My guestblog on E2EE at APNIC is published: https://blog.apnic.net/2020/03/19/the-hairy-issue-of-end-to-end-encrypted-instant-messaging/
lovetoxhas joined
Shellhas joined
lskdjfhas joined
paulhas left
paulhas joined
edhelas
winfried awesome article, perfectly sum up my though about E2EE
winfried
thanks!
mukt2has left
paulhas left
paulhas joined
paulhas left
paulhas joined
paulhas left
paulhas joined
lovetoxhas left
pep.
e2ee.. I'm going to link this once again: https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online
adiaholic_has left
pep.
maybe people will care to spread it
adiaholic_has joined
winfried
Yeah, the most fascinating of that discussion is that the definition of 'good guys' is contextual and not stable. Except for me of course, I am always the good guy.
Syndace
winfried: Sorry but in that article you seem to selectively not talk about certain things to make E2EE look bad in general.
A) What about the very simple use-case that you don't want your server admin to read your private convos? Not everybody wants to protect himself from government surveillance...
B) Why do you mention manual fingerprint verification and web of trust with all their problems, but don't add a note that a master key could actually solve all of that?
winfried
Syndace: and who verifies the master key?
Syndace
I don't want you to find ways now to criticise the master key, I want you to mention it in your article next to the other options
winfried
Syndace: Yes, I left out the 'dick-pic' usecase, that is true
Syndace
Your introduction very well sets the focus on e2ee vs government surveillance, but the conclusion just bashes on e2ee in general
winfried
Syndace: my point is, a master key does not really change the discussion
Syndace
It's one single fingerprint then, tied to the identity. I think that's much more bearable than n x m verifications.
Guus
I'm not reading that as a bash on e2ee at all. Rather, as a warning that e2ee comes with drawbacks that aren't always obvious.
winfried
Syndace: not only governmental, also commercial surveillance. I see way to often people believing they are of the hook of surveillance because there is e2ee. That is the false sense of security.
winfried
(but I have an appointment out of house now, will catch up later)
Syndace
> The issues with instant messaging are so hairy that it’s safe to say: “Bad encryption is a false sense of security”.
Guus: IMO that doesn't say "there are drawbacks that aren't obvious" but "please don't do e2ee"
adiaholic_has left
adiaholic_has joined
Syndace
Anyway, just wanted to get my immediate thoughts out
Guus
"think about doing e2ee before applying it"
Guus
I have switched it off by default, for some of the reasons described in the article: usability sucks.
Guus
we might not like that it does - but for a lot of people, it does.
winfried
Syndace: appreciated, I always learn from feedback
Guus
that's not to say that there's a huge audience that can happily and effectively use e2ee
Guus
but at its current state, it is not a solution that should be deployed without considering its effects.
adiaholic_has left
adiaholic_has joined
marchas left
Dele Olajidehas joined
Shellhas left
Shellhas joined
raghavgururajanhas left
Syndace
Also I shouldn't forget the positive things, the rest of the article is pretty cool and I agree with all of that, I especially like that you found/included some numbers on how critical the metadata is. winfried
adiaholic_has left
adiaholic_has joined
marchas joined
stpeterhas joined
Jeybehas left
Jeybehas joined
raghavgururajanhas joined
Danielhas left
Danielhas joined
remkohas joined
Steve Killehas left
neshtaxmpphas left
raghavgururajanhas left
Dele Olajidehas left
Steve Killehas joined
Shellhas left
mukt2has joined
stpeterhas left
adiaholic_has left
adiaholic_has joined
mukt2has left
kuvohhas joined
kuvohhas left
kuvohhas joined
kuvohhas left
neshtaxmpphas joined
Shellhas joined
pep.
> So commercial surveillance doesn’t rely on the content of the message at all and E2EE does not offer any protection.
winfried: I'm curious where you get your confidence about this
pep.
I'm sure commercial surveillance maps social graphs, but they do need at some point to know who's doing what
pep.
they can't go further like law enforcement and tap communications. well at least legally..
pep.
though they can very well provide bogus clients
Zash
Isn't it common that they somehow manage to scrape links you send in "encrypted" messages?
Shellhas left
Shellhas joined
kuvohhas joined
lskdjfhas left
kuvohhas left
lskdjfhas joined
pep.
this is not an issue of e2ee, probably holes in their e2ee impl. (intentional or not)
kuvohhas joined
kuvohhas left
remkohas left
remkohas joined
pep.
also tbh I still don't see the point of MLS' scalability for most use-cases we see in the wild
kuvohhas joined
xelxebarhas left
kuvohhas left
pep.
I feel like the article doesn't cover passive / active attacks really well, probably as Syndace said. it only considers active attacks and the rest seems "pointless" ("leap of faith")
kuvohhas joined
kuvohhas left
larma
pep., isn't it a thing that gmail analyzes your email contents?
pep.
yeah so no e2ee
larma
That was more related to "commercial surveillance doesn’t rely on the content of the message" when apparently Googles ad network actually does.
pep.
also the article doesn't talk about e2ee from the host's perspective
pep.
I as a service provider would like my users to have some kind or e2ee so I have a level of plausible deniability
krauqhas left
remkohas left
mukt2has joined
winfried
pep.: I can't know for sure commercial surveillance sole on metadata analysis (and I have some cases at hand where it doesn't). But having said that: almost every big platform has experimented with content analysis and they all got a big public backlash. If they do it, they don't want to be caught. And the pattern is of commercial surveillance is extremely simple: I am active in chatgroup HCP3, most member of chatgroup HCP3 buy gear for field-hockey, so I am a good target for advertisment for field-hockey.
winfried
pep.: the service provider protecting itself is one of the strongest usecases for e2ee right now, the intimate chat usecase is the other one.
Danielhas left
Danielhas joined
calvinhas joined
raghavgururajanhas joined
krauqhas joined
Danielhas left
mukt2has left
raghavgururajanhas left
raghavgururajanhas joined
kuvohhas joined
kuvohhas left
adiaholic_has left
adiaholic_has joined
Danielhas joined
remkohas joined
Nekithas left
pdurbinhas left
eevvoorhas left
edhelashas left
edhelashas joined
adiaholic_has left
adiaholic_has joined
Wojtekhas joined
pep.
"intimate"? what about "privacy by default"? :)
raghavgururajanhas left
!XSF_Martinhas left
!XSF_Martinhas joined
adiaholic_has left
adiaholic_has joined
sonnyhas joined
winfried
Privacy by default is only meaningfull if you define what aspects of privacy you want to protect or explain what you mean by privacy. The metadata of me contacting my general pacticioner contains a little information you may want to protect. The metadata of me contacting a STD clinic contains a lot of information I want to protect. There is no 'default' for privacy by default.
pep.
We understand that "metadata" is not covered by e2ee in the general case, no need to rub it in :)
winfried
Yeah, already wondered if I should give a non-metadata example :-)
Wojtekhas left
adiaholic_has left
adiaholic_has joined
Danielhas left
mukt2has joined
waqashas left
mukt2has left
Jeybehas left
Jeybehas joined
marchas left
Danielhas joined
LNJhas left
emushas left
emushas joined
eevvoorhas joined
marchas joined
Rob Lorangerhas left
Rob Lorangerhas joined
lovetoxhas joined
rionhas left
rionhas joined
APachhas left
pdurbinhas joined
nyco-2has joined
pep.
!
pep.
it's time
pep.
MattJ, Seve, ralphm
Sevewaves
ralphmbangs gavel
ralphm
0. Welcome
MattJ
o/
ralphm
Hi all! Guus sent his regrets.
Danielhas left
ralphm
Any items for the agenda?
pep.
yep
MattJ
None here
pep.
I added that two days ago
pep.
I'll send an email when there's actual content to to it
pep.
-to
ralphm
The Communications person one?
pep.
yep
ralphm
ok
ralphm
1. Minute taker
pep.
I'll do it afterwards
ralphm
Thanks pep.
ralphm
2. Hire Communications Person
Danielhas joined
ralphm
pep., do you have an idea on the types of tasks this person would perform?
pep.
At the moment I'm thinking about handling the newsletter, being present on social media. a few hours a week. I'm sure this can evolve pretty quickly, we could also ask them to talk at conferences etc. later on
ralphm
Which has most recently been done by, primarily Nyco, right?
pep.
For some time yes
pep.
Nyco hasn't really been present for a few weeks now, after summit I'd say
pep.
I would prefer this to be supported by commteam tbh
pep.
But the situation is what it is
pep.
emus is helping as he can with the newsletter lately, and I'm helping him a bit
ralphm
So currently the commteam is nyco, JC, and Seve, if I remember correctly.
pep.
We have no presence on mastodon anymore, let alone twitter
pep.
Yep
emus
Hello guys
nyco-2has left
nyco-2has joined
pep.
If we don't keep up with the work nyco was doing (and possibly more), we're going to disappear again :)
ralphm
T.b.h. I have no idea on our presence on mastodon or its significance. As a platform it is too obscure to me to want to track it. I have been really happy with the increase of Tweets on @xmpp, as well as the newsletter. Post-FOSDEM is often a lower energy time. I'm sure that the current world-wide crisis doesn't help.
MattJ
Yeah, I'm in favour (as I believe Nyco was) of hiring someone
ralphm
I am, too.
MattJ
I'm also strongly in favour of a presence on Mastodon
xelxebarhas joined
MattJ
The reality is that a bunch of our target audience use it in preference to Twitter, for hopefully obvious reasons
neshtaxmpphas left
pdurbinhas left
jonas’
our target audience as the XSF?
jonas’
so, developers?
MattJ
A lot of discussion about XMPP (and other decentralized communication options) happens there, and it would be good to have an official presence
Seve
Well, the platform is for me not one of the important things here
MattJ
jonas’, yes
Seve
Regarding hiring somebody
pep.
Seve, yeah it's also not for me. That can be discussed once we get somebody for sure
Zash
FOSS folks are likely to appreciate a Mastodon presence. :)
pep.
So yeah there isn't much to discuss atm. I'm just looking at the kind of person we could want, what kind of work they'd do, and budget that
pep.
I started to poke around already
ralphm
We also need to figure out how to contract a person for work, proceduraly. It think we did minor things like that in the past, but am not sure. I think it would be good to ask Peter about it.
pep.
Sure, that'd be good to know. That's not the last person I want to recruit :)
pep.
I'll poke peter about this
APachhas joined
ralphm
I didn't mean for him to be the person to hire. I mean to ask him about the process of hiring a person.
pep.
yes yes
ralphm
:-D
ralphm
Ok, good idea. Shall we keep this for next meeting
ralphm
?
pep.
Sure
ralphm
3. Board Voting Process and Discussions
ralphm
The item we dropped last week.
ralphm
pep., you wanted to revisit this, right?
pep.
Well I don't have much to add. I initially thought it would have been a 5mn chat with not much cons, especially since you mentioned that you've been somewhat doing it already so I'm not sure why we couldn't do it
pep.
If the issue is with updating the Bylaws, I'm happy to have a list of things to change next time we update them, similar to what we have for XEPs / RFCs
pep.
(increasing the required "In favor" votes to 3 for a motion to pass)
pep.
There are other things to update in the bylaws anyway
ralphm
Ok, just to summarize for me: I am very happy to clarify to people how we do things, why we do them, etc. Not so keen on changing stuff unless really needed.
pep.
I want to make it less painful to update things, otherwise that's the behaviour we get in indeed
pep.
"I don't want to change unless necessary"
pep.
Also, the more we practice the easier it gets :P
jonas’has left
APachhas left
ralphm
Maybe I could express that better: I think that often, we do not have to change, for example, our bylaws, to do a thing.
pep.
I'm not entirely fond of bylaws (or specs for that matter) not reflecting the reality of things, and just having people using loopholes here and there because "that's how things are done now"
pep.
I think documentation is key
pep.
And bylaws are part of this
MattJ
Document, and later amend bylaws if needed?
ralphm
Our bylaws, procedures, etc. form a framework for Board, our workteams and SIGs to work within. We don't have to adapt it to perfection in order to function.
ralphm
I agree that documentation helps. That's why I was also in favor of recording Board decisions on the wiki.
ralphm
I'm particularly careful with changing bylaws. I also know of no organisation that considers changing bylaws a regular activity that should be "easier with time".
adiaholic_has left
ralphm
But if our Bylaws become an obstacle to effect a change or getting something done, then of course we can.
adiaholic_has joined
raghavgururajanhas joined
ralphm
pep., hope that helps
pep.
not really.
pep.
I'll document things and we'll see
ralphm
ok
ralphm
Anything else on this point?
jonas’has joined
Wojtekhas joined
pep.
Apparently not
ralphm
ok
ralphm
5. Sponsorship
ralphm
I've sent a draft to our mailinglist. Please comment.
ralphm
6. AOB
ralphm
?
Seve
None here.
pep.
none from me either
pep.
hmm, why board for the sponsorship mail?
ralphm
because it is a draft
pep.
So members have no say in this?
calvinhas left
calvinhas joined
ralphm
pep., the membership have elected us to run the cooperation. That means that we do on their behalf. I took drafting a letter to our sponsors as one of such tasks, and I'm asking board for its input.
pep.
Sure, but I don't see the need to restrict access to the membership to what we're doing
Rob Lorangerraises hand
ralphm
Rob Loranger, on this topic?
pep.
When I started the proposal for sprints I sent that to members@ and I did get valuable feedback
pep.
Even if it was a scam issue
ralphm
pep., I'm happy for you to make that call for that case. I just made a different one for this.
Rob Loranger
Yes, just that although I'm not yet a member, I don't think this is keeping anything from the membership. I live in a co-op and lots of things like this are handled by the board, they can't be going back and forth with members on everything they are doing. So as a potential member I don't see an issue
MattJ
I note that we did previously agree that board@ was for stuff that couldn't be public (or trivial noise), I don't think this is either
pep.
My point is not to get members to give feedback on everything, it's just to keep the door open in case there is feedback
MattJ
I'm less concerned about transparency and more that wider feedback may be valuable
Marandahas left
Marandahas joined
ralphm
MattJ, sure. On the other hand, my goal was a carefully drafted letter to our sponsors. Given that currently our sponsors are also represented in the membership, arguing its contents on the members mailinglist makes sending a letter almost meaningless.
pep.
MattJ, that goes hand-in-hand to me
pep.
ralphm, I don't think so
MattJ
ralphm: that's fair reasoning to me
pep.
They can very well read the board meetings and see about the same content
pep.
So I'd be happy to get feedback from members on the final formal form as well
pep.
Anyway, that's one thing I said I disliked about board, I raised the issue and that was discussed, but I see that's not changing very much
LNJhas joined
ralphm
pep., I don't think that just because you dislike a thing, that means others must agree. I like to operate in the open as much as possible. I don't think that input from the membership for this particular thing is required. That doesn't mean that it proves your point that things don't change.
pep.
Including the bylaws thing above, I think it does a bit. But let's agree to disagree
ralphm
ok
ralphm
Oh, Rob Loranger thanks for your comment!
ralphm
7. Date of Next
ralphm
+1W
ralphm
8. Close
pep.
yep
ralphm
Thanks all!
pep.
Thanks
ralphmbangs gavel
Seve
I'm all for transparency, but on this case, I don't see the problem of Board working on a draft that can be sent after to members. Actually Rob Loranger had a good point
Seve
Alright, thank you
MattJ
Thanks all
ralphm
Thanks Seve. Let's consider that said within the meeting :-D
Seve
Hehe ;D
pep.
"Rob Loranger> [..] they can't be going back and forth with members on everything they are doing", not targeting you rob here, just to answer comments on your messages, as I said this it not my point here.
pep.
And "members" is just "somebody else's email" or "one more voice during the board meeting", so I don't think that's very much of a hassle
Marchas left
Syndacehas left
Syndacehas joined
Marchas joined
Rob Loranger
No, and there's no reason not to ask for member input. It's just not something I as a member would be very concerned with reading beforehand. Maybe as mentioned the proposed final draft could then pass by general membership for comments.
remkohas left
remkohas joined
adiaholic_has left
rionhas left
adiaholic_has joined
moparisthebest
Kev, friendly reminder about promised XEP-0001 clarifications, I understand it's crazy times so no rush just wanted to bring it up since I remembered again :)
Kev
Noted.
MattJ
Kev, friendly reminder about notification management XEP you promised to take on at the summit
Kev
That one I did *not* promise to appear in any reasonable time!
MattJ
Just reminding :)
jonas’
.oO(that’s why the reminder is friendly :>)
pep.
MattJ, friendly reminder (or rather request, plz) about making a list of things to be done within iteam :p
Docker images hosted by GitHub cannot be pulled without credentials
Zash
Github hosts docker images now?
pep.
MattJ, that was mostly in case we'd get somebody to do the work
Marchas left
Syndacehas left
MattJ
jonas’, shouldn't be an issue, Snikket uses Github to build and pushes to docker hub
pep.
> Marc has left the room (Disconnected: Received SIGTERM)
> Syndace has left the room (Disconnected: Received SIGTERM)
I've seen you both leave at exactly the same second twice now, do you use the same client?
pep.
Is that some weird payload?
Zash
Server, rather?
pep.
or server
pep.
I'm not moderator here
pep.
Ah, server.
Marchas joined
Zash
That looks like what Prosody kills all sessions with when it ... receives SIGTERM.
pep.
Maintenance then maybe
rionhas joined
Syndacehas joined
Marc
> Maintenance then maybe
yes
Ge0rG
So much for user-friendly termination messages.
Ge0rG
I could bet my right arm that there was an issue about making the wiki mobile-friendly on one of the XSF trackers
Zash
Ge0rG, problem: The wiki uses Postgres. All current Docker images use MySQL. Migration: probably painful.
Ge0rG
https://github.com/xsf/mediawiki-docker/issues/2
Syndace
yup, working on the server
archas left
archas joined
paulhas left
Rob Lorangerhas left
Rob Lorangerhas joined
stpeterhas joined
Jeybehas left
Jeybehas joined
Wojtekhas left
archas left
archas joined
archas left
archas joined
Wojtekhas joined
paulhas joined
jonas’
moparisthebest, where is your magic letsencrypt/nginx snippet?