winfriedMy guestblog on E2EE at APNIC is published: https://blog.apnic.net/2020/03/19/the-hairy-issue-of-end-to-end-encrypted-instant-messaging/
edhelaswinfried awesome article, perfectly sum up my though about E2EE
pep.e2ee.. I'm going to link this once again: https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online
pep.maybe people will care to spread it
winfriedYeah, the most fascinating of that discussion is that the definition of 'good guys' is contextual and not stable. Except for me of course, I am always the good guy.
Syndacewinfried: Sorry but in that article you seem to selectively not talk about certain things to make E2EE look bad in general.
A) What about the very simple use-case that you don't want your server admin to read your private convos? Not everybody wants to protect himself from government surveillance...
B) Why do you mention manual fingerprint verification and web of trust with all their problems, but don't add a note that a master key could actually solve all of that?
winfriedSyndace: and who verifies the master key?
SyndaceI don't want you to find ways now to criticise the master key, I want you to mention it in your article next to the other options
winfriedSyndace: Yes, I left out the 'dick-pic' usecase, that is true
SyndaceYour introduction very well sets the focus on e2ee vs government surveillance, but the conclusion just bashes on e2ee in general
winfriedSyndace: my point is, a master key does not really change the discussion
SyndaceIt's one single fingerprint then, tied to the identity. I think that's much more bearable than n x m verifications.
GuusI'm not reading that as a bash on e2ee at all. Rather, as a warning that e2ee comes with drawbacks that aren't always obvious.
winfriedSyndace: not only governmental, also commercial surveillance. I see way to often people believing they are of the hook of surveillance because there is e2ee. That is the false sense of security.
winfried(but I have an appointment out of house now, will catch up later)
Syndace> The issues with instant messaging are so hairy that it’s safe to say: “Bad encryption is a false sense of security”.
Guus: IMO that doesn't say "there are drawbacks that aren't obvious" but "please don't do e2ee"
SyndaceAnyway, just wanted to get my immediate thoughts out
Guus"think about doing e2ee before applying it"
GuusI have switched it off by default, for some of the reasons described in the article: usability sucks.
Guuswe might not like that it does - but for a lot of people, it does.
winfriedSyndace: appreciated, I always learn from feedback
Guusthat's not to say that there's a huge audience that can happily and effectively use e2ee
Guusbut at its current state, it is not a solution that should be deployed without considering its effects.
Dele Olajidehas joined
SyndaceAlso I shouldn't forget the positive things, the rest of the article is pretty cool and I agree with all of that, I especially like that you found/included some numbers on how critical the metadata is. winfried
Steve Killehas left
Dele Olajidehas left
Steve Killehas joined
pep.> So commercial surveillance doesn’t rely on the content of the message at all and E2EE does not offer any protection.
winfried: I'm curious where you get your confidence about this
pep.I'm sure commercial surveillance maps social graphs, but they do need at some point to know who's doing what
pep.they can't go further like law enforcement and tap communications. well at least legally..
pep.though they can very well provide bogus clients
ZashIsn't it common that they somehow manage to scrape links you send in "encrypted" messages?
pep.this is not an issue of e2ee, probably holes in their e2ee impl. (intentional or not)
pep.also tbh I still don't see the point of MLS' scalability for most use-cases we see in the wild
pep.I feel like the article doesn't cover passive / active attacks really well, probably as Syndace said. it only considers active attacks and the rest seems "pointless" ("leap of faith")
larmapep., isn't it a thing that gmail analyzes your email contents?
pep.yeah so no e2ee
larmaThat was more related to "commercial surveillance doesn’t rely on the content of the message" when apparently Googles ad network actually does.
pep.also the article doesn't talk about e2ee from the host's perspective
pep.I as a service provider would like my users to have some kind or e2ee so I have a level of plausible deniability
winfriedpep.: I can't know for sure commercial surveillance sole on metadata analysis (and I have some cases at hand where it doesn't). But having said that: almost every big platform has experimented with content analysis and they all got a big public backlash. If they do it, they don't want to be caught. And the pattern is of commercial surveillance is extremely simple: I am active in chatgroup HCP3, most member of chatgroup HCP3 buy gear for field-hockey, so I am a good target for advertisment for field-hockey.
winfriedpep.: the service provider protecting itself is one of the strongest usecases for e2ee right now, the intimate chat usecase is the other one.
pep."intimate"? what about "privacy by default"? :)
winfriedPrivacy by default is only meaningfull if you define what aspects of privacy you want to protect or explain what you mean by privacy. The metadata of me contacting my general pacticioner contains a little information you may want to protect. The metadata of me contacting a STD clinic contains a lot of information I want to protect. There is no 'default' for privacy by default.
pep.We understand that "metadata" is not covered by e2ee in the general case, no need to rub it in :)
winfriedYeah, already wondered if I should give a non-metadata example :-)
Rob Lorangerhas left
Rob Lorangerhas joined
pep.MattJ, Seve, ralphm
ralphmHi all! Guus sent his regrets.
ralphmAny items for the agenda?
pep.I added that two days ago
pep.I'll send an email when there's actual content to to it
ralphmThe Communications person one?
ralphm1. Minute taker
pep.I'll do it afterwards
ralphm2. Hire Communications Person
ralphmpep., do you have an idea on the types of tasks this person would perform?
pep.At the moment I'm thinking about handling the newsletter, being present on social media. a few hours a week. I'm sure this can evolve pretty quickly, we could also ask them to talk at conferences etc. later on
ralphmWhich has most recently been done by, primarily Nyco, right?
pep.For some time yes
pep.Nyco hasn't really been present for a few weeks now, after summit I'd say
pep.I would prefer this to be supported by commteam tbh
pep.But the situation is what it is
pep.emus is helping as he can with the newsletter lately, and I'm helping him a bit
ralphmSo currently the commteam is nyco, JC, and Seve, if I remember correctly.
pep.We have no presence on mastodon anymore, let alone twitter
pep.If we don't keep up with the work nyco was doing (and possibly more), we're going to disappear again :)
ralphmT.b.h. I have no idea on our presence on mastodon or its significance. As a platform it is too obscure to me to want to track it. I have been really happy with the increase of Tweets on @xmpp, as well as the newsletter. Post-FOSDEM is often a lower energy time. I'm sure that the current world-wide crisis doesn't help.
MattJYeah, I'm in favour (as I believe Nyco was) of hiring someone
ralphmI am, too.
MattJI'm also strongly in favour of a presence on Mastodon
MattJThe reality is that a bunch of our target audience use it in preference to Twitter, for hopefully obvious reasons
jonas’our target audience as the XSF?
MattJA lot of discussion about XMPP (and other decentralized communication options) happens there, and it would be good to have an official presence
SeveWell, the platform is for me not one of the important things here
SeveRegarding hiring somebody
pep.Seve, yeah it's also not for me. That can be discussed once we get somebody for sure
ZashFOSS folks are likely to appreciate a Mastodon presence. :)
pep.So yeah there isn't much to discuss atm. I'm just looking at the kind of person we could want, what kind of work they'd do, and budget that
pep.I started to poke around already
ralphmWe also need to figure out how to contract a person for work, proceduraly. It think we did minor things like that in the past, but am not sure. I think it would be good to ask Peter about it.
pep.Sure, that'd be good to know. That's not the last person I want to recruit :)
pep.I'll poke peter about this
ralphmI didn't mean for him to be the person to hire. I mean to ask him about the process of hiring a person.
ralphmOk, good idea. Shall we keep this for next meeting
ralphm3. Board Voting Process and Discussions
ralphmThe item we dropped last week.
ralphmpep., you wanted to revisit this, right?
pep.Well I don't have much to add. I initially thought it would have been a 5mn chat with not much cons, especially since you mentioned that you've been somewhat doing it already so I'm not sure why we couldn't do it
pep.If the issue is with updating the Bylaws, I'm happy to have a list of things to change next time we update them, similar to what we have for XEPs / RFCs
pep.(increasing the required "In favor" votes to 3 for a motion to pass)
pep.There are other things to update in the bylaws anyway
ralphmOk, just to summarize for me: I am very happy to clarify to people how we do things, why we do them, etc. Not so keen on changing stuff unless really needed.
pep.I want to make it less painful to update things, otherwise that's the behaviour we get in indeed
pep."I don't want to change unless necessary"
pep.Also, the more we practice the easier it gets :P
ralphmMaybe I could express that better: I think that often, we do not have to change, for example, our bylaws, to do a thing.
pep.I'm not entirely fond of bylaws (or specs for that matter) not reflecting the reality of things, and just having people using loopholes here and there because "that's how things are done now"
pep.I think documentation is key
pep.And bylaws are part of this
MattJDocument, and later amend bylaws if needed?
ralphmOur bylaws, procedures, etc. form a framework for Board, our workteams and SIGs to work within. We don't have to adapt it to perfection in order to function.
ralphmI agree that documentation helps. That's why I was also in favor of recording Board decisions on the wiki.
ralphmI'm particularly careful with changing bylaws. I also know of no organisation that considers changing bylaws a regular activity that should be "easier with time".
ralphmBut if our Bylaws become an obstacle to effect a change or getting something done, then of course we can.
ralphmpep., hope that helps
pep.I'll document things and we'll see
ralphmAnything else on this point?
ralphmI've sent a draft to our mailinglist. Please comment.
pep.none from me either
pep.hmm, why board for the sponsorship mail?
ralphmbecause it is a draft
pep.So members have no say in this?
ralphmpep., the membership have elected us to run the cooperation. That means that we do on their behalf. I took drafting a letter to our sponsors as one of such tasks, and I'm asking board for its input.
pep.Sure, but I don't see the need to restrict access to the membership to what we're doing
Rob Lorangerraises hand
ralphmRob Loranger, on this topic?
pep.When I started the proposal for sprints I sent that to members@ and I did get valuable feedback
pep.Even if it was a scam issue
ralphmpep., I'm happy for you to make that call for that case. I just made a different one for this.
Rob LorangerYes, just that although I'm not yet a member, I don't think this is keeping anything from the membership. I live in a co-op and lots of things like this are handled by the board, they can't be going back and forth with members on everything they are doing. So as a potential member I don't see an issue
MattJI note that we did previously agree that board@ was for stuff that couldn't be public (or trivial noise), I don't think this is either
pep.My point is not to get members to give feedback on everything, it's just to keep the door open in case there is feedback
MattJI'm less concerned about transparency and more that wider feedback may be valuable
ralphmMattJ, sure. On the other hand, my goal was a carefully drafted letter to our sponsors. Given that currently our sponsors are also represented in the membership, arguing its contents on the members mailinglist makes sending a letter almost meaningless.
pep.MattJ, that goes hand-in-hand to me
pep.ralphm, I don't think so
MattJralphm: that's fair reasoning to me
pep.They can very well read the board meetings and see about the same content
pep.So I'd be happy to get feedback from members on the final formal form as well
pep.Anyway, that's one thing I said I disliked about board, I raised the issue and that was discussed, but I see that's not changing very much
ralphmpep., I don't think that just because you dislike a thing, that means others must agree. I like to operate in the open as much as possible. I don't think that input from the membership for this particular thing is required. That doesn't mean that it proves your point that things don't change.
pep.Including the bylaws thing above, I think it does a bit. But let's agree to disagree
ralphmOh, Rob Loranger thanks for your comment!
ralphm7. Date of Next
SeveI'm all for transparency, but on this case, I don't see the problem of Board working on a draft that can be sent after to members. Actually Rob Loranger had a good point
SeveAlright, thank you
ralphmThanks Seve. Let's consider that said within the meeting :-D
pep."Rob Loranger> [..] they can't be going back and forth with members on everything they are doing", not targeting you rob here, just to answer comments on your messages, as I said this it not my point here.
pep.And "members" is just "somebody else's email" or "one more voice during the board meeting", so I don't think that's very much of a hassle
Rob LorangerNo, and there's no reason not to ask for member input. It's just not something I as a member would be very concerned with reading beforehand. Maybe as mentioned the proposed final draft could then pass by general membership for comments.
moparisthebestKev, friendly reminder about promised XEP-0001 clarifications, I understand it's crazy times so no rush just wanted to bring it up since I remembered again :)
MattJKev, friendly reminder about notification management XEP you promised to take on at the summit
KevThat one I did *not* promise to appear in any reasonable time!
MattJJust reminding :)
jonas’.oO(that’s why the reminder is friendly :>)
pep.MattJ, friendly reminder (or rather request, plz) about making a list of things to be done within iteam :p
MattJOk ok, there is also a Trello board somewhere :)
pep.Is it just this one issue? :P
pep.Can I add things?
Zash> No description provided.
MattJpep., go ahead
jonas’Docker images hosted by GitHub cannot be pulled without credentials
ZashGithub hosts docker images now?
pep.MattJ, that was mostly in case we'd get somebody to do the work
MattJjonas’, shouldn't be an issue, Snikket uses Github to build and pushes to docker hub
pep.> Marc has left the room (Disconnected: Received SIGTERM)
> Syndace has left the room (Disconnected: Received SIGTERM)
I've seen you both leave at exactly the same second twice now, do you use the same client?
pep.Is that some weird payload?
pep.I'm not moderator here
ZashThat looks like what Prosody kills all sessions with when it ... receives SIGTERM.
pep.Maintenance then maybe
Marc> Maintenance then maybe
Ge0rGSo much for user-friendly termination messages.
Ge0rGI could bet my right arm that there was an issue about making the wiki mobile-friendly on one of the XSF trackers
ZashGe0rG, problem: The wiki uses Postgres. All current Docker images use MySQL. Migration: probably painful.