XSF Discussion - 2018-04-20

Hmm, just noticed that Conversations doesn't (also) send XEP-0080 payload when sharing location.

ralphm: is there any client that will do something reasonable if I just stick a geoloc element in the message (w/o the pubsub overhead)?

Assuming that this is what you are talking about

I'm not sure, to be honest, but it is something I'm suggesting being implemented in what we are doing.

are these not 2 different use cases

i always thought xep 80 is more of a, contantly sharing your location all the time

conversations just shares the location at one point in time with a geo uri or not?

mmm, I know of a protocol which suggested inclusion of XEP-0080 payload into messages. Ge0rG?

(it’ll haunt you forever!)

either way gajim supports xep 80 🙂

lovetox, the XEP provides two parts: the data format (<geoloc>), and a recommended transport (PEP)

The point is, any time you need to encode location in XMPP, the same data format/code can be reused without inventing something new

ah i see

so you want to use the geoloc element with another transport

extensible XML is extensible

in this case a message

So yeah, if you want to send a specific location once over XMPP, but don't want to publish it to all your contacts, I think including it directly in a message is quite sensible

So, the thing, it's just sending <body>geo:x,y</body> right?

yeah and this is useable by the user even if the client doesnt support locations

i think firefox even supports this uri scheme

geo:0,0

jonasw: no!

jonasw: or I'll PR xmpp-echo-bot into xmpp.org/clients!

Right, so like OOB (which is similar - it defines a data format as well as different ways of using it, iq vs. message), the <body> may be used only as a fallback

Having a graceful fallback in <body> is sane.

Having *only* the body is meh.

However like OOB, we have the problem where it's not known if the <body> is just a fallback, or also includes some information to which the data payload is an addition

e.g. <body>Don't come to this place, here be dragons</body><geoloc>...</geoloc>

Client sees <geoloc> and says "I know this! They sent a location, so I'll show that instead of the <body>..."

There used to be thing magical awesome feature negotiation, but we've killed that, thanks to Carbons and MAM

Zash, that never worked with offline messages either

MattJ we can decide

the dataformat has a description attr

Right, that's currently a problem I have with OOB

so if we have description ignore body

That means I can't use OOB like an "attachment" feature

<body>Here is that Word document containing the virus I received earlier</body><oob><desc>Word document</desc>...</oob>

Fwiw Conversations will only use the oob tag if it's either the same as the body or if the body doesn't exists

I can think of a protcol solution, not sure whether it's actually a good idea or not

I'm not defending oob as the best thing ever invented

<hide-body-if-you-understand>jabber:x:oob</hide-body-if-you-understand>

But the word document situation wouldn't happen

> Here is that Word document containing the virus I received earlier Where, I don't see it?

Zash, fair point :)

Nice things be unavailable.

So for backward compatibility, we have to always use <body> as a fallback

so <desc> suddenly makes sense as a non-fallback piece of text

yes if desc is there hide body

If only anyone actually used taht

I'd wanna have this, but it won't work today: body := $desc \n $uri oob := { uri = $uri, desc = $desc }

Zash, yes, pretty much what I'm proposing

The current Conversations logic makes sense, to defend against any clients which may be treating <body> *not* as a fallback

But I'm not sure whether any clients actually do that today

So we just need to document that oob always overrides body, and the accompanying text, if any, is in <desc>

> I'd wanna have this, but it won't work today: > body := $desc \n $uri > oob := { uri = $uri, desc = $desc } I can live with that.

For now it won't break Conversations.

And in the future I might implement support

daniel, iirc you said the text wouldn't be displayed in any case?

Oh right, it would ignore the oob for now

Well by not break I mean Conversations would display the fallback

Got it

it would break inline image display ;)

Luckily XEP-0066 is still Draft :)

Does 66 have anything over SIMS?

But even the example there is using it in an attachment-style

Kev, yes, things support it already :)

Small, simple, self-contained.

I think it's simple because it's always just a URL

SIMS suddenly pulls in Jingle

and that's quite a commitment for a client that simply wants to display an image

SIMS doesn't need to be Jingle though, does it? It can just do URLs?

Or I've completely misunderstood.

But why would you if you're just sending URLs anyways?

(SIMS has more things that are useful tho)

Because you usually want metadata with it.

Kev, "a client supporting this XEP MUST implement Jingle File Transfer (XEP-0234) [2] and HTTP File Upload (XEP-0363) [4]."

which is weird, because even to just receive and display images from others, I MUST implement a XEP related to uploading?

Yeah, either it's useful just for fetching stuff, in which case it shouldn't have that, or we should move all the metadata stuff into references itself.

Maybe separate requirements for sending and receiving?

and rather than forcing client to implement Jingle, there should be a fallback as we have with the OOB solution

So I think that answers why OOB > SIMS right now (but may not always be)

all the refererence / link XEPs suck in different ways.

The sad truth is, anybody can click a URL, but you can't count on all of a user's clients supporting Jingle

Are you interested in just a clickable URL though?

(I don't think any of mine do, and one is a console client that I use via ssh... what is it supposed to do with a Jingle reference?)

No, I'm saying that a clickable URL is the common fallback that works absolutely everywhere

xep 80 links to a invalid site

https://xmpp.org/extensions/gps_datum.html

> Luckily XEP-0066 is still Draft :) Btw I don't see why would anyone use 066 over 221 for inline image display

Heh

by the way if any server operators are interested in having their uptime tracked you can add your own server with this form: https://status.conversations.im/add/

you can of course also just self host the thing. but apparantly some people don't want to

GDPR meeting in 5? pep., Ge0rG, winfried

oh right

🤦

Give me one minute

Ge0rG, why?

> 15:56:00 jonasw> GDPR meeting in 5? You have until 16:01

jonasw: it was just an ACK of my presence

weird way to ack

!

I got beverage and snack, all the good stuff

🙋

Ge0rG's famous ack

better now?

Well I imagine a headdesk would be stranger for a ACK

Ge0rG, yes

!

Are we there yet?

.

all present

pep.: thanks for your logs!

I was a bit lost with the two last meetings, not sure in what category to put what we talked about

we have to do the spamdetection and can then move on to the consequences

I’d like to insert a point: do we want to send a posting to the gdpr list set up by the debian folks?

pep.: When I have a bit time to spare, I wil check

yes I would like to

jonasw: 👍

jonasw, can do

good plan

tiden up the wiki a bit after this meeting and send it out?

Ok

that is that earth.li list?

Ge0rG: good plan, maybe add a summary so far?

yes

winfried, boarf

LOL

It's still a wip

it is

do we need any reflection on the process before diving into it?

I guess not... ;-)

last point of 1.1d before diving into 1.1e: spam detection. What are we doing there and is that justified

If we want to provide a proper service to other users of the network I guess we have to yes

winfried: what I am doing: automatic analysis of all messages for matching one of two sets of certain (super secret) criteria.

pep.: I was referring to legal grounds for processing, but you are right, that doesn't justify it

messages that match criterion 1: manual analysis of body text (this might be really evil, dunno)

messages that match criterion 2: automatic blocking of the sender JID forever.

hmm, wouldn't any manual analysis directly fall under 9.1?

Ge0rG: fixed criteria or self-learning/statistical ones?

Ge0rG, all of that falls apart once spammers start to OMEMO things, right?

or at least the body text analysis

winfried: fixed criteria. The manual analysis is only used to improve the criteria-2 list

Ah, you're talking about non-bayes analysis or similar I guess

jonasw: yes. I'm eagerly awaiting that day so I can start blocking OMEMO

*crunch*

hmm, the e2ee thing seems annoying yeah

pep.: e2ee is a security risk!

:)

Ge0rG, I'd say that's a bit involved for spammers no?

manually reading the body seems fairly evil though

Anyway..

lets brainstorm a bit

jonasw, agreed

it's ok, the spammers aren't going to sue him for it

abuse detection/prevention is a ground for processing

moparisthebest, might not be spammers he's reading messages of

I think the target audience of their spam hates omemo and uses pidgin or other crappy messengers. So I honestly wouldn't expect them to start using omemo any time soon

winfried, in any case: spam filtering is currently not standardised and I’m not sure if we need to cover it within the XSF

as long as it proportionate

at least not at this point in time

so reading every message is not proportionate, reading messages already marked as spam is

winfried, is it?

is it written in your bible

winfried, depends on how you mark as spam

point is, no one could tell if you did or not, so it's legal!

moparisthebest, shush

if you learn on spam based on viagra and penis enlargement, your spam detection could easily trip off at 9.1-relveant non-spam content.

what this: Ge0rG, do you ever manually read messages? (answer no)

pep.: well, that is one of the things I was doubting about

but here in the netherlands 'escalating fraud prevention' is accepted right now

jonasw, your spam filter could also be "true"

(though a bit controversial)

pep., jonasw very true

I motion that we skip spam detection of any kind for now, because of lack of standardisation. Just leave a note that any type of body analysis might go into 9.1 realm.

in the escalating things, metadata is the first step, then automated detection then manual analysis

moparisthebest: yes I do.

moparisthebest: it is justifyable if it is proportionate and if it can't be done in an other way

oops, you messed up Ge0rG :P

jonasw: I think we need to give some warnings about it, but we can't fully handle it indeed

so +1 to the motion of jonasw

how the hell does google justify that

yeah I also want to leave this aside for now

pep.: Google just lets you sign that they own your soul and your communications

Ge0rG: ?

is it me, or did everybody leave for a friday afternoon beer on a terrace?

Good idea!

I was also planning something similar

it's sunny in England, joy! ✏

winfried: what was your question, sorry?

It was sunny here yesterday.

Now it's grey meh.

kinda on topic: https://politics.stackexchange.com/questions/30509/how-are-gdpr-fines-actually-enforced-for-us-companies-with-no-physical-presence

do you ack leaving spam detection with a note about possible problems with it?

"The GDPR requires non-EU entities handling EU data to appoint a representative in the EU, and this representative will be able receive the fines or other penalties relating to regulation compliance." ;; haha EU lawmakers really are insane aren't they?

winfried: yes, ack

Q1.1e!

winfried, what do you want to put in 1.1e?

pep.: I'd say specific action items for people involved (i.e. server operators)

State what fine if you don't do x or y?

up to now we found several limits, things to consider regarding the processing we are doing

istr winfried also talking about drafting a policy or sth

pep.: the fines aren't clear yet. The maximum fines are well-defined, but there are zero rulings yet

I think we should no look at what we must do to fix those issues

winfried: {not,now}?

like s2s to a server that is violating privacy

now

winfried, I guess you can blacklist once you become aware

but how do you become aware?

shall we first make a list of issues to consider?

I don't think it's useful in any way to block s2s

Ge0rG, that'S the trick

We need to ensure that the users are informed about the possibility of their data leaving the EU

OK, I opened pandora's box of s2s

lets empty it...

issue a: can it be justified?

(to do s2s)

what can?

ah, we said article 6 and 49.1b

6.1b and 49.1b ?

pep.: exactly, but that assumes no more processing then is needed for the task

We can also ask for consent with 6.1a and 49.1a iirc

so how do we assure there is no more processing then needed for the task?

For the part that's not covered by implicit consent

pep.: yes

but how do we know we need extra consent?

all we haven't covered in 1.1c/d I would say?

I guess we can't enforce this by technical means, it is a legal issue

does an incoming message to your user make it your user's message? in which case you already have their consent?

moparisthebest: no

why not?

winfried, did we not say yes to this question?

moparisthebest: it still contains pii from the sender

right, assuming no further analysis of the message

that they willingly sent to your user, put completely under your user's control?

which they granted consent to you for, maybe?

pep.: on storage (MAM) of the conversation not on the processing (relaying) the message

moparisthebest: by willingly sending it to a user, the sender agrees to the processing of sending the message, the receiver is no part of that

does anyone actually know that are is everyone just guessing until it's tested in court?

hmm

moparisthebest, nobody knows

moparisthebest: there are some wp29 guidelines, they have a legal status

I'd think they'd all be equally arguable in court

winfried, didn’t we establish last time the opposite of that?

like, received message == recipients content => covered by recipients consent.

jonasw: hmmm... refresh my mind (it has a friday explosion)

again, what are the email providers doing? that's really all we need to know, numerous email providers are far bigger and have far more money than the entire XMPP network

winfried, I’m semi-afk myself, but I think we figured that due to the fact that the recipients server has consent from the recipient for processing, it’s fine because the sender gave the recipient the data.

moparisthebest, nobody knows!

jonasw: I thought that was only in the context of MAM at the receiver server

moparisthebest, they won’t tell you because it threatens them legally

moparisthebest, https://www.earth.li/pipermail/gdpr-discuss/2018-April/000013.html a quite I liked in there, "Of course, anyone's reading might contrast quite a bit from how lawyers will over time engineer courts into interpreting it"

winfried, okay, what are we talking about if not about MAM?

jonasw, than that's what we should find out rather than trying to make up stuff on our own?

jonasw: relaying the message, logging it, spam filtering it

moparisthebest, except that they won’t tell us

using it for profiling for targeted advertisement

because it threatens them legally to do so, I guess

moparisthebest, also business opportunities, so insentive not to reveal how they do it

that, too

but I guess they’re more afraid of them actually not being compliant

possibly

but there are plenty of more open ones that would too?

presumably

moparisthebest: there are many things unclear on the gdpr, but many thing things *are*, we can anticipate on that

hm, we could ask posteo

moparisthebest: and many companies try to ignore the obvious, for example because it doesn't fit in their business model

it's not great but, seems like good odds an email provider will be targetted way before any xmpp provider, could just wait and see...

moparisthebest, not sure that's a good option

the other option is for non-lawyers to try to interpret lawyer-speak, and guess what a lawyer and judge will decide

So.. we didn't get really far today

also, not a good option

moparisthebest: I don't want to tell my customers "we are neatly ignoring the law, because we hope somebody else gets caught first"

whether you try really hard to comply or not, that's still essentially the position you are in

pep.: yes, I am a bit frustrated too...

moparisthebest, if this doesn't interest you, fine

moparisthebest: it is not that black-white, many things *are* clear

sorry, I was more distracted than I expected during this timeslot :/

don't get me wrong you guys are doing good work and finding the baseline of generally what looks to be compliant

but none of you are lawyers, and even if you were, they can be wrong too

it's a terrible situation, I'm just glad I'm not in the EU

moparisthebest, yes everybody can be wrong and we'll see on the first court cases

In the meantime, we kind of have to do something about it anyway

That's true for basically any law that applies to whatever you do.

yes

moparisthebest: the good thing is that if you show to the court that you clearly did your best to follow the rules, your probability of ending up in jail sinks

Obligatory link to http://ansuz.sooke.bc.ca/entry/23 if you haven't read it, on the subject of law and computing

my only concern pep. is you overanalyze something and end up crippling federation or something that is useful

moparisthebest, we're only giving guidelines, and we welcome anybody to give input, or even bring lawyers to the dicussion if possible

moparisthebest, also as Ge0rG said

yea but if the guidelines end up being 'disable federation except on an opt-in manual basis' that ruins everything

FYI, there's a bit of XMPP discussion in this Google Allo/SMS thread: https://news.ycombinator.com/item?id=16882539

moparisthebest: I think we are in matter of fact analyzing how far we can go with federation without running into big problems

that is not where we're headed no

Shall we plan next

yes... I will try to make a analysis/summary of the discussion so far and the issues to tackle before it

I can't do Wed and (Fri morning)

Tue 12:30 CEST as before?

pep., that would work for me

Tue I am stuck

winfried, yes that'd be nice to know where we're at

Mon maybe?

mon wfm

Mon 1230 CEST

wfm

jonasw, Ge0rG

pep., can do

Mon and Tue should both work

Ok!

Mon 1230 CEST it is

*bang*

pep.: thanks for chairing! ;)

haha

thanks to winfried too, obviously

Sorry I was semi-AFK, had two important and unscheduled customer calls :(

Ge0rG: I noticed something like that already, can happen

thanks all

https://news.ycombinator.com/item?id=16882862 "an entirely over-the-top service that everyone could use, on any platform, without the consent, extra billing or buggy implementation of their carrier.", I guess they're missing the point, you still get the consent (in their meaning of the word) of WhatsApp to send your messages.

https://www.smbc-comics.com/comic/help ha lawyers eyeing GDPR stuff

The Last Call ends on 2017-12-12

says xep 363

so 4 months later what happens now?

I last see an email from Dave Cridland saying: "Re-reading this and other feedback, I'm going to push back on moving this to Draft until substantial improvements are done to Security Considerations in particular, and normative language use in general."

There has been an update to the XEP since then however

It might be time for the editors to reissue the LC on that

I'll do one tiny update. Give me second

does the xsf have tool to track these things?

there are probably 100 xeps in different states that have deadlines

my observation is that these dates are not actually tracked, so the deadlines mean nothing

i dont know what the correct process is, but a xep where the LC ended and it was voted to not advance, should be moved back to experimental or something

lovetox, seems legit

editor’s bsy though

and not kept in this LC ended, but we have to search the mailinglist what actually happend -state

As with all things, feel free to help do something about it :)

i just did, its not meant as whining, i deal with this at work everyday, i asked if you have a tool to track these deadlines?

Not beyond basic things like popping it in Trello (unless jonasw tells me we've got something better I'm not aware of).

We could, in principle, scrape the dates out of the XEPs automatically, but I don't believe we have anything currently to do that.

`grep`

is there any automatic state changes happening?

like triggered by something, and executed by the server without the editor doing something?

or does every state change need a manual triggering by the editor?

State changes are all manual (which is right, I think).

Sending emails is also manual, which isn't right - that bit's nearly automated but not quite finished.

so if every state change is manual, then a simple excel (or whatever you use on linux) list with the 400 xeps and there current status would be sufficient

if its on the server and everyone has access to

before council meeting, look at the list, filter state X look at deadline, and bring to vote

its not really elaborate solution, but i think thats sufficient for the task

I don't think the spreadsheet part is even necessary

I don't think that helps in this particular case, though, which was that it was blocked pending changes, and either the changes didn't happen, or it wasn't clear that they had.

the problem is, nobody looked if they happend

because it was not on the agenda anymore

which it would have been if there was a list with all LC xeps

because then it would be easy to look at all LC every council meeting

and im not sure what you mean by "blocked"

if LC ended, and you block it, then it cant be in LC anymore

or maybe thats the problem, that its not usual to set the xep back to experimantal

I feel almost like we need some tests for the xeps repo to highlight inconsistencies

`xeps$ xpath -e /xep/header/lastcall xep-0???.xml`

lovetox: Because it shouldn't go back to Experimental really. According to our process it should be rejected.

Which is obviously not right.

So just leaving it in Proposed is what tends to happen.

your process gives you only Accepted or Rejected

?

after a LC

this seems not good, maybe add that it can be set back to experimental if the xep in gerneral is useful, but lacks some things

Yeah, we should allow popping things back to Experimental.

Although possibly the right thing to do is pop them into Rejected, but allow Rejected XEPs to be pulled back to Experimental, like Deferred ones.

(The difference being that if Council has rejected it, and nobody does anythign further, it should probably stay rejected and not automatically go back to Experimental)

Dave Cridland: that sounds like the perfect recipe for offending authors.

I'm not sure that's true (Dave)

It seems that an abandoned LC XEP is much like an abandoned Experimental XEP.

Kev, So Deferred?

And letting them both be Experimental at the time of last action, and defer naturally seems sane to me.

Are we talking about the Proposed state?

Deferred sounds better

ralphm: Yes.

you dont want to set it to a state where devs are scared to implement it, only because one council member thought some minor thing has to be adjusted

So an E with 5 months before Def goes to LC, gets -1, it then goes back to E for another 5 until it goes Def.

so Rejected sounds bad

Or something.

lovetox: Indeed.

Yes Kev your proposal sounds sane

Rejected would be the appropriate state if the author is unwilling to change it based on said council members' comments.

ralphm: I don't think so based purely on that criterion.

I am ok with an edge Rejected->Experimental

yes of course, the case we talk currently is, nobody had time to look at things, or forgot but the xep is a good xep 🙂

Because if it's a worthwhile XEP with an intransigent author, the right thing is to assign a new author.

Not to kill the XEP.

Kev: allowing Rejected->Experimental would enable just that, no?

ralphm: Pointlessly, IMHO.

Rejected should be an end state

in my opinion

I think allowing LC to end in any of Draft, Rejected, Experimental would be good to me.

Somebody wants to pick up the Rejected XEP, does the work, suggests going back to Experimental.

And leaving it to Council to decide which.

Sure

so in this case now with httpupload

But then you have to define how a vote in Council causes which transition

i message the editor, saying LC has ended, no changes on the xep

then he has to set it to rejected

10 minutes later daniel messages: oh i make the change i forgot

then he has to put it again into experimental..

lovetox: in the current process, only Council can make it go to Rejected to begin with, after a vote.

good, so council should decide

So it is Experimental -> Proposed -[vote]-> Rejected/Draft

experimental because author was reached and promises to do something

or rejected, we cant reach anyone

i feel there is no need for a hard state machine, LC -> Rejected -> experimental

although i dont care in the end, but this probably generates work for the editor

and has no real gain

council can determine if its worth to go from LC -> Experimantal

If a modification to XEP-0001 is proposed, including how voting in Council works with three possible outcomes, I'd of course be happy to entertain that proposal in an upcoming Board meeting/

I'm not sure LC should be an explicit state, I think that's the problem here

lovetox, The benefit of a hard state machine is that people are slightly less likely to scream about abuse of power.

It's great to have a process to change the process.

MattJ: That may well be.

Dave Cridland, hm yes didnt saw it from this point of vie

Dave Cridland: I'm pretty sure if there is a Collusion of Council, we can figure out a way to formally follow the process to achieve any desired abuse of power.

also would it be a abuse of power if the council votes on the state?

i think not

If I was proposing wording to xep1, I would go with a slightly more formal: When LC expires, Council shall vote on advancement to Draft. If this vote fails Council shall then vote on Rejection. If this vote also fails, the XEP shall return to a state of Experimental (and shall later be deferred after the normal period after the substantive modification).

I'd +1 that

So please send a request to that end to Board

I think it would be useful, though, to actually record objections in the Changelog. We haven't done this, before, but it might be useful to see the history if progressing failed at some point.

+1 to that

🤣

https://twitter.com/ralphm/status/987382007452889088?s=09

RCS? Come on.

Apparently

difference being they couldn't charge xmpp servers for federation like they can with carriers I'm assuming

what is this? google's 10th attempt at instant messaging? 20th? I've lost count

and this one is obviously going to fail ✏

sure I mean why would anyone think the 20th time is the charm :)