

  1321. pep.

    lovetox, that can be distributed via another channel? You already have plugins for gajim for example

  1322. Zash

    pep.: I was on why GPL, not why not.

  1323. pep.

    But tbh if it were me I'd just put the client under GPL

  1324. lovetox

    poezio for example is not under GPL if i remember correctly

  1325. mathieui

    zlib indeed

  1326. lovetox

    also jitsi i think

  1327. pep.

    yeah but we also have plugins. There is no case for now for external plugins though, since all are commited in the source

  1328. lovetox

    smacks lib i think is also not

  1329. pep.

    But it would be doable

  1330. mathieui

    lovetox, it was gplv3 at the beginning though

  1331. lovetox

    yeah of course, but if someone does the work and rewrites a whole lib from scratch

  1332. lovetox

    why not work to the goal to make it with a good license

  1333. lovetox

    that lets every option open

  1334. Syndace

    lovetox: my thoughta

  1335. pep.

    good is definitely subjective here. It also lets the option for companies to just reuse it and use your work without giving anything back

  1336. pep.

    Or anybody really

  1337. SamWhited

    That seems perfectly fine… I don't really care if people give back to my work, I just want it to be as usable as possible.

  1338. pep.

    I do care

  1339. Lance has joined

  1340. Syndace

    I'll go with the beer license

  1341. SamWhited

    I'd rather not force a choice on the majority of people who will give back and use my open source in a good way. If one or two people are bad actors that's unfortunate, but it's not worth hurting the large number of people who aren't already using the GPL just for the possibility that one person might do something bad.

  1342. Syndace

    and make it copyleft

  1343. Guus has left

  1344. Guus has left

  1345. pep.

    SamWhited, I guess I see it the other way around. What would it cost you to release under GPL, and also have the one next to you release under GPL, etc. The main reason I see not wanting to use GPL is if you explicitely want to allow not giving back

  1346. SamWhited

    Why should I relicense my thing just because you want to use a different license? It seems arrogant of you to want me to change what I've already done just because you think something else is better.

  1347. lovetox

    pep. you use it if you want that as many people as possible use it

  1348. pep.

    lovetox, usage is not restricted in any case

  1349. lovetox

    yes it is if it means i have to publish my source

  1350. SamWhited

    But yes, I want my thing distributed as widely as possible, so I'm not going to put stupid restrictions on that. If someone abuses it, that's unfortunate, but most people won't.

  1351. lovetox

    you say its not restricted under X conditions

  1352. pep.

    lovetox, right sorry I was out

  1353. lovetox

    some people cant just live with these conditions so will not use it

  1354. pep.

    lovetox, I wouldn't go as far as that

  1355. SamWhited

    And especially if it's a security thing then I definitely want it to be usable by proprietary closed source software. We're not going to get rid of it by using the GPL, but we can possibly make it more secure by not using the GPL.

  1356. pep.

    SamWhited, I'm not sure where you want to go with the security thing.

  1357. Kev has joined

  1358. lovetox

    it simple if you have higher goals

  1359. pep.

    If people want to use a library they can'T, then too bad for them?

  1360. pep.

    either they comply or they don't use it

  1361. lovetox

    if my goal is government not spying on people because i think it makes a better world

  1362. SamWhited

    Exactly where I went; if someone is making a bunch of garbage IOT devices that are insecure, and I make a library that makes auth easy and they consider using it, I don't want them not to use it because I arrogantly claim that they have to release their source if they bundle my library.

  1363. lovetox

    i couldnt care less if companys use my encryption and make money with it

  1364. lovetox

    because my goal is still reached

  1365. SamWhited

    What lovetox said; of course, that's a very specific niche goal, I'm just sick of people pretending that there's no downside or tradeoffs with the GPL.

  1366. SamWhited

    There are plenty of reasons not to use it.

  1367. lovetox

    also companys like google do this

  1368. pep.

    Ok, well we definitely don't have the same goals, I guess I got that

  1369. lovetox

    this is my opinion of course

  1370. lovetox

    but often they release under licenses that allow not to give back

  1371. lovetox

    because if you use there stuff it gets spreaded

  1372. lovetox

    and when everyone uses it you depend on google stuff suddenly

  1373. lovetox

    they profit in other ways from it

  1374. marmistrz has left

  1375. pep.

    Note, I didn't say a word about me making profit

  1376. Guus has left

  1377. Guus has left

  1378. Guus has left

  1379. ThibG has left

  1380. ThibG has joined

  1381. ludo has joined

  1382. sezuan has left

  1383. sezuan has left

  1384. sezuan has joined

  1385. j.r has left

  1386. j.r has joined

  1387. Dave Cridland has left

  1388. lskdjf has left

  1389. j.r has left

  1390. Guus has left

  1391. lskdjf has joined

  1392. Ge0rG has left

  1393. Dave Cridland has left

  1394. j.r has joined

  1395. moparisthebest

    I think I'm the one that said that, and IANAL

  1396. moparisthebest

    but I believe that if you copy even any tiny part from a GPL library, or possibly even look at it before implementing a replacement, it's a derivitive work that must be licenensed GPL, does that sound right?

  1397. ta has joined

  1398. moparisthebest

    besides if API's are copyrightable I'm not sure anything matters anymore https://www.bloomberg.com/news/articles/2018-03-27/oracle-wins-revival-of-billion-dollar-case-against-google ...

  1399. ibikk has left

  1400. jubalh has joined

  1401. ibikk has left

  1402. lskdjf has joined

  1403. Dave Cridland has left

  1404. suzyo has joined

  1405. ludo has left

  1406. Guus has left

  1407. rion has left

  1408. flow

    moparisthebest, that is my interpretation too

  1409. goffi has left

  1410. lskdjf has left

  1411. lskdjf has left

  1412. lskdjf has left

  1413. lskdjf has left

  1414. ibikk has joined

  1415. lskdjf has left

  1416. lskdjf has joined

  1417. jubalh has joined

  1418. Dave Cridland has left

  1419. lskdjf has joined

  1420. marc has left

  1421. Guus has left

  1422. Dave Cridland has left

  1423. Dave Cridland has left

  1424. Dave Cridland has left

  1425. marc has left

  1426. Dave Cridland has left

  1427. winfried has joined

  1428. jubalh has joined

  1429. Andrew Nenakhov has left

  1430. Andrew Nenakhov has joined

  1431. Dave Cridland has left

  1432. Andrew Nenakhov has left

  1433. Andrew Nenakhov has joined

  1434. Andrew Nenakhov has left

  1435. Andrew Nenakhov has joined

  1436. winfried has joined

  1437. Dave Cridland has left

  1438. Andrew Nenakhov has left

  1439. Andrew Nenakhov has joined

  1440. Dave Cridland has left

  1441. Dave Cridland has left

  1442. lumi has joined

  1443. Dave Cridland has left

  1444. marc has joined

  1445. Dave Cridland has left

  1446. mimi89999 has joined

  1447. Dave Cridland has left

  1448. Dave Cridland has left

  1449. Dave Cridland has left

  1450. Dave Cridland has left

  1451. blabla has left

  1452. Dave Cridland has left

  1453. alexis has joined

  1454. jubalh has joined

  1455. Dave Cridland has left

  1456. ibikk has left

  1457. alexis has left

  1458. alexis has joined

  1459. alexis has left

  1460. Dave Cridland has left

  1461. sezuan has left

  1462. iiro.laiho has joined

  1463. ibikk has joined

  1464. Dave Cridland has left

  1465. iiro.laiho has left

  1466. Tobias has joined

  1467. iiro.laiho has joined

  1468. marc has left

  1469. Dave Cridland has left

  1470. Seve/SouL has joined

  1471. Tobias has joined

  1472. Dave Cridland has left

  1473. lskdjf has joined

  1474. david has joined

  1475. Dave Cridland has left

  1476. iiro.laiho has left

  1477. Dave Cridland has left

  1478. Dave Cridland has joined

  1479. Dave Cridland has left

  1480. Dave Cridland has joined

  1481. david has joined

  1482. Dave Cridland has left

  1483. Dave Cridland has left

  1484. suzyo has joined

  1485. Dave Cridland has left

  1486. ibikk has left

  1487. Guus has left

  1488. jubalh has joined

  1489. Tobias has joined

  1490. Holger has left

  1491. jubalh has left

  1492. jubalh has joined

  1493. jere has left

  1494. Dave Cridland has left

  1495. david has left

  1496. david has joined

  1497. tux has joined

  1498. Guus has left

  1499. Dave Cridland has left

  1500. Tobias has left

  1501. Zash has left

  1502. Dave Cridland has left

  1503. Ge0rG has left

  1504. Ge0rG has left

  1505. Dave Cridland has left

  1506. Ge0rG has left

  1507. jere has joined

  1508. Ge0rG has left

  1509. Ge0rG has left

  1510. Dave Cridland has left

  1511. Ge0rG has left

  1512. ThibG has left

  1513. ThibG has joined

  1514. Guus has left

  1515. Andrew Nenakhov has joined

  1516. david has joined

  1517. david has joined

  1518. jjrh has left

  1519. jjrh has left

  1520. jjrh has left

  1521. jubalh has left

  1522. jjrh has left

  1523. Seve/SouL has joined

  1524. LNJ has left

  1525. Tobias has joined

  1526. LNJ has joined

  1527. Dave Cridland has left

  1528. ThibG has left

  1529. peter has left

  1530. jere has joined

  1531. LNJ has left

  1532. Neustradamus has left

  1533. Syndace has joined

  1534. Syndace has joined

  1535. Guus has left

  1536. Ge0rG has joined

  1537. waqas has left

  1538. Ge0rG has joined

  1539. jjrh has left

  1540. Tobias has left

  1541. Dave Cridland has left

  1542. Guus has left

  1543. waqas has joined

  1544. Zash has left

  1545. lovetox has left

  1546. Guus has left

  1547. Guus has left

  1548. nyco has left

  1549. Ge0rG has joined

  1550. Ge0rG has joined

  1551. Guus has left

  1552. Guus has left

  1553. ThibG has joined

  1554. Guus has left

  1555. la|r|ma has joined