-
lovetox
we have a list in gajim source with servers
-
lovetox
its says that everyone that wants to be added should follow the instructions
-
lovetox
on http://xmpp.org/services/register.shtml
-
lovetox
this thing seems not to exist anymore, was there a list of servers somewhere on xmpp.org where people could add their server?
-
lovetox
if yes, where is it now
-
jonasw
I think that has moved to xmpp.net
-
lovetox
oh lol right on the front page
-
lovetox
pitty its not recorded if the server support IBR or not
-
jonasw
indeed
-
jonasw
you might wanna filter for features anyways
-
Ge0rG
Is https://xmpp.net/register.php still the right method?
-
jonasw
except that nobody maintains the list
-
jonasw
I don’t have the permissions, and I think it’s possible that nobody knows how
-
Ge0rG
stpeter does?
-
jonasw
lovetox, 06:15:19 jonasw> fugata, didn‘t you start to compile a list of IBR-supporting servers with good XEP support? 08:11:04 fugata> I did 08:12:19 fugata> jonasw: I also created uptime accounts for them and sent the credentials to Daniel; they're all on status.conversations.im now IIRC 08:21:22 fugata> jonasw: http://paste.debian.net/1025196/
-
daniel
The compliance tester will also start checking for ibr but with the recommendation to just use ibr oob redirection
-
Zash
Is that a recommendation?
-
daniel
Zash: IMHO yes. Because it's easier to to spam protection
-
Zash
But at what cost!
-
Zash
Worse UX and you make Ge0rG sad.
-
daniel
The thing is with a 'powerful tool' you can't just test for ibr. That will force ops to blindly enable ibr and open the gates for spam. So the compliance tester will probably recommend oob. But if you want to diverge from that that's fine as well
-
jonasw
daniel, maybe it’s better to then just not test for IBR
-
jonasw
or make the data only available on request, but not on the overview
-
daniel
jonasw: but it's also important to have that information so people like lovetox can compile their list
-
jonasw
like a JSON file
-
jonasw
but not in the HTML table
-
jonasw
to prevent "need to have it all green!!!" people from blindly enabling IBR
-
Zash
that.
-
Zash
So much that.
-
jonasw
a JSON file would also be useful to automatically fetch on client installation/startup *cough*
-
daniel
Yeah that's why I'm not blindly enabling the test. Maybe we can just exclude it from the ranking or something
-
jonasw
I’d prefer excluding it from the table and having a hidden-ish JSON file with that data included.
-
daniel
And no a json file is probably not a good idea. Because people who compile lists should take other factors into account as well
-
lovetox
json would be nice
-
lovetox
i would not fetch it, but would pull it into the source from time to time
-
daniel
Like uptime as provided by the status thing and do they have a privecy statement
-
jonasw
ideally, we can soon-ish test for privacy statements automatedly (ping pep.)
-
daniel
Or 'is it run on a raspie in somebody's basement'
-
pep.
Ideally
-
lovetox
hm maybe we could pull it automatically but only if the user starts account wizard
-
pep.
I'd rather not pull it automatically, but update the client every so often
-
daniel
pep.: what do you test for?
-
daniel
For the privacy statement
-
pep.
I assume jonasw is talking about EULA
-
jonasw
pep., yes, I am
-
jonasw
daniel, a server would expose a stream feature and a pre-auth way to query key parts of the privacy statement as well as an URL to the full text
-
jonasw
so that clients can show that in-band when registering
-
jonasw
pep., BTW, what is blocking the work on the XEP?
-
jonasw
anything I can help with?
-
pep.
Time, and knowledge
-
jonasw
what knowledge?
-
pep.
Definitely
-
pep.
Xmpp in general, what to use and how, why
-
jonasw
okay, so, maybe we can split the work here
-
jonasw
you could write up what the thing should do, and I fill in the protocol gaps
-
pep.
Ok
-
jonasw
alternatively, I can advise you on how the protocol could look, whatever works for you
-
pep.
I'll try to come up with a list of requirements
-
jonasw
that’d be great
-
jonasw
I’d love it if we could make it til next council meeting
-
jonasw
if we manage to get the text ready by monday, I could give a draft impl a shot in prosody
-
jonasw
and aioxmpp
-
jonasw
(since aioxmpp can’t do pre-auth IQs yet, that’ll be the more tricky part :))
-
Ge0rG
For clients that don't support IBR data-forms / email, we obviously need a multi-state enum for what kind of IBR is supported!
-
jonasw
what do you folks (especially Ge0rG) think of sending presence type="unavailable" or "error" when receiving groupchat messages from MUCs a client doesn’t know it is joined to?
-
Yagiza
Hello!
-
Ge0rG
jonasw: what's wrong with message/error?
-
jonasw
Ge0rG, does that kick one from a MUC reliably?
-
Yagiza
Are there clients, with XEP-0371( https://xmpp.org/extensions/xep-0371.html ) implemented?
-
jonasw
Ge0rG, also, if we lost sync with the server, we *probably* were joined formerly, so leaving with an (potentially) confusing error shows intent more clearly...?
-
Ge0rG
jonasw: I'm sure there are many painful corner cases we've not thought about ye
-
Ge0rG
+t
-
jonasw
okay, so just return a message error?
-
Ge0rG
jonasw: we are talking about to=full, not to=bare, right?
-
jonasw
wha?
-
jonasw
which to?
-
jonasw
that of the inbound groupchat message?
-
Ge0rG
yes
-
jonasw
sure, full jid
-
Ge0rG
because there is spam with type=groupchat to=bare
-
Ge0rG
and I don't want to leak presence to spammers
-
Ge0rG
jonasw: so when does a client know it's not joined to a MUC but still receives groupchat messages from there?
-
Ge0rG
right after a reconnect?
-
jonasw
Ge0rG, I’d also listen for <x/> ...
-
jonasw
but good point
-
jonasw
it might leak presence :(
-
jonasw
Ge0rG, I was thinking of a "leave the MUC operation" getting lost in an s2s hiccup
-
Ge0rG
jonasw: how often do you leave MUCs?
-
jonasw
does that matter?
-
Ge0rG
jonasw: imagine the race condition between leaving a MUC and receiving messages, causing to leave the MUC again
-
jonasw
uh
-
jonasw
that race is a good point
-
jonasw
but!
-
Ge0rG
jonasw: and yes, it does matter.
-
jonasw
don’t I receive a presence ACKing the leave?
-
Ge0rG
jonasw: how does that change anything?
-
Ge0rG
jonasw: are you going to put a timeout handler on the leave-presence?
-
Ge0rG
OMG, leaving the MUC timed out! I need to ... ?
-
Ge0rG
... </stream:stream>
-
jonasw
ew
-
jonasw
yeah
-
jonasw
so closing that as wontfix
-
Link Mauve
Btw, at https://xmpp.org/getting-started/ it might be useful to add a few notes about each server, just it being “popular” doesn’t mean people should use it blindly.
-
Link Mauve
A few days ago someone started using xmpp.jp because it was the first one in this list, only to end up with 500ms of lag whenever they typed something in a MUC hosted in Europe.
-
Ge0rG
Link Mauve: blasphemy!
-
pep.
Link Mauve: 230 here :p
-
Link Mauve
The only solution I could give them was to create an account elsewhere, with the very nice porting ability we all know…
-
Ge0rG
Our Holy Neutrality Rules forbid any kind of Provider Bias.
-
Link Mauve
Ge0rG, ping goes two ways. :p
-
daniel
Why is the delay important?
-
Ge0rG
This is why we recommend Pidgin.
-
Ge0rG
daniel: in MUCs it is.
-
Zash
Who picked that list?
-
Ge0rG
I'm sure it's approved by Board.
-
Link Mauve
Actually it was even him (France) → xmpp.jp (Japan) → MUC (France) → xmpp.jp (Japan) → him (France).
-
daniel
Ge0rG: I got that we are talking about muc. But why is delay relevant?
-
Link Mauve
daniel, some clients don’t display messages instantly.
-
Ge0rG
daniel: because you see the delay between writing your message and its delivery
-
Ge0rG
Link Mauve: some clients suck.
-
Link Mauve
Ge0rG, indeed.
-
pep.
daniel: in this case I would argue it's not the delay. xmpp.jp is not really well know for its admin capabilities either (spam, not replying yo querier etc.)
-
Link Mauve
Ge0rG, I’d even say most*. :p
-
pep.
Link Mauve: ^
-
pep.
queries*
-
daniel
I mean on mobile you can easily have those kinds of delays as well
-
Link Mauve
pep., they replied once after I made the effort of writing in Japanese (and you helped me)!
-
daniel
Never bothered me
-
Ge0rG
daniel: "Never bothered me" is not a very good way to handle user problems.
-
Zash
"Wontfix: Works for me"
- Ge0rG is in full rant mode today.
-
daniel
Why is it a problem that other people read your messages 500ms after you typed them?
-
Zash
Patch (cables) welcome
-
Link Mauve
daniel, anyway, that was only an option, being known for hosting and protecting spammers, having no real good policy privacy, being hosted in a country downright hostile to its citizens, etc. could be other reasons for not using a server.
-
Zash
daniel: It gets weird if you see your own messages that long after you sent them
-
daniel
Zash: that I can get on board with. Very weird indeed
-
daniel
But fix your client
-
Ge0rG
I'm used to this latency from my own travel. And it sucks.
-
Ge0rG
daniel: fixing the client slightly reduces the weirdness.
-
Ge0rG
daniel: imagine mod_pastebin kicking in.
-
Zash
Having something to indicate 'in flight' is probably fine, then updating it with whatever the MUC sends back
-
Zash
And adding the little green tick
-
Ge0rG
$ git blame ./content/pages/getting-started/_index.md|grep Pidgin 195fadcc content/pages/uses/getting-started.md (Guus der Kinderen 2017-01-17 12:36:13 +0100 23) * [Pidgin](http://pidgin.im/) (OS X, Windows & Linux)
-
Ge0rG
there it is.
-
Link Mauve
Or imagine participating in a fast-paced discussion and always getting your messages reordered.
-
Zash
Guus! What do you have to say for yourself?
-
daniel
Oh I should probably install mod_pastebin and find a nice solution for that
-
Ge0rG
Zash: that's how yaxim does it.
-
daniel
But that's probably only a couple of weird servers using that
-
Ge0rG
Zash: except for the well documented PITA of matching MUC reflections.
-
Guus
THAT WAS MY EVIL TWIN!
-
Guus
(I have no clue what that is, by the way)
-
Ge0rG
Guus: Pidgin in https://xmpp.org/getting-started/
-
Ge0rG
Guus: it's all your fault!
-
Link Mauve
daniel, a possible other use is biboumi splitting messages if they would lead to IRC messages bigger than 512 bytes.
-
Guus
nono, my evil twin's fault, as I already explained.
-
Zash
Or containing newlines
-
Ge0rG
Link Mauve: is biboumi honoring the message ID in that case already?
-
daniel
i really wish biboumi would hide the splitting from the user
-
Link Mauve
Ge0rG, I don’t remember the resolution of that issue.
-
Ge0rG
Guus: it's your fault to allowing your evil twin access to your githubs
-
Ge0rG
daniel: please no.
-
Guus
He's not allowed, but does so anyway! that's the 'evil' in 'evil twin'.
-
Zash
Guus: From my perspective, the JID..i... is evil..
-
Ge0rG
daniel: next thing would be to join incoming messages from the same sender?
-
daniel
is there any indication in irc that a message was split?
-
Link Mauve
daniel, exposing a different view from the rest of the participants, and then wondering why they reacted some way (generally kicking you) to your huge paste or multi-lines message, is not really better.
-
Ge0rG
daniel: no. it's just truncated
-
Link Mauve
daniel, no, IRC doesn’t split messages, the client (here biboumi) is expected to.
-
Guus
Ge0rG, feel free to fix 🙂
-
Zash
Nice UX. Bridges. Pick one.
- Guus wanders off, back to work
-
Ge0rG
Guus: Board has approved Pidgin. I'm out of that game now.
-
Link Mauve
Zash, exactly.
-
Guus
approve != need to be on getting started page
-
Ge0rG
If you want to see the world (of XMPP) burn, you are free to do so.
-
Guus
I explicitly created that page with the intent that it would be made better by others.
-
daniel
anyway i usually don't buy the 'but it doesn't work on my transports' argument
-
daniel
transports suck. the end
-
daniel
maybe the irc transport should expose the limit and have the xmpp client split it
-
Ge0rG
PLEASE NO!
-
Zash
There are errors for that, no?
-
Zash
MTU discovery!
-
Ge0rG
I hope you are cynical now.
-
daniel
yeah i'm not really sure how to handle the irc situation besides dumbing xmpp down to the irc levels
-
Zash
daniel: that's basically what you need to do
-
Zash
otherwise the differences are going to hurt you
-
daniel
in which case you don't need xmpp in the first place but just use irc
-
Ge0rG
What's wrong with how it is now?
-
Ge0rG
Why are you trying to fix an imaginary problem?
-
Zash
And why write for OS/2 when you can write for Windows and it works on both!
-
Zash
Transports are tricky
-
pep.
gdpr meeting in 10
-
jonasw
.
-
Ge0rG
I'm available until 1400 CEST
-
winfried
.
-
winfried
GDPR meeting
-
pep.
start?
-
pep.
:)
- winfried bangs a gavel
-
jonasw
.
-
winfried
I updated the wiki, though not to the extend I wish to.
-
winfried
most important addition, for everybody to take a look at: https://wiki.xmpp.org/web/GDPR#Roles_and_responsibilities
-
pep.
Thanks
- jonasw reads
-
winfried
I also checked in my bible the point I have been making about export only necessarily under 6.1a, not under 6.1b: I was incorrect, 6.1b is also included, so we have to provide an export facility
-
jonasw
if technically feasible, right?(
-
pep.
winfried, "Data Processor: can be several, e.g. the internet hoster of the XMPP server operator", not sure I get this
-
pep.
Well,
-
pep.
I would have thought, for c2s, data processor is the controller, and for s2s, depends
-
pep.
Not sure what the ISP has to do here
-
winfried
Well, I host an XMPP server at my provider
-
winfried
then I am controller: I decide what and how
-
winfried
But I rent a rig at my ISP, so my ISP is responsible for a part of the processing
-
winfried
(doing it)
-
winfried
NB: this is the classical example of a controller-processor relation.
-
pep.
Right, can we also maybe add an example on this line that's more xmpp-related. alongside the ISP
-
jonasw
do we have to disclose processors?
-
winfried
jonasw: yes
-
jonasw
pep., using google/android push stuff would be a processor relationship.
-
jonasw
(I think)
-
pep.
Roster management component?
-
pep.
Or is it a third-party?
-
jonasw
first, it’s a piece of software
-
jonasw
the question is under whose control it runs
-
jonasw
if you run it on another machine you (as the server operator) control, it’s still under your control
-
pep.
Say it's not the same person as the xmpp server admin
-
jonasw
and thus not a processor
-
jonasw
in that case, processor would probably be appropriate?
-
pep.
Well, you can be both controller and processor
-
Ge0rG
jonasw [13:38]: > do we have to disclose processors? Isn't the small business exception relevant here?
-
pep.
If you do everything yourself you'd be both
-
jonasw
Ge0rG, I don’t know, is it and where is that exception defined?
-
pep.
art. 30
-
pep.
30.5
-
jonasw
(I am still not convinced that we’re not under 9.1 by the way)
-
jonasw
(at least with storage…)
-
winfried
Ge0rG: 30.5 is only for incidental processing, not structural
-
winfried
And if it is your core business, I guess it is structural
-
jonasw
yeah
-
Ge0rG
processing of personal data isn't core business for an xmpp server
-
jonasw
then what is?
-
jonasw
(considering that storage is subset of processing)
-
winfried
Back to the controller-processor story: roster management is third party, because a controller-processor relation always is a contractual one
-
Ge0rG
Message delivery?
-
winfried
Ge0rG: Message delivery is also processing of personal data
-
jonasw
winfried, so what about google cloud push?
-
pep.
is external roster management something the user requests or something the operators sets up?
-
jonasw
would that, too, be third party? because there is no contract?
-
winfried
jonasw: yes
-
winfried
other point: does google use it only to provide a service or does it also analyze it for google's own purposes?
-
pep.
That we won't know, but I want to assume the latter
-
winfried
In the latter case the data subject must have given explicit consent
-
winfried
and that is a big problem with the current mobile ecosystem
-
Ge0rG
so as the developer you accept Google's ToS and have to require consent from your users
-
winfried
Ge0rG: that is part of the ToS of Google? (never checked that)
-
Ge0rG
winfried: dunno.
-
pep.
Hmm, I guess that's one of the reasons for https://gafam.laquadrature.net/ against Google. That everything that is done on your device is somewhat tracked via a unique id
-
Ge0rG
TL;DR
-
pep.
and you can't opt-out
-
pep.
I guess the dev should warn their users
-
winfried
yes, I expect https://noyb.eu/ to take it on in the EU
-
pep.
And maybe allow for a way to opt-out of push?
-
winfried
pep. : and loose an important part of the functionality?
-
pep.
lose*, and yes
-
Ge0rG
https://developers.google.com/terms/ §7a
-
winfried
but yes, from a legal point of view that is the only way
-
jonasw
winfried, push isn’t *that* important. in many cases on android you can live without it.
-
pep.
I'm using the fdroid version of conversations, I survive :)
-
jonasw
yah
-
pep.
Ge0rG, so by using google APIs, all your users agree to Google's privacy policy?
-
pep.
Or I guess you have to get consent for that
-
pep.
certainly
-
jonasw
the latter probably
-
Ge0rG
yeah.
-
winfried
From an XSF point of view I am afraid we must leave the app developers on their own here
-
jonasw
yeah
-
jonasw
there’s no potential protocol development involved in that
-
jonasw
it’s between the app and the user
-
winfried
exactly
-
pep.
I'll put that in the minutes still, so it's not forgotten
-
jonasw
not even the server side is much involved, it is just offering to act as a relay for the data to the google services. the app has to ensure that everything is in order for that. it sets that up explicitly.
-
jonasw
good idea
-
pep.
We can still warn client devs
-
jonasw
yes
-
winfried
+1 we have to
-
Ge0rG
do we have a template for tos/data protection policy?
-
jonasw
nafaik
-
winfried
Ge0rG: nope
-
Ge0rG
I need to write ToS for yax.im, and I hoped we'd have a template in place.
-
winfried
guess it is time to write one ;-)
-
Ge0rG
winfried: you volunteer?
-
winfried
Ge0rG: not on my own, but, ues
-
winfried
yes
-
pep.
So, as a mobile client dev wanting to allow for push, that would mean I would need to have the user opt-in really
-
winfried
I have taken notes to add to my GDPR in 5 steps scheme: contracts with processors mention push notifications
-
winfried
pep.: correct
-
jonasw
Vhmm
-
winfried
jonasw: ?
-
jonasw
is my location any type of sensitive data?
-
pep.
I'd say so
-
winfried
jonasw: not sensitive, but personal
-
jonasw
because there’s this weather app of the german weather service which has push notifications and maybe we can look at their ToS regarding that
-
jonasw
although we’d of course have to know what data is actually in the notifications to be sure that the personal data is in there
-
jonasw
and thus needs to be covered by their ToS
-
winfried
jonasw: that is also an interesting issue: I know systems that only send pushes telling the app: log in, I have news for you, what is not very sensitive, except when the app is "the remember to take your HIV-medicine app"
-
pep.
I know daniel was working on push last weekend, maybe he has some info. I don't remember the details
-
jonasw
okay, in case of the warnwetter app (which I was talking about) it’s probably irrelevant because they anonymize the location to patches of 35x50km, if I’m reading this correctly, before transmitting it to the server at all.
-
jonasw
pep., for google push I think you can get away with a simple wakeup signal, but for iOS you have to actually send content IIRC
-
daniel
pep., winfried: github.com/inputmice/p2 has a very detailed write down of what gets send
-
pep.
daniel, thanks
-
daniel
On iOS that body is usually 'check you messages'
-
daniel
Your
-
winfried
daniel: thanks, nice comprehensive overview
-
jonasw
indeed
-
jonasw
so this only reveals to google when the same accounts receive messages
-
jonasw
which is probably okay
-
pep.
That still means the user agrees to the privacy policies
-
pep.
That's still valuable metadata
-
winfried
jonasw: depending, in some case metadata analysis can reveal sensitive information
-
daniel
But you can't trace this back to an account
-
pep.
you?
-
daniel
If you give me the hash I wouldn't know what User this correlates to
-
daniel
Neither me nor Google
-
pep.
You the push server?
-
pep.
k
-
daniel
Well Google certainly not. But goggle couldn't ask me either because I don't know
-
pep.
Well google knows something has been sent to a particular device right
-
daniel
Yes
-
pep.
And what application triggered it
-
winfried
daniel: am I correct that this is your privacy friendly setup and that other implementations may be less privacy friendly?
-
jonasw
yes
-
winfried
Ok, so maybe we should list this as a best practice!
-
daniel
> daniel: am I correct that this is your privacy friendly setup and that other implementations may be less privacy friendly? I don't know anything about other applications. But I guess you *could* design it in a way that reveals more information
-
pep.
winfried, agreed. There's still some metadata that gets passed to the push component and google that the user needs to be aware of
-
Holger
The data pushed to Google is "the app vendor is asking to wake the app", right?
-
pep.
I suppose yes
-
winfried
pep.: that is correct, but it makes the story far less critical, I can really think about only a few *very* sensitive applications where this really matters
-
pep.
The thing that bothers me here is https://developers.google.com/terms/#section_7_privacy_and_copyright_protection really
-
pep.
"By using our APIs, Google may use submitted information in accordance with our privacy policies."
-
pep.
So that means the user knows about this
-
winfried
pep.: correct
-
pep.
I assume it's similar for iOS
-
winfried
pep.: to be precise: here consent (6.1a) is needed, not only information
-
pep.
yes
-
pep.
daniel, I guess for this you can add that to the "first start guide"? (is there one in conversations I don't remember) "I want push stuff"
-
pep.
should we plan for next
-
winfried
yes
-
pep.
I can't do monday this time
-
winfried
Tuesday or friday are possible for me
-
jonasw
same for me
-
pep.
Tue 12:30 CEST then?
-
winfried
wfm
-
pep.
We'll get input from Ge0rG when he's available
-
winfried
yes, nice
-
winfried
think we should try to move to the XSF policies next time
-
jonasw
wfm
-
pep.
I'm going to try and tackle EULA with jonasw this weekend. jonasw I won't be available most of tomorrow, already :/
-
winfried
pep.: I can do some work this weekend too, plz ping me
-
pep.
I think we have most of the requirements on the wiki already, I'll try to gather all that, and then we can talk protocol bricks
-
jonasw
pep., ah pity, I won’t be able most of sunday unfortunately.✎ -
jonasw
pep., ah pity, I won’t be available most of sunday unfortunately. ✏
-
jonasw
if that’s okay with you, I might just start a draft tomorrow
-
pep.
jonasw, ok, we'll see how tomorrow goes then
-
pep.
And tonight as well
-
pep.
Sure
-
winfried
;-) (y)
-
jonasw
tonight isn’t an option for me either, unfortunately
-
pep.
k, we'll try to get in touch then
-
pep.
going for lunch nao
-
pep.
Minutes sent!
-
jonasw
thanks!
-
Ge0rG
Tue 1230CEST +1
-
Wiktor
in topic of GDPR: https://news.ycombinator.com/item?id=17099484
-
daniel
> in the otherwise rational tech sector. 🤔
-
jonasw
if one believes these comments, the GDPR is going to clear the EU market and open up a lot of opportunities for startups ;-✎ -
jonasw
if one believes these comments, the GDPR is going to clear the EU market and open up a lot of opportunities for startups ;) ✏
-
MattJ
I was thinking the same
-
Ge0rG
jonasw: for GDPR-compliant startups.
-
jonasw
Ge0rG, yeah
-
jonasw
from one resource linked there, in the context of Article 9.1: > It’s important to also consider a seemingly innocuous data field like “hobbies” and what that might indicate about a person.
-
jonasw
(<https://blog.varonis.com/gdpr-requirements-list-in-plain-english/>)
-
pep.
Does it really depend on the type of field, or on the data. Because as a user I can put any kind of data I want in any field I want
-
jonasw
interesting question
-
winfried
jonasw: yes, I am involved in some apps for people with mental disabilities and there we constantly consider: how sensitive is this datafield / processing.
-
winfried
pep.: it matters how structured the data is, the risks of a structured field are *much* bigger then the risks of a datafield that is used in an unforseen way...
-
pep.
Sorry I don't get this
-
pep.
Does that mean as an operator I can say "it's not my fault" if the user doesn't use my form correctly?
-
winfried
If you have a field "are you gay? " (Y/N) then that data is quite risky, it can be abused in a fully automated way. If somebody types in the field "other remarks" "I sometimes fall in love on people of the same sex" then it is hard to analyse, profile, and abuse, certainly without human intervention.
-
pep.
OK, and then we fall under the grey area just like for xmpp messages
-
winfried
pep.: exactly
-
pep.
I'd certainly like to know about email spam filters
-
winfried
and that is why fb is *way* out of line by selling advertisement on probably "gay", "diabetic" etc...
-
winfried
pep.: yes, that is still a fascinating one.... don't know for sure where the limits are there.
-
moparisthebest
I like that guy's blog generally but https://jacquesmattheij.com/gdpr-hysteria sums up to what every GDPR proponent says about it
-
moparisthebest
"Sure it's draconian the way it's written and easily abused by faceless bureaucrat's, but trust them, they are benevolent regulators!!!"
-
Zash
Is it just me or are the ones being hysteric over this mostly Americans?
-
moparisthebest
I guess that's fine coming from the EU where half the countries still have monarchy's and are used to being subjects
-
moparisthebest
which is why, yes, I'd expect most opposition comes from the USA
-
Link Mauve
Zash, that’s also what I’ve seen, maybe because they’re more used than us with getting fucked by lawyers for anything and everything.
-
Zash
I saw some comment on HN stating that this is roughly a ^C^V of what Germany has had since the 70s-80s
-
moparisthebest
Link Mauve, yes, americans have a strong and healthy distrust of govt
-
Link Mauve
Zash, France too since 1978.
-
moparisthebest
our entire system is based on the premise that govt is bad, and we should protect against an oppresive govt
-
Zash
Sweden has had pretty good privacy laws too
-
Link Mauve
But you see, it’s inimaginable to expect companies to respect laws from forty years ago.
- Seve/SouL grabs popcorn.
-
Link Mauve
moparisthebest, yet your government is bad, and you don’t do anything about it. :(
-
jonasw
moparisthebest, https://news.ycombinator.com/item?id=17100541 maybe that’s relevant
-
Zash
Seve/SouL: good idea, I might have some left from yesterday
-
jonasw
moparisthebest, also, for certain definitions of "healthy"
-
Link Mauve
You haven’t done anything in the past century even.
-
jonasw
(given your health care systems, I doubt that anything is healthy there *scnr*)
-
Zash
Haha
-
Zash
Y'all should learn to extend your distrust to corporations too
-
Link Mauve
Meh, of course there is no English version of this page on Wikipedia… https://fr.wikipedia.org/wiki/Loi_informatique_et_libert%C3%A9s
-
Zash
Nor of https://sv.wikipedia.org/wiki/Personuppgiftslagen
-
moparisthebest
jonasw, yea I read that, and it makes sense, we have everything spelled out because we *don't* trust govt :P
-
Link Mauve
The GDPR “just” increases the powers of our regulation entity (the CNIL), and uniformises that over the entire EU.
-
moparisthebest
right, and it's easily abused by a bad regulator
-
pep.
tbh I'm not that trustful of my gvt either, maybe not for any good reason, just because trust is a big word
-
moparisthebest
which I think is the entire problem anyone has with it
-
Link Mauve
moparisthebest, yet they are so underfunded that they only go for big fishes and known problems, which is an issue on its own.
-
moparisthebest
an issue I'd be afraid they'd solve with more fines :P
-
Link Mauve
Yay, finally!
-
moparisthebest
anyway that same guy has possibly my favorite blog post on the internet too so it was interesting to see him again https://jacquesmattheij.com/if-you-have-nothing-to-hide
-
pep.
nice article
-
Link Mauve
moparisthebest, I fully agree with this article; now why would giving the exact same information to a bunch of companies be any less bad than to some government registry?
-
moparisthebest
it's not, but the solution is to just, not give your data to a bunch of companies?
-
moparisthebest
once you give it, you lost control, all the legislation in the world can't wrench it back
-
Link Mauve
moparisthebest, except for most people, the choice isn’t between giving all of their data to Facebook or not, it’s between talking with their friends and family or not.
-
Link Mauve
And it’s a pretty easy choice to make.
-
jonasw
don’t talk to your friends & family and have more free time \o/
-
Link Mauve
Exactly! \o/
-
Zash
See, easy!
-
jonasw
except, wait, that only works for introverts
-
Zash
More time for hacking on code!
-
Zash
Introverts of the world, unite! Separately, alone, in our homes.
-
pep.
> Link Mauve> And it’s a pretty easy choice to make. I definitely don't agree with this. It's a conscious choice you have to make
-
moparisthebest
facebook isn't the only way to talk to people
-
jonasw
moparisthebest, you think?
-
jonasw
tell that to my family
-
jonasw
(fwiw, I actually made that choice)
-
Link Mauve
pep., you don’t get this information, either before creating your account or during the time you’re using it, if you’re not looking for it.
-
jonasw
okay, that’s only true because facebook==whatsapp in my mind
-
Link Mauve
pep., the other day I went to some anime/game/cosplay convention, and every. single. person. asked me for my facebook account.
-
Link Mauve
For them it’s a no brainer.
-
pep.
Link Mauve, I agree you have to be looking for an out. That's not always obvious, you first have to understand what's wrong about it
-
Link Mauve
Everyone uses it, there is no price to pay to talk to those people, they don’t see any data being harvested, so it’s fine.
-
moparisthebest
everyone still has email right? 99% of people have SMS ?
-
jonasw
moparisthebest, yes, they have email
-
jonasw
but they don’t use it
-
jonasw
and SMS costs
-
moparisthebest
so they chose not to use it
-
Link Mauve
moparisthebest, I don’t have SMS for instance. :p
-
jonasw
moparisthebest, yes, because facebook works
-
Link Mauve
I would get a JMP account if it was available in Europe.
-
pep.
And SMS is plain text right :(
-
pep.
I mean, no tls
-
jonasw
and no cat pics
-
moparisthebest
email and SMS also works?
-
Link Mauve
Yes, SMS is s/Facebook/your telco/ but the rest of the discussion is identical.
-
moparisthebest
and both support cat pics usually (well MMS)
-
Zash
At least telcos are federated .. amongst themselves
-
Link Mauve
Email is s/Facebook/Google/ so not much better either. :p
-
MattJ
Link Mauve, FWIW I have a friend who is not just oblivious like most people, but actually supports Facebook (and others) behaviour
-
Link Mauve
moparisthebest, you’re very often looking for technical solution to social problems, it’s not necessarily a good way to address those.
-
Link Mauve
MattJ, yeah, those exist too.
-
MattJ
I never expected to meet one :(
-
moparisthebest
are legislative solutions to social problems a better way to address them Link Mauve ?
-
jonasw
moparisthebest, isn’t that what legislation is all about?
-
jonasw
addressing social problems?
-
moparisthebest
isn't that what tech is all about? :P
-
jonasw
(also, MMS are even more expensive than SMS)
-
Link Mauve
(Depends on the country, in France both are free nowadays.)
-
jonasw
lucky you
-
jonasw
I pay 9ct per SMS, don’t wanna know what MMS would cost
-
Link Mauve
Oh wow, I used to pay 15ct until 2012.
-
Link Mauve
In addition to 15€ per month just to have this number.
-
jonasw
at least the number is free
-
Link Mauve
Afterwards I changed providers, and it became 0€ a month to have the number and unlimited SMS and MMS and two hours of calls and 50 MiB of data with cheap per-MiB overprice.
-
moparisthebest
I used to pay $0.25 each way back in the day for SMS, but since probably 2005 they have been free
-
moparisthebest
well up to 5000 for free or something, virtually unlimited, I have actual unlimited now though I try to just use jmp.chat
-
winfried
Link Mauve: at least here in the Netherlands telecom is *much* more regulated then the internet. My telco provider is not allowed to do with the data what facebook does
-
Link Mauve
winfried, I think it’s the case in France too.
-
Zash
OTOH, telcos and ISPs are mandated to turn over data to the police if they ask.
-
jonasw
winfried, but legislation won’t solve anything!!kk
-
Link Mauve
But I’m really not sure, telecom is a domain I know almost nothing about.
-
jonasw
Link Mauve, ahaha
-
Zash
Depending on how normalized that got after that EU directive
-
jonasw
a paper related to graph analysis started with "or mobile call graphs which were sold as is common with telecommunictions providers"
-
jonasw
but granted this might not have been france
-
winfried
Zash: in then Netherlands even for that the laws are more stringent then for server operators!
-
jonasw
but it shows that it’s not as good as one might think
-
Zash
jonasw: Wasn't that in the news the other day? About US Telcos selling location data
-
Ge0rG
I remember when it was insanely cheap to pay 9¢/min of 9k6 mobile internet over IrDA to a phone
-
Ge0rG
And then I used to sit together with nerds, log into IRC to chat with other nerds and brag about being part of the future to both sides.