Ge0rGI have prepared temporary ToS and Privacy Policies for yax.im, which I would like to make available as a template for the XSF: https://yaxim.org/yax.im/tos/ and https://yaxim.org/yax.im/privacy/
Valerianhas joined
Andrew Nenakhovhas left
Valerianhas left
danielhas joined
winfried;-)
jonaswis a recital sufficient? or does it need an actual paragraph which instantiates that recital?
Ge0rGa what?
Valerianhas joined
alacerhas left
alacerhas joined
winfriedbangs the gavel and welcomes pep. jonasw and Ge0rG to the GDPR meeting
pep.!
jonaswGe0rG, your opt-out wording is confusing:
> You can opt out from this by unsubscribing these contacts from your contact list.
("what does unsubscribing from a contact list mean?")
I’d suggest:
> By allowing a user to subscribe (typically this is done when adding to the contact list), you opt into this transfer.
jonaswwaves at winfried
winfriedjonasw: yes, wording it as an opt-in is better
winfriedAgenda for to?
winfrieds/to/today/
pep.yeah, opt-in might be better
pep.What do we have on the agenda today? The template?
alacerhas left
pep.Not much progress on the EULA XEP. I gathered the requirements here, https://cryptpad.fr/code/#/2/code/edit/IiUC5h-fzN14FAeSdcBoAQgc/ but I haven't started the protocol bits
alacerhas joined
winfriedI feel like taking a look at the bigger picture: where are we, what is the course of action (looking at the MAM discussion in standards@) what are the todo's and how to do them
jonaswI’d also word the push service paragraph differently:
now:
> If you enable push notifications (e.g. on a mobile client), the data that is required to perform the push notification (typically a device ID and message meta data) is transmitted to the respective push service provider (Art. 6.1b, Art. 49.1b).
my suggestion:
> If you enable push notifications (e.g. on a mobile client), the message is transferred (Art. 6.1b, Art. 49.1b) to a server designated by the client application. The processing afterwards is subject to the data protection policies of the applications server and the respective push service provider.
jonaswyeah, sorry about the EULA XEP, I was more busy than I anticipated
pep.jonasw, no worries, I didn't have much time either
jonaswre push paragraph: because technically, you’re transferring the complete message to the applications service and then it’s already out of your control, Ge0rG.
winfriedneither did I ;-)
jonaswif my memory of the push protocol is right
winfriedjonasw: daniel posted a nice link to the implementation he uses. It reveals minimal data, the push service even doesn't know what application it is pushing to!
pep.winfried, of course it does? How would that work otherwise
jonaswwinfried, true, but as an XMPP server provider, you can’t be sure about which app server software is used.
winfriedjonasw: correct
jonaswand you transfer at teh very least message body and timestamp to the app server, at which point it’s out of your control
pep.jonasw, "app server"?
pep.the push component?
jonaswpep., the server provided by the client (e.g. Conversations) which transforms the XMPP Pushes (as specified in XEP-0357) to whatever is needed on the provider (google) side.
jonasw"Push Service" and "User Agent" are owned by e.g. google, but the App Server is run by the client application authors, and not by the XMPP server provider
Ge0rGjonasw: I'm not pushing actual message content, just placeholders.
jonaswGe0rG, is that a modification of mod_cloud_push?
Ge0rGjonasw: no, default behavior with a custom setting.
jonaswin any case, the statement is incorrect insofar that it suggests that (only) google/apple is the nexthop, but there’s the app server inbetween
Holgerjonasw: The protocol allows for including the sender address and message contents with the push notification, but that's optional and neither Prosody nor ejabberd will do that by default.
Holgerjonasw: The notification is not a message stanza but a PubSub-like IQ.
Ge0rGjonasw: updated both places, thanks. Please have a look at the new push wording
Dave Cridlandhas left
Ge0rGHolger: we are not talking about stanzas but about user content.
Ge0rGHolger: so "message" in this context is rather the <body> element.
jonasws/opt in into/opt into/?
alacerhas left
Ge0rGisn't the verb "opt in"?
Ge0rGmaybe "opt in to"?
winfriedGe0rG: I would say so
Ge0rG!summon native speaker
jonaswokay, nits though
jonaswotherwise I think this looks good
jonaswbut, IANAL
pep.Ge0rG, can I link to your yax.im URLs or should we move that to the wiki
pep.in the minutes
Ge0rGpep.: They are WIP right now, so I'd rather not have them linked "publically"
jonaswcopying would be fine though?
pep.k, so maybe we can copy that to the wiki
rtq3has left
Ge0rGI'd like to establish some process where we have a master copy and the yax.im ToS are a fork of that.
winfriedGe0rG: git!
Ge0rGso you can fork it yourself and profit from later updates.
jonaswmaybe a repository under xsf?
jonaswor xmpp?
Ge0rGmarkdown + C preprocessor?
Ge0rGjonasw: moving a git is the easiest part.
Ge0rGthe hard part is the split of template and specific server content.
jonaswhmm
pep.Right
jonaswjinja is a neat templating language
Ge0rGOr maybe some kind of ToS generator?
jonaswwould be trivial to build a generator on top of that
Ge0rGJinja is Beautiful. {% extends "layout.html" %} {% block body %} <ul> {% for user in users %} <li><a href="{{ user.url }}">{{ user.username }}</a></li> {% endfor ...
Ge0rGThey lost me at {%
jonaswthey copied that from erb I think
pep.I don't think we should focus on html
Ge0rGMarkdown is an ideal language for the content, minus the templating.
jonaswthe advantage I see in jinja that its inheritance and block stuff would allow for easy replacement of specific blocks.
jonaswand extension
jonaswthat would be cumbersome with C preprocessor
Ge0rGWe could also `sed -e s/ZZZservernameZZZ/$SERVERNAME/g`
jonaswthose are technicalities
Ge0rGor use bash here-documents.
jonaswlet’s focus on what winfried suggested
Ge0rGI don't care. I just don't want to learn a new templating engine language.
Ge0rGgit?
jonasw10:34:00 winfried> I feel like taking a look at the bigger picture: where are we, what
jonaswGe0rG, ^
Ge0rG:P
Ge0rGRight.
Dave Cridlandhas left
pep.In the meantime I don't have anything to show for this part of the minutes :x
pep.But we can sort this out later
winfriedhey, I am participating again :-P
winfriedBig picture: we have some things we want to change on protocol level
winfriedEULA-XEP
winfriedDeletion
winfriedTransfer of data
winfried(any other?)
danielhas left
winfriedah, defaults for MAM
Ge0rGretention times for MAM and HTTP uploads.
Ge0rGCurrent implementations lack auto-removal of "expired" entries
pep.s/HTTP uploads/server-side file storage/
winfriedThere was some discussion on the standards@ list about incorporating local laws in standards
Dave Cridlandhas left
danielhas joined
winfriedwhat is our opinion in that?
pep.Allowing deletion via the protocol has nothing to do with local laws right
winfriedI guess some topics are generic and not specifically for one jurisdiction
Ge0rGwinfried: the protocol purist in me says we should not encode local laws into our protocols.
Ge0rGOTOH, the pragmatist requests an easy way for server operators to comply with local laws.
pep.Ge0rG, I think I agree with that, but deletion itself is just a technicality and not a law
rtq3has joined
pep.We might want to have another informational "GDPR compliance" XEP
winfriedGe0rG: and what about an optional extension that describes an action needed in a certain jurisdiction...?
Ge0rGwinfried: I'd go with Business Rules paragraphs in relevant XEPs
andyhas joined
Ge0rGwhile true ; do
killall -STOP lua5.1
sqlite3 prosody.sqlite 'DELETE FROM prosodyarchive WHERE host="yax.im" AND store="archive2" AND "when" < '$(($(date +%s)-14*24*3600))' LIMIT 5000;'
killall -CONT lua5.1
sleep 2
done
Ge0rGThis is how I'm doing GDPR compliance right now.
winfriedGe0rG: :-D
Ge0rGAnd this is not only fugly, it's also killing my availability / latency.
jonaswsleep 2?!
winfriedI can imagine you want something more... sophisticated
Ge0rGjonasw: yes. I can't just delete *all* messages at once because there are too many.
Ge0rGdeleting 5k takes <10s, so it's just barely bearable.
pep.How many users do you have again?
pep.Active users
Ge0rG~1k
Ge0rGBut I have some active bots, it seems. And for reasons beyond my understanding, those bots are using MAM
winfriedSo do we agree on:
1) patching XEPs / adding XEPs when generic functionality is needed for compliance
2) adding busisness rule paragraphs to relevant XEPs to explain about local laws?
jonaswGe0rG, (1) is adding functionality, (2) is adding business rules
jonaswthose are differences, and (2) can be moved to a generic GDPR XEP, while (1) can’t
jonasw(well, could, but it wouldn’t make sense)
pep.jonasw, 1 could be added to an addon XEP, but :/
pep.Not informal
pep.**informational
Dave CridlandI'd rather not plaster every XEP with detailed GDPR implementation stuff. Rather, at most a pointer to another XEP. Otherwise the conflict between different jurisdictions is going to get very complicated, especially with normative language.
Ge0rGRe EULA XEP: do we need explicit consent?
winfriedpep.: think we need to decide on a case to case base if an add on is better of patching the xep
Ge0rGIf we need explicit consent, the EULA-on-IBR would be one possible implementation, with a web form based registration another obvious one.
pep.Dave Cridland, 1. above is not "GDPR implementation stuff", right
pep.2 and 3 are, and I'm also leaning towards 3
pep.rather than 2
winfriedI guess Dave Cridland meant the choice between 2 and 3
Ge0rGDave Cridland: I was thinking along the lines of "A server implementation must provide a way to delete user data by means of X"
valohas joined
Dave CridlandGe0rG, Yes, but that's not true everywhere. Instead you need a feature to allow users to request deletion, but I'd rather a server in a jurisdiction that mandates retention isn't offering me that feature.
pep.We will need to tell developers though where to find that XEP
pep.XEP discovery is another common issue
winfriedpep.: "Privacy considerations: this XEP may have GDPR consequences, please see XEP-GDPR for more information"
pep.winfried, k
alexishas left
Ge0rGI can't see how we can create an (informational or other) GDPR XEP until May 25h.
alexishas joined
j.rhas joined
jonaswI agree
j.rhas joined
jonaswI wanted to get EULA done by today, but schedules
winfriedGe0rG: Nope, I have to finish a DPIA before then :-D
Ge0rGDave Cridland: I still think that a mention under Business Rules is required. Even if it says "Depending on local laws, you MUST or MUST NOT provide a way ..."
Dave CridlandGe0rG, If a XEP has the phrase "MUST or MUST NOT" I will have to nuke it from orbit.
pep.What winfried said above
pep."Privacy considerations: this XEP may have GDPR consequences, please see XEP-GDPR for more information"
Dave CridlandGe0rG, Also, "MUST" etc are related to interop, not legal requirements. I suspect that we (the XSF) may need to be careful about appearing to offer legal advice, too.
winfriedGe0rG: can you explain why you think it is required?
Dave Cridlandpep., That phrasing works for me.
Ge0rGDave Cridland: why? It's only self-contradicting if it's "MUST *and* MUST NOT"
rtq3has joined
Dave CridlandGe0rG, Because it's meaningless.
Ge0rG"this XEP may have global warming consequences, or may contain traces of nuts"
pep.What doesn't have global warming consequences..
alacerhas left
Seve/SouLAnd doesn't contain traces of nuts
Seve/SouL0:D
Ge0rGDave Cridland: but I agree that RFC 2119 language SHOULD NOT be applied to legal requirements.
winfriedpep.: the chilling effect (couldn't resist)
jonasw:>
Ge0rGwinfried: LOL
pep.:)
pep.Ge0rG, so I read you'd prefer to have GDPR details *in* the XEP?
pep.And not an informational XEP
Andrew Nenakhovhas joined
Ge0rGpep.: I don't know. Whatever will make server implementors create compliant implementations works for me
Valerianhas left
alexishas left
jonaswI think general "privacy considerations" without mentioning legislation would be a good thing™
pep.I'd see winfried's phrasing above, + informational GDPR xep
Dave Cridlandpep., Really don't want to do that. The problem there is that you'd also need to put in Sarbanes-Oxley, for example.
jonaswit would help to create awareness, just like Security Considerations do
jonaswand I think they have a place in the XEP
pep.Dave Cridland, yes I don't want either
Dave Cridlandpep., That is, put GDPR sections in every XEP.
pep.hmm
alexishas joined
Dave Cridlandpep., Ugh. I'm being really unclear. I do not want GDPR bits in every XEP.
pep.what GDPR bits
pep.You'd be ok with just saying "seealso GDPR XEP"?
Dave Cridlandpep., Yes.
jonaswI have something like "The protocol specified herein allows users to store data on storage controlled by the server, so deletion and retention times need to be considered."
pep.Dave Cridland, ok then we agree
jonaswI have something like "The protocol specified herein allows users to store data on storage controlled by the server, so deletion and retention times need to be considered." in mind.
winfriedDave Cridland: if we create an informational XEP about Sarbanes-Oxley, I wouldn't mind other XEPs pointing to it
Ge0rGMaybe the issues is if we actually need *every* *other* XEP to point to the new one?
Dave CridlandIt might actually be useful to note what data is retained by each XEP, since that has very wide applicability and use.
jonaswDave Cridland, that’s what I had in mind for "Privacy Considerations" sections in XEPs
jonaswand a separate GDPR document could point out what to do with specific data.
Dave Cridlandjonasw, Right, and I think it also forms very useful input to consent, privacy policy, etc stuff on a more generic level.
jonaswso in general, PCs (Privacy Considerations) would list:
- what data is stored
- what data is exposed to other servers and users
- what is needed for data exposure (know the JID / needs to be subscribed / ...)
pep.jonasw, that still seems GDPR-specific. Some other law might define "private data" entirely differently
winfriedLike that idea, but it will be quite a bit of work to update all XEPs
rtq3has left
jonaswpep., doesn’t matter, I’d consider all user data in that section.
winfriedjonasw: +1
Dave Cridlandjonasw, +1 from me too, for whatever it's worth.
pep.jonasw, k
winfriedand should we also add a paragraph like that to the RFCs?
jonaswI’ll re-word my '363 PR to conform with that.
winfriedjonasw: great!
pep.winfried, mined territory I assume :p
Ge0rGHaving a "Privacy Considerations" section with that data in all XEPs would be great. We could just link those from the server ToS
winfriedGe0rG: with autodiscovery based on service discovery!
jonaswcan we plan for enxt?
pep.Can we define quickly what would go into that informational XEP
pep.So we can start working on it quickly
pep.jonasw, +whatever should work for me. Friday with the small delay as usual
winfriedpep.:
- steps for compliance
- red flags
jonaswI can only make friday I think
alexishas left
jonaswso friday 1230 CEST or 1330 CEST would be good for me
winfriedwfm
pep.1230 CEST worksforme
pep.1330 as well
winfried1330 not for me
jonasw1230 CEST on Friday, 25th it is then, Ge0rG?
Ge0rGeither is good
Dave CridlandIf someone writes the skeleton and an abstract for this GDPR XEP today, we can give it a number by tomorrow.
winfriedD-Day!
alexishas joined
Dave Cridland... which might help "advertise" what you guys are doing.
Ge0rGnext number is 403, right? ;)
Dave Cridland(It'd also give us something to blog about as the XSF)
jonaswGe0rG, no, next is 409 I think
pep.Ge0rG, no that's MIX?
Ge0rGOh, wow.
winfriedDave Cridland: good plan, I don't have time :-(
jonaswI’ll try to dedicate my afternoon to the EULA XEP
Dave CridlandGe0rG, I think MIX wants that, but I'd love to see the Editor creatively rearrange...
jonasw409 Conflict is also good ;-)
Ge0rGI would have skipped 403 as well. But meh.
jonaswGe0rG, 404 isn’t skipped
pep.yeah 409 is also fine :P
jonaswit’s for MIX ANON
jonasw(the order in the PRs is just weird)
Ge0rGjonasw: NOOO!1!!
jonaswgotta go now
Dave CridlandI wondered if MIX Anon was intentionally at 404.
jonaswDave Cridland, it is
Dave CridlandBut yeah, I think we should skip it for amusement's sake.
jonaswI don’t feel like renumbering them ;-)
jonaswMIX anon is a good use for XEP-0404 imo :)
Ge0rGI disagree. But what do I know.
winfriedShould I close the GDPR meeting? ;-)
Dave CridlandBy the way, huge thanks to you guys for doing this.
pep.winfried, :)
winfriedjonasw: do you have time to also submit a skelton and abstract for a GDPR informational XEP?
pep.jonasw, I can have a look at EULA, for the obvious bits? (if there is any)
Dave Cridlandwonders if he needed to opt-in to be mentioned in the minutes.
pep.Dave Cridland, I was going to ask
SaltyBoneshas joined
winfriedDave Cridland: you revealed yourself, so no mercy :-D
pep.But the logs of this room are public anyway, just like the minutes :P
Andrew Nenakhovhas joined
jonaswwinfried, no, sorry
winfriedI shouldn't do it, but I will give it a shot
winfried(then)
jonaswwinfried, why shouldn’t you do it?
jonaswif you’re uncomfortable with the markup, you can also just send me a markdown or whatever based document
jonaswand I’ll transform it
winfriedtime, am already terrible behind on an other GDPR project
jonaswright
winfriedbut it shouldn't be too much work
jonaswdo whatever you need to save time, my issue with the informational is mostly that I don’t have the big picture or anything
jonaswI’m fine with an .odt if that’s what you’re most comfortable writing in
winfriedjonasw: k, let you know if I need anything
winfriedbangs a gavel and starts writing a XEP
pep.Ge0rG, you're ok if I copy your tos/privacy policy to the wiki with a big "WIP"
pep.And "To be moved to git"
jonaswDave Cridland, I don’t think I’ll be able to make the 24 hour agenda deadline for the council meeting with the EULA XEP though
Ge0rGpep.: yeah
andyhas left
andyhas joined
pep.We're still in Q1.1.2 right
pep.or 1.1.3 maybe
pep.Ah no 1.1.2
pep."consequences for server operators"
pep.*1.2
Valerianhas joined
ibikkhas joined
rtq3has joined
ibikkhas left
ibikkhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
SaltyBoneshas left
SaltyBoneshas joined
lumihas left
pep.winfried, I'm not sure exactly what you meant by "Big picture: we have some things we want to change on protocol level" and "Transfer of data" specifically
rtq3has left
winfriedpep.: timestamp ? loosing my context ;-)
pep.19:50:33 winfried> Big picture: we have some things we want to change on protocol level
19:50:43 winfried> EULA-XEP
19:50:47 winfried> Deletion
19:50:56 winfried> Transfer of data
19:51:09 winfried> (any other?)
19:51:31 winfried> ah, defaults for MAM
pep.(UTC+9)
winfriedah...
winfriedthat is the portability thing, download everything so it can be put on an other server
pep.I see
SaltyBoneshas left
SaltyBoneshas joined
jerehas joined
SaltyBoneshas left
SaltyBoneshas joined
ibikkhas joined
Holgerhas left
lorddavidiiihas left
lorddavidiiihas left
pep.https://cryptpad.fr/code/#/2/code/edit/j5ggWca+SLu32klePWFOeCIK/ winfried, jonasw, Ge0rG if you can have a quick look before I send
Ge0rGpep.: 👍
SaltyBoneshas left
SaltyBoneshas joined
rtq3has joined
tahas joined
winfried(Y)
jonaswwfm
jubalhhas joined
edhelashas left
jonaswI’ll now try to merge the MIX PRs and then I’ll start to look at the EULA XEP
edhelashas joined
Steve Killejonasw: thanks!
Valerianhas left
Valerianhas joined
jjrhhas left
mimi89999has left
tahas joined
lovetoxhas left
SaltyBoneshas left
SaltyBoneshas joined
jjrhhas left
tahas joined
Ge0rGjonasw: But 404!
jonaswyes?
Ge0rGOkay, I didn't do anything when that window of opportunity was open, so I have no right to complain about it.
jonaswSteve Kille, is "RELIABLE-DELIVERY" not there yet or am I missing something?
Ge0rGI'll just pile my sadness on top of the Pidgin-officially-encouraged pile and move on with life.
SaltyBoneshas left
blablahas left
blablahas joined
Steve KilleRELIABLE-DELIVERY is a piece of MIX that is needed, but it was clear that hte text in MIX was wrong and it might be useful elseowere
SaltyBoneshas joined
Steve KilleSo, I (or someone else) needs to work out exactly what needs doing and write it.
Steve KilleRunning without this is probably not going to be a big deal for most deployments
Steve KilleBTW using 404 for MIX-ANON was the choice of my co-author
Steve KilleI think the humour is good
Ge0rGIMHO, that number should have been used for "XEP not found"
Steve KilleKev got there first
Andrew Nenakhovhas left
ThibGhas joined
Andrew Nenakhovhas joined
lorddavidiiihas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
SaltyBoneshas left
SaltyBoneshas joined
jonaswMIXes merged
jonaswSteve Kille, FWIW, the conflicts were because somebody submitted editorial changes in the meantime (0.10.1 was released), but that was trivial to handle
Steve Killethanks very much for sorting this out.
lovetoxhas joined
Steve KilleMeanwhile, I've received some private editorial comments on 1.0.0, whch I will work at soon
jonaswI renumbered it to 0.10.2
lumihas joined
jonaswit is not draft yet, and only draft can have 1.x.x
jonaswand since the split was editorial as discussed, it got 0.10.2
Steve Killeah - I did not realize this.
Steve KilleGiven that over half of the text vanished from 369, this scarecely seems editorial
Steve KilleI'm going to have to confess now that there were some technical changes
Steve KilleMamking the XEPs independnent needed changes
Steve KilleMaking Proxy JIDs work without MIX-ANON needed various changes
jonaswuh
jonaswyeah, I saw a namespace bump in there
jonaswbut I think that’s going to be needed either way
jonaswI can’t really fix the version number now anymore, I’m afraid.
jonaswso we’ll have to live with t hat
Steve Killeshall I move to 11.0 when I do the next set of changes?
Steve KilleAll the others are at 0.1.0
jonaswincrement the last digit (the z in x.y.z) for purely editorial changes, and the second digit (y in x.y.z, reset z to 0) for changes which include non-editorial chnages
Steve KilleI think that the changes since 10.0 deserve a seond digit bump
Steve KilleHowever, it is just a number, and I am happy with whatever the experts decree
jonaswI agree that a second digit bump would’ve made sense
jonaswbut that’s spilled milk
jonaswmore or less
Steve KilleI was asking if it makes sense to make the bump as part of the editorial changes I will make soon?
jonaswah, now I understand
jonaswI’ll abort the build and fix the version number to 0.11.0
Steve Killeif that is not too much trouble, I think that makes most sense
jonaswdone
Steve Killeyou're a hero
Valerianhas left
rtq3has left
jjrhhas left
jubalhhas joined
Valerianhas joined
j.rhas joined
j.rhas joined
marmistrzhas left
jonaswpep., Ge0rG, what do you think about announcing the TOS version via disco#info *and* stream features? This would allow servers to announce updates via stream features s.t. clients can pick that up
pep.jonasw, sgtm
Ge0rGjonasw: aren't we overloading our caps infra already?
jonaswnot sure
jonaswfor servers I don’t think so
pep.jonasw, what do you do with it then? the client knows there's a new version, where does it fetch it
jonaswpep., via the in-band protocol
pep.Ok ok
pep.iq or ad-hoc?
jonaswnot sure yet
jonaswI think ad-hoc won’t do the trick
Valerianhas left
Valerianhas joined
Valerianhas left
pep.I'd prefer iq I think, but I don't have a strong opinion
rtq3has joined
SaltyBoneshas left
pep.All the features a user will opt-in, they also need to be able to opt-out easily btw. Should that also be done via the xep (one place to rule them all, "easy discovery"), or let the client decide where each feature config should go? e.g, Preferences > MAM > [x] Enable; Preferences > Other feature > [ ] Enable
pep.Meh, I don't think the one place to rule them all would work
jonaswyupp
pep.that'd need to fiddle with every other modules
Ge0rGThere is one place to rule them all. "Delete account"
jonaswthat needs to go into the individual XEPs, just like it’s handled currently
pep.Ge0rG, no
pep.Say I still want to benefit from the services, but I want to opt-out of every consented feature
pep.Doesn't have to be "please delete MAM", just "Please no MAM anymore"
jonaswhttps://paste.debian.net/hidden/eb963ea8/
jonaswpep., Ge0rG, ^
pep."The user shall be able to retract consent [..]", I don't have the exact quote
pep.An error occurred during a connection to paste.debian.net. SSL peer rejected your certificate as expired. Error code: SSL_ERROR_EXPIRED_CERT_ALERT :(
jonaswnice
pep.I'll have to change that client cert..
jonasws/https/http/ will work though
pep.yeah.. unfortunately
Ge0rG"The server subsequently replies with the &tos; payload:" - that sounds like it's a ToS *payload*, but it's merely a ToS *link*
jonaswGe0rG, it is a payload of the ToS protocol
pep.Ge0rG, I'd like to allow for both
Valerianhas joined
pep.If you want to point to an external source, good for you. You might also want to handle this in-band
Ge0rGLet's talk about XHTML-IM ToS payloads.
jonaswpep., it’s not realistic to have the complete document in-band
pep.jonasw, that's fine as long as EULA is only used for c2s
pep.I mean, oob is fine**
jonaswI’m thinking however, if we actually make Ge0rGs thing into a template, that we could use that template and have the server say things like "this is template X version Y, with the following things filled in: MAM retention time = xyz, upload retention time = abc, representative = frank nord"
Ge0rGrepresentative = Jon Snow.
andyhas left
pep.jonasw, I'm sure that template will get hairy quickly
jonaswmaybe, but maybe not
pep.Plus operators will want to modify more than just placeholders
jonaswpep., in any case, putting the whole ToS in-band won’t work.
pep.won't work how?
jonaswquestion 1: which markup format to use for formatting?
pep.We don't have anything to do formatted payloads anymore? :)
pep.Too bad
jonaswI would have argued strongly against anything XHTML. way too much, markdown would be sufficient, if it was standardised.
pep.but styling is not markdown.
jonaswstyling is not sufficient
pep.Don't tell me
jonaswyou need headings in a ToS, and enumerations and lists
jonaswI am confused
Ge0rGAre we talking about Markleft or Markright?
pep.Ge0rG, both
pep.Also Markhtml
jjrhhas left
Valerianhas left
Valerianhas joined
jonaswpep., do you happen ot have a link to your EULA XEP pad at hand?
jonaswpep., Ge0rG, winfried, here’s a preview version with CSS: https://sotecware.net/files/noindex/xeps/tos.html ; I’d appreciate any early feedback.
jonaswI think this should cover the basic points for now, we can expand on this for including more information about the ToS in the payloads later.
pep.jonasw, example 2 contains </stream:features>
Ge0rGjonasw: the title might better be "ToS Reference" than just "ToS"
jonaswpep., ty
vanitasvitaehas left
jonaswGe0rG, "Terms of Service Agreement"?
jonaswbecause it also handles ACK-ing the ToS
jonaswI find ToS a good name still.
danielhas left
danielhas joined
pep.jonasw, can we not use oob or sims or something that's already there to give the url?
jonaswpep., what would be the benefit?
pep.Not reinventing the wheel
alexishas left
pep.hmm, oob doesn't allow for MIME, sims does though
Ge0rGWasn't there an IBR extension by daniel?
winfriedjonasw: what when there are several documents like a ToS and a separate Privacy statement?
alacerhas joined
jonaswpep., but it wouldn’t be re-usable much except for wire format maybe, and it would tie us to the SIMS namespace
pep.jonasw, I don't know what the convention is, but I'd put <deadline/> inside <tos/> maybe
mhterreshas joined
mhterreshas left
jonaswpep., but semantically, the deadline is for the change not for the ToS itself
SamWhitedhas left
winfriedCan it also be communicated when it is obliged to agree to the terms or when it should only be available
SamWhitedhas joined
jonaswwinfried, that’s a good question
jonaswwinfried, that’s a good question (regarding multiple documents)
pep.jonasw, right.. I'm a bit annoyed at having this directly in <message> for some reason
jonaswwinfried, regarding requiring agreement, sure, we can communicate that, but does it make sense?
SaltyBoneshas joined
jonaswwinfried, is there a good reason to separate the documents?
jonaswthis will increase the complexity a lot because we either have to put human-readable titles in the wire-format (complexity with i18n) or pre-define the types of documents we want to support
pep.Maybe we can just allow multiple sources of the same type
Guushas left
efrithas joined
jonaswpep., how would that look in a client UI?
> you have to agree to the following terms to use the service:
> document 1 (link)
> document 2 (link)
:/ that looks awful
alacerhas left
pep.Well.. having both links for plain/text and plain/html, what will clients display anyway?
pep.randomly choose between the two?
jonaswunless you’re poezio, you’d probably link the text/html thing
jonaswand dispatch to a web browser
jonaswpoezio might as well show the text/plain version inline
pep.pardon my UX skills, but as a user I'd prefer to have a choice
jonaswmost users don’t want to
jonaswthey don’t even care about the difference between html and plaintext :)
Guushas left
pep.which is also why I use poezio unlike "most users"
Dave Cridlandwinfried, You know, you *could* use a SASL2 task for EULA agreement.
pep.jonasw, anyway, I can live with just one document (and optionally multiple types), for the original question
Andrew Nenakhovhas joined
jonaswDave Cridland, i’d love to see a SASL2 task to replace my pre-bind/post-auth hack
jonaswIBR integration is still on the todo
winfriedjonasw: communicating the requirement to agree: some documents (like the privacy statement) only need to be available, while some others, like a 6.1a question, need to be agreed upon.
matlaghas joined
winfriedjonasw: and that is also an answer to the other topic: if you have both, you want to present both with a different status
jonaswwinfried, okay, that makes things much more complex.
pep.Right. I've seen services present me multiple ToS I could agree to
jonaswI was operating under the assumption that we have a ToS document (including privacy policy) which needs to be agreed to always and that all 6.1a questions are handled separately already.
jonasw(such as MAM)
winfriedpep.: yeah, that is ugly, but there may be good reasons for
jonaswback to the scratchpad then
pep.winfried, I guess we can skip this though, and do as jonasw says, have opt-in features be handled separately
winfriedjonasw: in our GDPR route, we avoid asking 6.1a questions, but other setups or other jurisdictions may have different needs
pep.winfried, as in, clients would have UI for this, some configuration somewhere
winfriedpep.: IF you offer an 'agree-iq', then you should also communicate if it is mandatory to agree it. Otherwise it is just informational
danielhas left
jonaswmy assumption was that it’s always mandatory
winfriedjonasw: Nope, misconception #1 about the gdpr ;-)
pep.I don't think it is (always mandatory).
jonaswmmm
jonaswokay, will have to re-do things then
winfriedjonasw: sorry...
jonaswno, that’s great, we need a good thing here
jonaswbetter sort it out before the first implementation comes along :)
winfriedDave Cridland: love that idea, but I am happy you said *could* :-D
pep.Yeah I'd like to see what that looks like as well
lovetoxhas joined
jonaswwinfried, okay, would this work:
- we have a list of documents which can be reviewed by the user
- we have a list of tickboxes where users can consent to things which aren’t handled elsewhere (e.g. additional content analysis which would go into 9.1 territory or something)
- the tickboxes default to false
- agreement to individual documents is handled via the tickboxes, if at all.
- a service would put the terms for the tickboxes in their privacy policy document by default
danielhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
jonaswso the UI would be something like this:
+----------------------------------+
| |
| Terms of Service |
| |
| Service xy has the |
| following Terms. |
| Please review: |
| |
| - Terms of Service (link) |
| - Privacy Policy (link) |
| |
| [ ] Allow analysis of my |
| messages for marketing |
| purposes |
| (see Privacy Policy §12.3) |
| [ ] Allow sharing my contacts |
| with Facebook |
| |
| |
+----------------------------------+
Wiktorhas left
jonasw+ a [Register] or [Continue] button
jonaswthe tickboxes would be provided by the service
pep.Also [Cancel], that would close the stream? :-°
jonaswprobably
pep.Would MAM go in these [ ], or would it be in client configurations like we said above
jonaswI would put that in client configuration
pep.Because then we're separating stuff that requires consent
pep.I mean there would be stuff all around, not just one place to accept
jonaswif you choose to enable MAM, you have of course already read the privacy policy and thus know the terms for MAM
jonaswyeah
pep.Right
jonaswA service could of course also put the MAM switch in there, but it’s useless if the client doesn’t support MAM, so it would be confusing.
jonaswthe tickboxes would be entirely service-define
jonaswthe tickboxes would be entirely service-defined
pep.Makes sense
Ge0rGthat looks like a data form.
jonaswGe0rG, the tickboxes will use data form wire format indeed
jonaswAd-Hoc command wire format even
Ge0rGThe issue I have is that yaxim will not connect to the server until you fill out the username + password fields.
jonaswso?
ibikkhas joined
pep.Ge0rG, pulling down a XEP because of client implementation? how dare you :o
Ge0rGpep.: I didn't write "The issue this XEP has"
winfriedpep.: a [Cancel] would be up to the server to decide, it may only disable certain functionality
pep.Ge0rG, :)
pep.winfried, if a user cancels, what happens legally? they don't agree to the ToS, but they can continue using the service?
pep.I'm a bit confused
Ge0rGI like how you have sorted out race conditions between the user reading and the ToS updating here... `<agree xmlns='urn:xmpp:tos:0'><version>0.1.0</version></agree>`
winfriedpep.: depends on the question. If the question is: "i agree to connecting to my facebook account" (or so) then not ticking the box would only stop that part of the processing, not all XMPP service
jonaswis cancel really a thing?
jonaswi mean yeah, cancel would mean that you don’t want to use the sevrice at all because you don’t agree with it’s ToS
pep.jonasw, [disagree], I guess
pep.jonasw, [Disagree], I guess
Alexhas joined
jonaswthe non-negotiable parts of the ToS, because the negotiable parts are formulated as tickboxes
pep.jonasw, yes
Ge0rGjonasw: I don't like the use of headline messages. With always-on clients, I'd always fear sending a user a message in the middle of the night.
pep.Ge0rG, it's always the night somewhere..
pep.Ge0rG, it's always night somewhere..
Ge0rGpep.: that's exactly my point.
winfriedpep.: oops mixing up not ticking a box and [disagree]
pep.Ge0rG, who cares, people should setup notifications properly
Ge0rGpep.: the right thing™ would be to send another kind of notification and let the user agree when they re-open their client
Guushas left
Ge0rGpep.: people are using Jabber for important family notifications. Ringing them up at 3AM is not what I want to do.
jonaswGe0rG, the notification could be delayed until the next CSI Active if the client is CSI Inactive with a smart implementation :)
Ge0rGjonasw: I don't believe in smart implementations any more.
jonasw(with a delay of a few minutes to allow a client to go CSI Inactive after a reconnect)
jonaswGe0rG, do you have another idea for the notification?
jonaswI don’t want to use an IQ because that won’t work with legacy clients at all.
jonaswwe don’t have a "silent" thing unfortunately
Ge0rGjonasw: you encode the tos-version in the entity caps and push a presence update.
jonaswpresence update from whom?
Dave CridlandI'm not convined you want to handle ToS changing mid-stream.
Ge0rGfrom the server.
jonaswand that won’t work with legacy clients at all.
winfriedDave Cridland: why not?
jonaswGe0rG, users typically don’t have their server in the roster.
Ge0rGDave Cridland: what's your counter-proposal? Kick the client?
Ge0rGjonasw: yes.
pep.clients*?
Ge0rGjonasw: this is why it's going to work.
jonaswGe0rG, you are an evil persion
Ge0rGjonasw: what was discussed last time for mid-stream server-caps updates?
Dave CridlandGe0rG, Basically. If you're at the point where the ToS update is so pressing you need to get user agreement at that moment, you're going to need to anyway.
jonaswbut relatedly, I have an update for XEP-0390 pending which allows servers to push updates to their caps
Guushas left
Guushas left
jonaswDave Cridland, nobody’s talking about "in that moment"
Guushas joined
Ge0rGjonasw: yes. yes I am.
jonaswthe notification is supposed to be sent a few days ahead so that the user has time to review etc.
Ge0rGyou kick the user twice. First on the ToS update, second when they failed to accept the update in time.
Ge0rGBTW, what happens if they fail to accept it? They get kicked and can't reconnect? Need to accept the ToS oob?
jonaswideally, this would be a SASL2 thing as suggested by Dave Cridland, but we don’t have SASL2 yet, and it can easily replaced with SASL2 later.
Ge0rGjonasw: wow, well thought out :)
lnjhas left
lnjhas joined
winfriedGe0rG: isn't that up to to the server
Ge0rGdata-forms in SASL2?
jonaswGe0rG, sasl2 is like zombo.com -- everything is possible in SASL2
Ge0rGwinfried: what that?
SaltyBoneshas left
SaltyBoneshas joined
winfried[17:25:29] <Ge0rG> BTW, what happens if they fail to accept it? They get kicked and can't reconnect? Need to accept the ToS oob?
Ge0rGwinfried: yeah, but if you lock out the user, they need an oob mechanism to re-agree with the ToS
jonasw(or an in-band mechanism ;-))
Ge0rGan in-band mechanism between auth and bind, yes.
Ge0rGcan you 0198 resume such a semi-zombie?
Wiktorhas joined
jonaswI was about to add that you’d kill the session completely when they don’t agree to the ToS in time
jonaswyou can’t know how long it’ll take for them to ack the new terms and shutting down the session cleanly and completely is probably the best you can do.
Guushas left
alexishas joined
Guushas left
waqashas joined
alexishas left
j.rhas joined
alexishas joined
Dave Cridlandhas left
SaltyBoneshas left
SaltyBoneshas joined
Guushas left
Guushas left
Guushas joined
efrithas left
jjrhhas left
SaltyBoneshas left
SaltyBoneshas joined
alexishas left
alexishas joined
Alexhas left
winfriedjonasw: can you have a look? https://github.com/winfried/xeps/blob/master/inbox/GDPR.xml
jonaswI would add a paragraph right into the introduction: "This document is not legal advice"
jonaswthis is probably a good start
pep.winfried, interoperability*
blablahas left
blablahas joined
Andrew Nenakhovhas left
winfriedjonasw: thanks, added
winfriedpep.: thanks, fixed
jjrhhas left
Andrew Nenakhovhas joined
peterhas joined
winfriedjonasw: do you want a pull request?
jonaswwinfried, you can do a PR, I’m not 100% convinced that this is enough to pass though.
jonaswand I’m not 100% sure if this is council or board matter
jonaswDave Cridland, do you have an opinion?
winfriedjonasw: we will see ;-)
Dave CridlandIt's not procedural, so probably not Board.
jonaswit’s informational though
Dave CridlandYes, but lots of Informational stuff is processed by Council.
Dave CridlandBoard handle the XEPs that document XSF policy and procedures.
jonaswokay
jonaswso council it is
Dave Cridland(Which are "Procedural")
jjrhhas left
rtq3has left
winfriedjonasw: pull request send
jonaswneat, thanks
flowhas left
jjrhhas left
flowhas joined
winfriedOf to dinner!
jonaswgl!
jjrhhas left
jjrhhas left
rionhas joined
j.rhas joined
ibikkhas left
SaltyBoneshas left
marchas left
SaltyBoneshas joined
jonaswanother update
blablahas joined
xnyhpshas joined
xnyhpshas joined
ibikkhas joined
j.rhas joined
winfriedhas joined
jjrhhas left
SaltyBoneshas left
SaltyBoneshas joined
Steve Killehas left
Steve Killehas left
tuxhas left
SaltyBoneshas left
SaltyBoneshas joined
Steve Killehas joined
jubalhhas left
ralphmhas left
marmistrzhas joined
alacerhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
Valerianhas joined
Valerianhas left
marmistrzhas joined
Dave Cridlandhas left
Dave Cridlandhas left
SamWhitedhas left
pep.jonasw, no MIME anymore?
rionhas left
Valerianhas joined
rtq3has joined
pep.meh, nvm. You gave me too much options in the first draft!
Steve Killehas left
pep.meh, nvm. You gave me too many options in the first draft!
pep.Ah wait, there is
Ge0rGhas joined
Dave Cridlandhas left
jjrhhas left
Dave Cridlandhas left
Valerianhas left
pep.you say "The data form for legacy clients and additional opt-ins/opt-outs", but even if I'm a client implementing the XEP I'll want all this, no? What exactly can I get rid of in that form, especially when I have to reply with the same fields
SaltyBoneshas left
SaltyBoneshas joined
pep.hmm, maybe just to provide alternative versions/urls of the documents
j.rhas left
Valerianhas joined
marchas left
jonaswpep., yes, you can only remove the additional elements
jonaswpep., yes, you can only remove the documents
jonaswbut that is written down there
pep.nit: "In the future, more children may be added to the <tos/> element. Conforming clients thus MUST ignore all children they do not understand.", I find "conforming" disturbing here, as conforming clients would understand these updates.. But I know you're talking about cases where deployments are not up-to-date
jonaswpep., it might also be that an additional XEP extends it
pep.Ok makes more sense in this case
matlaghas joined
Tobiashas joined
pep.jonasw, "[..] and use a richer representation obtained from the <tos/> element for the same data." you mean HTTP GET on the urls?
jonaswfor example
pep.Does it have to be a url btw
jonaswand in the future maybe fancy things like machine-readable MAM retention times etc.
jonaswyes
pep.can it be a uri
lumihas left
jonaswugh, I never get the difference
pep.I'm probably wrong, I mean does it have to be http
jonaswno
pep.How would you display a plaintext file retrieved in your client, the question of rich formatting still stands
jonaswyou could also have a text/markdown version.
jonaswor text/restructuredtext
ralphmhas joined
pep.Instead of "Duplicate MIME types MUST NOT occur.", can we have "Duplicate url/MIME type pairs MUT NOT occur."
pep.hmm, I assume the url would use a different protocol though
Dave Cridlandhas left
jonaswpep., duplicate MIME types makes it hard for the client to decide which one ot use
pep.It can decide based on the protocol _and_ the mime type
jonaswright
jonaswmight add that later
jonaswI pushed it into the xeps repo now
pep.Ok
rionhas left
pep.What about errors when client submits filled-out form
pep."not latest version", "invalid documents", "unknown opt-in feature", etc.
matlaghas joined
j.rhas joined
jonaswyeah, should probably be defined
pep.Ah I see you've added a <tos-push/> containe r:)
jonaswyou can send those to the mai3ling list :)
pep.will do
jonasw(once the announcement is out)
jonaswwhich I’m not 100% sure I’ll get to today because I’m heading out in half an hour and the build takes ages :(
danielhas left
pep.:(
pep.something something incremental builds
jonaswyeah
jonaswsomething something docker sucks
pep.I'd argue that's up to the CI
lskdjfhas left
jonaswyou can’t do that with docker hub, period.
pep.Ah, well docker hub != docker
SaltyBoneshas left
SaltyBoneshas joined
Valerianhas left
lskdjfhas left
pep.Did we had Privacy Considerations to the template btw
jonaswno, I didn’t want to do that in the climate after the XEP-0363 debate
pep.ok
jonaswand I still need to reword the ideas for that
blablahas joined
pep."The version identifiers generated by servers MUST NOT be longer than 128 characters." a reason for this in particular? (even if unlikely)
la|r|mahas joined
pep."Servers MUST NOT allow entities to query the Terms of Service of another server unless they are authenticated." I'm not sure I get this
jonaswbefore you are authenticated, your server MUST NOT allow you to query other servers for their ToS
pep.But other servers may allow anybody to attempt a connection and query their tos right
pep.Just like my https://service.example/tos will be public, I don't mind having my xmpp server disclosing them publicly
jonaswyes
jonaswbut you don’t want to be an open proxy for entities sending IQs towards other servers.
pep.I see
pep.Also what about sasl anonymous
jonaswI don’t see how that’s relevant
pep.ToS acceptance is required only if there is account creation?
jonaswdunno
jonaswIBR integration is still fully missing
pep.Right
ludohas joined
jonaswtheoretically, a SASL ANONYMOUS thing could apply § 4.4 Inform client about Terms of Service expiry after authentication
Dave Cridlandhas left
pep.I'll reply to the thread when it's out and ask about all that
Dave Cridlandhas left
waqashas left
SamWhitedhas left
jonaswokay gotta go, build didn’t finish in time :( will send the mail tomorrow or later tonight
Dave Cridlandhas left
SaltyBoneshas left
SaltyBoneshas joined
Dave Cridlandhas left
jubalhhas joined
danielhas joined
rtq3has left
jjrhhas left
bearhas left
bearhas joined
Dave Cridlandhas left
Zashhas joined
Tobiashas joined
waqashas joined
Dave Cridlandhas left
SaltyBoneshas left
SaltyBoneshas joined
Ge0rGhas joined
alacerhas left
alacerhas joined
SaltyBoneshas left
SaltyBoneshas joined
SaltyBoneshas left
SaltyBoneshas joined
Tobiashas joined
Valerianhas joined
la|r|mahas joined
la|r|mahas joined
Dave Cridlandhas left
marmistrzhas left
vanitasvitaehas left
Guushas left
Valerianhas left
rtq3has joined
Guushas left
Guushas left
Guushas left
jjrhhas left
jjrhhas left
alexishas left
jjrhhas left
Guushas left
alexishas joined
jjrhhas left
Ge0rGhas left
rtq3has left
jjrhhas left
jjrhhas left
jjrhhas left
jjrhhas left
jjrhhas left
sezuanhas joined
alacerhas left
alacerhas joined
jjrhhas left
matlaghas joined
Dave Cridlandhas left
jjrhhas left
rtq3has joined
Ge0rGhas joined
alacerhas left
winfriedhas left
danielhas left
ralphmhas left
jjrhhas left
jjrhhas left
jubalhhas left
jjrhhas left
jjrhhas left
jjrhhas left
jubalhhas joined
Valerianhas joined
Guushas left
jjrhhas left
jjrhhas left
Guushas left
jjrhhas left
jubalhhas left
jjrhhas left
SamWhitedhas left
Ge0rGhas left
jjrhhas left
alacerhas joined
marchas left
Nekithas left
Nekithas joined
jjrhhas left
jjrhhas left
jubalhhas joined
alacerhas left
Kevhas joined
marchas left
jjrhhas left
jjrhhas left
jjrhhas left
jjrhhas left
jjrhhas left
jjrhhas left
jubalhhas left
jubalhhas joined
Ge0rGspeaking of appropriate number mappings...
403 = GDPR Compliance
404 = Terms of Service
pep.grabs popcorns
rtq3has left
moparisthebestGe0rG, I think those have been reserved for the mix hatchet job
Ge0rGmoparisthebest: not merely reserved, they are official now.
pep.moparisthebest, yes, he's been onto it for half a day now, now about this :P