XSF Discussion - 2020-03-19

My guestblog on E2EE at APNIC is published: https://blog.apnic.net/2020/03/19/the-hairy-issue-of-end-to-end-encrypted-instant-messaging/

winfried awesome article, perfectly sum up my though about E2EE

thanks!

e2ee.. I'm going to link this once again: https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online

maybe people will care to spread it

Yeah, the most fascinating of that discussion is that the definition of 'good guys' is contextual and not stable. Except for me of course, I am always the good guy.

winfried: Sorry but in that article you seem to selectively not talk about certain things to make E2EE look bad in general. A) What about the very simple use-case that you don't want your server admin to read your private convos? Not everybody wants to protect himself from government surveillance... B) Why do you mention manual fingerprint verification and web of trust with all their problems, but don't add a note that a master key could actually solve all of that?

Syndace: and who verifies the master key?

I don't want you to find ways now to criticise the master key, I want you to mention it in your article next to the other options

Syndace: Yes, I left out the 'dick-pic' usecase, that is true

Your introduction very well sets the focus on e2ee vs government surveillance, but the conclusion just bashes on e2ee in general

Syndace: my point is, a master key does not really change the discussion

It's one single fingerprint then, tied to the identity. I think that's much more bearable than n x m verifications.

I'm not reading that as a bash on e2ee at all. Rather, as a warning that e2ee comes with drawbacks that aren't always obvious.

Syndace: not only governmental, also commercial surveillance. I see way to often people believing they are of the hook of surveillance because there is e2ee. That is the false sense of security.

(but I have an appointment out of house now, will catch up later)

> The issues with instant messaging are so hairy that it’s safe to say: “Bad encryption is a false sense of security”. Guus: IMO that doesn't say "there are drawbacks that aren't obvious" but "please don't do e2ee"

Anyway, just wanted to get my immediate thoughts out

"think about doing e2ee before applying it"

I have switched it off by default, for some of the reasons described in the article: usability sucks.

we might not like that it does - but for a lot of people, it does.

Syndace: appreciated, I always learn from feedback

that's not to say that there's a huge audience that can happily and effectively use e2ee

but at its current state, it is not a solution that should be deployed without considering its effects.

Also I shouldn't forget the positive things, the rest of the article is pretty cool and I agree with all of that, I especially like that you found/included some numbers on how critical the metadata is. winfried

> So commercial surveillance doesn’t rely on the content of the message at all and E2EE does not offer any protection. winfried: I'm curious where you get your confidence about this

I'm sure commercial surveillance maps social graphs, but they do need at some point to know who's doing what

they can't go further like law enforcement and tap communications. well at least legally..

though they can very well provide bogus clients

Isn't it common that they somehow manage to scrape links you send in "encrypted" messages?

this is not an issue of e2ee, probably holes in their e2ee impl. (intentional or not)

also tbh I still don't see the point of MLS' scalability for most use-cases we see in the wild

I feel like the article doesn't cover passive / active attacks really well, probably as Syndace said. it only considers active attacks and the rest seems "pointless" ("leap of faith")

pep., isn't it a thing that gmail analyzes your email contents?

yeah so no e2ee

That was more related to "commercial surveillance doesn’t rely on the content of the message" when apparently Googles ad network actually does.

also the article doesn't talk about e2ee from the host's perspective

I as a service provider would like my users to have some kind or e2ee so I have a level of plausible deniability

pep.: I can't know for sure commercial surveillance sole on metadata analysis (and I have some cases at hand where it doesn't). But having said that: almost every big platform has experimented with content analysis and they all got a big public backlash. If they do it, they don't want to be caught. And the pattern is of commercial surveillance is extremely simple: I am active in chatgroup HCP3, most member of chatgroup HCP3 buy gear for field-hockey, so I am a good target for advertisment for field-hockey.

pep.: the service provider protecting itself is one of the strongest usecases for e2ee right now, the intimate chat usecase is the other one.

"intimate"? what about "privacy by default"? :)

Privacy by default is only meaningfull if you define what aspects of privacy you want to protect or explain what you mean by privacy. The metadata of me contacting my general pacticioner contains a little information you may want to protect. The metadata of me contacting a STD clinic contains a lot of information I want to protect. There is no 'default' for privacy by default.

We understand that "metadata" is not covered by e2ee in the general case, no need to rub it in :)

Yeah, already wondered if I should give a non-metadata example :-)

!

it's time

MattJ, Seve, ralphm

0. Welcome

o/

Hi all! Guus sent his regrets.

Any items for the agenda?

yep

None here

I added that two days ago

I'll send an email when there's actual content to to it

-to

The Communications person one?

yep

ok

1. Minute taker

I'll do it afterwards

Thanks pep.

2. Hire Communications Person

pep., do you have an idea on the types of tasks this person would perform?

At the moment I'm thinking about handling the newsletter, being present on social media. a few hours a week. I'm sure this can evolve pretty quickly, we could also ask them to talk at conferences etc. later on

Which has most recently been done by, primarily Nyco, right?

For some time yes

Nyco hasn't really been present for a few weeks now, after summit I'd say

I would prefer this to be supported by commteam tbh

But the situation is what it is

emus is helping as he can with the newsletter lately, and I'm helping him a bit

So currently the commteam is nyco, JC, and Seve, if I remember correctly.

We have no presence on mastodon anymore, let alone twitter

Yep

Hello guys

If we don't keep up with the work nyco was doing (and possibly more), we're going to disappear again :)

T.b.h. I have no idea on our presence on mastodon or its significance. As a platform it is too obscure to me to want to track it. I have been really happy with the increase of Tweets on @xmpp, as well as the newsletter. Post-FOSDEM is often a lower energy time. I'm sure that the current world-wide crisis doesn't help.

Yeah, I'm in favour (as I believe Nyco was) of hiring someone

I am, too.

I'm also strongly in favour of a presence on Mastodon

The reality is that a bunch of our target audience use it in preference to Twitter, for hopefully obvious reasons

our target audience as the XSF?

so, developers?

A lot of discussion about XMPP (and other decentralized communication options) happens there, and it would be good to have an official presence

Well, the platform is for me not one of the important things here

jonas’, yes

Regarding hiring somebody

Seve, yeah it's also not for me. That can be discussed once we get somebody for sure

FOSS folks are likely to appreciate a Mastodon presence. :)

So yeah there isn't much to discuss atm. I'm just looking at the kind of person we could want, what kind of work they'd do, and budget that

I started to poke around already

We also need to figure out how to contract a person for work, proceduraly. It think we did minor things like that in the past, but am not sure. I think it would be good to ask Peter about it.

Sure, that'd be good to know. That's not the last person I want to recruit :)

I'll poke peter about this

I didn't mean for him to be the person to hire. I mean to ask him about the process of hiring a person.

yes yes

:-D

Ok, good idea. Shall we keep this for next meeting

?

Sure

3. Board Voting Process and Discussions

The item we dropped last week.

pep., you wanted to revisit this, right?

Well I don't have much to add. I initially thought it would have been a 5mn chat with not much cons, especially since you mentioned that you've been somewhat doing it already so I'm not sure why we couldn't do it

If the issue is with updating the Bylaws, I'm happy to have a list of things to change next time we update them, similar to what we have for XEPs / RFCs

(increasing the required "In favor" votes to 3 for a motion to pass)

There are other things to update in the bylaws anyway

Ok, just to summarize for me: I am very happy to clarify to people how we do things, why we do them, etc. Not so keen on changing stuff unless really needed.

I want to make it less painful to update things, otherwise that's the behaviour we get in indeed

"I don't want to change unless necessary"

Also, the more we practice the easier it gets :P

Maybe I could express that better: I think that often, we do not have to change, for example, our bylaws, to do a thing.

I'm not entirely fond of bylaws (or specs for that matter) not reflecting the reality of things, and just having people using loopholes here and there because "that's how things are done now"

I think documentation is key

And bylaws are part of this

Document, and later amend bylaws if needed?

Our bylaws, procedures, etc. form a framework for Board, our workteams and SIGs to work within. We don't have to adapt it to perfection in order to function.

I agree that documentation helps. That's why I was also in favor of recording Board decisions on the wiki.

I'm particularly careful with changing bylaws. I also know of no organisation that considers changing bylaws a regular activity that should be "easier with time".

But if our Bylaws become an obstacle to effect a change or getting something done, then of course we can.

pep., hope that helps

not really.

I'll document things and we'll see

ok

Anything else on this point?

Apparently not

ok

5. Sponsorship

I've sent a draft to our mailinglist. Please comment.

6. AOB

?

None here.

none from me either

hmm, why board for the sponsorship mail?

because it is a draft

So members have no say in this?

pep., the membership have elected us to run the cooperation. That means that we do on their behalf. I took drafting a letter to our sponsors as one of such tasks, and I'm asking board for its input.

Sure, but I don't see the need to restrict access to the membership to what we're doing

Rob Loranger, on this topic?

When I started the proposal for sprints I sent that to members@ and I did get valuable feedback

Even if it was a scam issue

pep., I'm happy for you to make that call for that case. I just made a different one for this.

Yes, just that although I'm not yet a member, I don't think this is keeping anything from the membership. I live in a co-op and lots of things like this are handled by the board, they can't be going back and forth with members on everything they are doing. So as a potential member I don't see an issue

I note that we did previously agree that board@ was for stuff that couldn't be public (or trivial noise), I don't think this is either

My point is not to get members to give feedback on everything, it's just to keep the door open in case there is feedback

I'm less concerned about transparency and more that wider feedback may be valuable

MattJ, sure. On the other hand, my goal was a carefully drafted letter to our sponsors. Given that currently our sponsors are also represented in the membership, arguing its contents on the members mailinglist makes sending a letter almost meaningless.

MattJ, that goes hand-in-hand to me

ralphm, I don't think so

ralphm: that's fair reasoning to me

They can very well read the board meetings and see about the same content

So I'd be happy to get feedback from members on the final formal form as well

Anyway, that's one thing I said I disliked about board, I raised the issue and that was discussed, but I see that's not changing very much

pep., I don't think that just because you dislike a thing, that means others must agree. I like to operate in the open as much as possible. I don't think that input from the membership for this particular thing is required. That doesn't mean that it proves your point that things don't change.

Including the bylaws thing above, I think it does a bit. But let's agree to disagree

ok

Oh, Rob Loranger thanks for your comment!

7. Date of Next

+1W

8. Close

yep

Thanks all!

Thanks

I'm all for transparency, but on this case, I don't see the problem of Board working on a draft that can be sent after to members. Actually Rob Loranger had a good point

Alright, thank you

Thanks all

Thanks Seve. Let's consider that said within the meeting :-D

Hehe ;D

"Rob Loranger> [..] they can't be going back and forth with members on everything they are doing", not targeting you rob here, just to answer comments on your messages, as I said this it not my point here.

And "members" is just "somebody else's email" or "one more voice during the board meeting", so I don't think that's very much of a hassle

No, and there's no reason not to ask for member input. It's just not something I as a member would be very concerned with reading beforehand. Maybe as mentioned the proposed final draft could then pass by general membership for comments.

Kev, friendly reminder about promised XEP-0001 clarifications, I understand it's crazy times so no rush just wanted to bring it up since I remembered again :)

Noted.

Kev, friendly reminder about notification management XEP you promised to take on at the summit

That one I did *not* promise to appear in any reasonable time!

Just reminding :)

.oO(that’s why the reminder is friendly :>)

MattJ, friendly reminder (or rather request, plz) about making a list of things to be done within iteam :p

Done: https://github.com/xsf/infrastructure/issues

Ok ok, there is also a Trello board somewhere :)

Is it just this one issue? :P

Can I add things?

FTR

> No description provided. REEEEEEEE!

pep., go ahead

Docker images hosted by GitHub cannot be pulled without credentials

Github hosts docker images now?

MattJ, that was mostly in case we'd get somebody to do the work

jonas’, shouldn't be an issue, Snikket uses Github to build and pushes to docker hub

> Marc has left the room (Disconnected: Received SIGTERM) > Syndace has left the room (Disconnected: Received SIGTERM) I've seen you both leave at exactly the same second twice now, do you use the same client?

Is that some weird payload?

Server, rather?

or server

I'm not moderator here

Ah, server.

That looks like what Prosody kills all sessions with when it ... receives SIGTERM.

Maintenance then maybe

> Maintenance then maybe yes

So much for user-friendly termination messages.

I could bet my right arm that there was an issue about making the wiki mobile-friendly on one of the XSF trackers

Ge0rG, problem: The wiki uses Postgres. All current Docker images use MySQL. Migration: probably painful.

https://github.com/xsf/mediawiki-docker/issues/2

yup, working on the server

moparisthebest, where is your magic letsencrypt/nginx snippet?

jonas’, https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode

hm, how do I obtain that thumbrint from certbot?

hash of the account key or something?

`base64url( sha256( json jwk ) )`

json serialized with sorted keys. mmmmmmmmm.

uh, maybe the easiest way would just be to inspect the file certbot spits out jonas’ ?

otherwise I'm sure there's a way, just don't have it handy

nevermind, got it to work

I just made fake servers with nginx for any domains and import them as a hook