>Personally I think it's correct as is. I don't like the current way most clients I've used send images (OOB and the URL in the body) and in my own clients I wouldn't want to do that because I personally expect to be able to send a separate message along with an image like most commercial messengers, MMS, etc. let you do.
Sam on the ML. I'd really like to be able to send a caption together with an image/file too but using the message body might cause problems as afaik you have to put the URL of the uploaded file only there and not OOB if you use OMEMO as it only encrypts the body.
adityaborikarhas left
adityaborikarhas joined
marchas joined
marchas left
Dele Olajidehas joined
Andrzejhas left
marchas joined
papatutuwawahas joined
j.rhas left
j.rhas joined
ChronosX88has joined
alex-a-sotohas left
emushas left
alex-a-sotohas joined
emushas joined
eevvoorhas left
debaclehas joined
Zash
OOB does support a description, but I don't know if that shows up anywhere and you can't have it in the body with this undocumented body==url method.
adityaborikarhas left
adityaborikarhas joined
Ge0rG
I'm sure somebody will document the undocumented body==url method Real Soon Now™
xeckshas joined
Link Mauvehas joined
eevvoorhas joined
eevvoorhas left
lskdjfhas joined
lorddavidiiihas joined
Zash
Any day now
Daniel
after reading 66 again I too believe it should be a seperate informational xep
Daniel
because retrofitting 66 to cover the current usage is … bad…
Ge0rG
Daniel: you could change §6 into §6.1 under a new section "Application Use Cases", and add inline media as §6.2
Ge0rG
§6 already claims:
> This section is non-normative.
flow
+1
Ge0rG
Daniel: did you have any pending further changes on CS'21 beyond the submitted and accepted PR?
Daniel
none written down
Daniel
i'd still like to mention styling
Ge0rG
Daniel: +1 to that
Ge0rG
Daniel: but now that XEP-0443 is in Last Call, it would be better to reply to standards@ with the suggestion
Ge0rG
I'm sure there will be plenty controversy.
Daniel
i don’t want to include it in the compliance part
Daniel
just mention it
Ge0rG
...from the "UX is outside of the scope of the XSF" faction ;)
DebXWoodyhas left
MattJ
Ge0rG [08:50]:
> I'm sure somebody will document the undocumented body==url method Real Soon Now™
It's been documented on modernxmpp.org for months (years?) ;)
Seve
The face when you tell people they can't write a message along with the image they are sending
edhelas
send the picture, then send a message
edhelas
et voilà :p
Seve
Fixing the root cause might also be a solution ;)
Ge0rG
MattJ: next time you do an XMPP poll, ask the people whether they knew about modernxmpp.org before you asked.
adityaborikarhas left
adityaborikarhas joined
Alexhas left
Andrzejhas joined
Ge0rG
Daniel: would you write that email?
lorddavidiiihas left
Daniel
I can create a PR
Daniel
Never ask the people if you don't know the out come
Daniel
Or something along those lines
lorddavidiiihas joined
Ge0rG
> Daniel: but now that XEP-0443 is in Last Call, it would be better to reply to standards@ with the suggestion
goffihas joined
Ge0rG
(it's no problem to say "no", I'd just like to know because otherwise I'd write that)✎
Wouldn't it be helpful to give the reporter the ability to send the last (or last N) received messages with a 0377 report? How is a server operator supposed to know whether the complaint is legit or not if no debug logging is activated?✎
mdosch
Wouldn't it be helpful to give the reporter the ability to send the last (or last N) received message(s) with a 0377 report? How is a server operator supposed to know whether the complaint is legit or not if no debug logging is activated? ✏
Ge0rG
mdosch: the problem is that a user could fake a spam report in that case
Ge0rG
I've already asked back in the day to include the stanza-id (not the stanza id, ha-ha) of the offending message, so that the server operator can pull it from the user's MAM
serge90has joined
eevvoorhas joined
Daniel
Ge0rG: technically you could probably put something in the privacy policy that by reporting a jid as spam you give the operator permission to access your MAM for that account
Daniel
Because in proper cases it's all spam messages anyway
Daniel
Or just one really
Daniel
No need to provide an individual id
Ge0rG
Daniel: as I'm not convinced of the current status of 0377 and I refuse to implement it because the current implementations are a mere simulation of handling the problem, no.
mdosch
Yes, I'd also say the "report this user" is giving you consent to access this particular chat.
Ge0rG
And my privacy policy already contains a statement about messages automatically flagged as spam
Ge0rG
Once 0377 can report actual spam messages / ensure that they are available in the user's MAM, and once there is useful admin escalation beyond writing something to the server log file, well, then we are talking.
Zash
That's implementation, nothing to do with the XEP itself.
Right now it's only "X reported Y for $reason", no message content or message id.
Nano4BeingYouhas joined
Ge0rG
I'm sure the current implementations are well-intentioned, but they don't work against real-life spambots with throw-away JIDs, which only spam you once or at most twice and then stop being used.
Nano4BeingYouhas left
Ge0rG
So a user will eagerly "block & report" the first one, then wonder why the same spam comes from a different user, then just give up in resignation
Ge0rG
So effectively you are teaching users that "block & report" doesn't yield the desired effect.
Ge0rG
Given a stanza-id, the server implementation could at least block the same message from being ever sent to the user again
Zash
That thread never turned into a XEP revision? Hrm
Zash
Anyone wanna volonteer to PR?
Ge0rG
Zash: you just did!
Zash
I have -1 spare cycles at the moment.
eevvoorhas joined
Ge0rG
Zash: do the PR, then you are at -2. Repeat often enough and you'll yield an integer overflow and have almost unlimited time
Ge0rG
Zash: while you are at it, please specify that the report may contain zero, one or many stanza-id references.
peetahhas joined
Ge0rG
FWIW, you could just allow stuffing a list of <stanza-id xmlns='urn:xmpp:sid:0'/> elements into the <report/>
winfriedhas left
winfriedhas joined
winfriedhas left
winfriedhas joined
mdosch
> Given a stanza-id, the server implementation could at least block the same message from being ever sent to the user again
That would be a big improvement. 😃
Ge0rG
mdosch: oh really?
Zash
Does Sam still want to be author?
Andrzejhas left
Andrzejhas joined
peetahhas left
APachhas left
MattJ
Again, I think this is unnecessary and silly
MattJ
Users don't report individual messages in reality
MattJ
"This message from the spam bot was spam, but none of the other messages were"
MattJ
Seriously? :)
APachhas joined
Kev
If we were to use References it'd allow you to report which bit of the body of a particular message was spammy, excluding the rest of the message.
mdosch
MattJ:
> "This message from the spam bot was spam, but none of the other messages were"
> Seriously? :)
It's for the operator to have a proof that it was a spambot and not a false complaint.
MattJ
How does it add proof?
Zash
Like Daniel said, could just fetch the last few messages (probably only one or two) with that "contact" (MAM 'with') and ????
Zash
Assuming these go in MAM
MattJ
If they don't, a stanza id is useless
Andrzejhas left
mdosch
> How does it add proof?
You see the message was e.g. carder spam and not the ex-girlfriend which annoyed the user. In the latter case he can block her but there is no need for the server operator to take further actions.
Andrzejhas joined
mdosch
Right now the reports are not really useful for me.
MattJ
You can go and look up messages in the archive right now, you don't need an id
Kev
I think you mean evidence, rather than proof, FWIW. But I think Matt is right, at least for the type of spam we see at the moment looking at any messages in the archive would probably be sufficient.
mdosch
> martin@mdosch.de reported shark2@404.city as spammer: no reason given
> martin@mdosch.de reported comprehend@default.rs as spammer: no reason given
So I have to dig in the archive now?
MattJ
mdosch, and what do you think a stanza id will do for you?
winfriedhas left
winfriedhas joined
mdosch
> I think you mean evidence, rather than proof, FWIW.
Maybe, no native speaker here.
Kev
But I also think that mdosch is right in that if you rely on whole-archive searching spammers will start sending legitimate-messages between themselves to make that more onerous, and highlighting where the admin should look helps.
MattJ
> martin@mdosch.de reported shark2@404.city's message 25ee8f48-851d-4cb9-8d81-3c34b1f892ce as spam: no reason given
MattJ
An immense improvement!
mdosch
> mdosch, and what do you think a stanza id will do for you?
The server module could fetch it and add it to the notification I hope. 😃
Kev
Ah, righ,t what I say is false. You know who submitted the report, so you can look at the spammer's history with that entity.
Kev
So I'm mostly with Matt, I think.
Daniel
Just get the last three messages from Spammer to reporter and add it
MattJ
mdosch, as I and everyone else already said, you don't need an id to query the archive
Ge0rG
Kev: it's about automatic processing. Having a stanza-id or a list of stanza-ids will allow the server to automatically fetch the message content and to do smart content-based blocking
Ge0rG
While *technically* you could just fetch the message history of the user with the reported JID without explicit consent, you still don't know which of the messages are the ones that you'd like to auto-block, maybe even for other users.
DebXWoodyhas joined
marchas left
marchas joined
Ge0rG
OTOH, the overhead of adding a list of stanza-ids to the protocol looks rather trivial
winfriedhas left
winfriedhas joined
Daniel
In the case or a real Spammer it will all be spam messages
archas left
archas joined
Ge0rG
how is the server admin supposed to know who's a real spammer?
archas left
archas joined
Daniel
You have to sanity check that either way
Zash
How is whatever receives the reports supposed to know that I'm not trying to game the reporting system?
mdosch
> In the case or a real Spammer it will all be spam messages
I recently got a sub and totally innocent looking message prior to the spam.
mdosch
Some also send a simple 'Hello' first. You probably don't want to block this message content automatically.
Daniel
Yes. But that's independent of blocking with or without message I'd ✎
MattJ
The premise of adding stanza-id(s) to the report: 1) it helps admins (false) 2) clients will expose per-message reporting in their UI (hopefully false)
Daniel
Yes. But that's independent of blocking with or without message id ✏
Daniel
Yes exactly. The UX flow in my client will remain as 'block this user'
Daniel
Not report this message
Ge0rG
Daniel: "block this user and report the messages to the server admin"
Zash
You could have "report this conversation"
MattJ
Ge0rG, all that does it tell the server information it already has?!✎
Ge0rG
or "block this user // [ ] report message content"
MattJ
Ge0rG, all that does is tell the server information it already has?! ✏
Zash
MattJ, it'd tell the admin about messages that got trough whatever spam filters are in place, so they can be further tuned.
MattJ
Zash, messages that are blocked go into the archive?
Ge0rG
MattJ: it's also about explicit consent
Ge0rG
MattJ: GDPR and things
MattJ
Ge0rG, it's absolutely not, the wire protocol has no bearing on consent at all
Zash
MattJ, ???
Ge0rG
yeah, right. Let the admin sort out the GDPR issues.
MattJ
Ge0rG, "the client sent me some ids, therefore the user consented to me reading them" is absolutely not going to stand up in the court of GDPR :)
Ge0rG
MattJ: given explicit message flagging (a sane UI for which is probably not too far fetched), the server could block the content of those messages automatically in the future
Ge0rG
MattJ: no, but a privacy policy where "messages flagged by the user as spam will be inspected" will
MattJ
Zash, I don't understand what you're saying - how would it tell the admin anything?
MattJ
Ge0rG, so when the user reports a greeting message, the server should block all greetings?
Zash
MattJ, messages that got trough the spam filter (and into the archive), those can be reported and let the admin see what got troguh
Ge0rG
MattJ: to that user
MattJ
Zash, but that is unrelated to whether stanza ids are included in the report, no?
Ge0rG
MattJ: I also wanted to make 0377 depend on the user having MAM
Ge0rG
MattJ: well, technically I don't care *how* it is technically implemented, as long as there is a way for the user / client to tell the server admin which messages are spam.
Syndacehas left
Syndacehas joined
Ge0rG
but the current combination of XEP and implementations is useless for me as a server admin trying to fight spam, and that hasn't changed in some three years.
Ge0rG
and now I'm back to doing real work.
Zash
MattJ, well, "this message right here" vs "some of the recent messages this user sent" can be useful?
MattJ
Zash, only if that's exposed in the UI
MattJ
which as we just heard from one of the leading client authors, it won't be
Zash
Long-press the spam, "report this" ?
MattJ
and I can understand why
Ge0rG
what Zash said.
Ge0rG
alternatively, have a list of the last N messages with checkboxes in front
MattJ
...
Zash
Optional? If left out, its "something recently in this conversation"
winfriedhas left
winfriedhas joined
MattJ
<-- despair
MattJ
Add it to the XEP, nobody will use it for many reasons, but at least it's there and we can stop talking about it then :)
Daniel
But is 'only some of those messages are spam' a realistic scenario?
MattJ
It will change absolutely nothing
Daniel
That would require hijacking accounts right?
Daniel
Is this happening on a large scale?
Zash
If we only care about spam
Zash
377 also has some stuff about "general abuse"
Zash
MattJ, one client author is not going to use it and another client author refuses to implement unless stuff... how2resolve?
Ge0rG
Daniel: yes it is, because many spam bots start with a "hi" and then only follow up with spam if you respond
Daniel
Well in that case the hi is spam as well
Daniel
Not something you might want to train your filter with
Ge0rG
Daniel: but not every hi is spam, whereas every spam message is
Daniel
But Spam nonetheless
Daniel
Yes. But it's part of a general pattern
Daniel
Ultimately you want to block that as well
Ge0rG
Yes.
Ge0rG
But I won't come closer to that goal by receiving spam reports about messages that are only "hi"
Daniel
If I was to report it manually I'd report that initial message as well
Ge0rG
Except maybe if I get full XML of those messages from which I can derive even more things.
Daniel
I often block people after sending me a single hi and nothing else
Daniel
We just don't have reporting enabled
Ge0rG
Anyway, if the server admins would rather fix the tooling than change the XEP, and if everybody is in agreement that all messages from a reported JID must be spam, then please just go on and implement the tooling!✎
Ge0rG
Anyway, if the server developers would rather fix the tooling than change the XEP, and if everybody is in agreement that all messages from a reported JID must be spam, then please just go on and implement the tooling! ✏
APachhas left
APachhas joined
Alexhas left
Alexhas joined
MattJ
I look forward to your funding for that work :)
Andrzejhas left
Daniel
It doesn't seem too far fetched to actually do get some funding for that
Andrzejhas joined
Ge0rG
I've said time and again that user spam reporting is worthless for me without having full XML of the offending content. Actually I'd even want to see the full presence XML, but nobody is storing that anyway.
Ge0rG
MattJ: ironically, my existing approach works well enough without user reports.
MattJ
Sure, I don't blame you for not wanting user reports right now, as they're unnecessary for anything you are doing
Ge0rG
having to manually inspect user reports would actually worsen the situation for me.
MattJ
But we need to have the protocol there and implemented, because we can do useful things when it is
MattJ: in that case please go on and implement useful things with the existing protocol
Ge0rG
it's been there since 2017 ;)
MattJ
I shall, at some point
Ge0rG
I'd eagerly use it once it is actually reducing the cost for me vs. what I'm doing now
MattJ
I've been doing a lot, but I have a lot to do in many different areas
Ge0rG
MattJ: yes, we all suffer under limited time
MattJ
I've put some serious research into this topic, including what existing tools and frameworks we can lean on (if properly integrated)
MattJ
We're not the first people to suffer from spam and abuse :)
Ge0rG
MattJ: yes, and there will be a time when xmpp spammers start to learn from other spammers
Zash
Also, how does reporting work in MUC/MIX?
Ge0rG
Zash: you can report and block the MUC
Zash
Myeah...
Ge0rG
well, you *could* implement 0377 on a MUC JID, but reports don't contain a timestamp or a message reference, so you'd end up reporting a random nickname.
Ge0rG
good luck finding out who owned that nickname from the server's MAM
Zash
Occupant IDs
Ge0rG
but of course you could add a XEP-0421 inside
Ge0rG
I still think that 0421 is a sort of a privacy violation
MattJ
Now for MUC... stanza-id would be useful :)
Zash
Vote-based XEP-0425?
Ge0rG
can you say that again, louder?
Zash
Detaching the reporting from the blocking also makes more sense with MUC
Ge0rG
would a report generate a popup on all logged in room moderators' clients?
Zash
There's prior art for that kind of thing, with asking for voice
Zash
I'd probably stick some ⚠️ symbol with a counter on the message or something, plus a notification
Zash
Said the server developer who isn't working on a client.
moparisthebesthas left
florettahas joined
moparisthebesthas joined
antranigvhas left
winfriedhas left
winfriedhas joined
neshtaxmpphas left
lorddavidiiihas left
neshtaxmpphas joined
lorddavidiiihas joined
florettahas left
goffihas left
LNJhas left
DebXWoodyhas left
LNJhas joined
florettahas joined
Dele Olajidehas left
Nano4BeingYouhas joined
lorddavidiiihas left
Seve
🕊
MattJ
Oh :)
MattJ
Guus?
Guus
here
Nano4BeingYouhas left
MattJ
Let's have a short one
MattJ
0) Roll call
MattJ
Me
lorddavidiiihas joined
Guus
eye
Guus
aye?
Guus
me.
Sevesays "me"
MattJ
1) Topics for decisions
MattJ
1.1) Martin Dosch to be appointed to the Editor Work Team
adityaborikarhas left
marchas left
MattJ
This is a motion from Ralph via email. Martin applied, and has been approved by Council per the process (who knew?)
MattJ
All that remains is that Board approves
MattJ
and Ralph also sent a +1 on this via email
MattJ
I am also +1, and thank Martin for volunteering :)
Guus
+1 for me
Seve
+1 too, thank you Martin
pep.has joined
pep.
.
MattJ
Just in time, pep. :)
pep.
+1 for Martin :)
jonas’
%s/Martin/mdosch/ for local mentions :)
MattJ
Excellent, approved unanimously
MattJ
XSF_Martin
MattJ
2) AOB
MattJ
Looks like Trello has been tidied (thanks to Ralph/whoever did that)
lorddavidiiihas left
MattJ
There are a number of "Awaiting feedback" items that I'm not inclined to wade through right now unless someone wants to pick one up specifically
pep.
Just a note from me to say I'm not reapplying as member (membership expiring this quarter), nor for board.
MattJ
:(
Zash
:(
Guus
Sorry to hear that, pep.
jonas’
oh
Seve
Sad to hear that, hope all is right pep.
adityaborikarhas joined
jonas’
I follow the sentiments of Guus and Seve on this one
pep.
Yeah. I'm just spending my time differently. I'm more useful elsewhere
MattJ
You'll be missed, though I hope you're not departing the community :)
alex-a-sotohas joined
MattJ
Ok, let's wrap up the meeting
MattJ
3) Date of next
MattJ
+1w
pep.
ok
Seve
+1
MattJ
4) Meeting closed
vanitasvitaehas left
Seve
Thank you for picking up the steering wheel today MattJ
MattJ
I'll send minutes for this and the previous meeting shortly
goffihas joined
mdosch
Thank you all. 😃
emus
Thanks Martin!
MattJ
mdosch, Github username? :)
mdosch
mdosch
MattJ
Shocking
MattJ
Invite sent
mdosch
Thanks
neshtaxmpphas left
jonas’
mdosch, also xmpp:editor@muc.xmpp.org?join
marchas joined
lorddavidiiihas joined
vanitasvitaehas joined
Dele Olajidehas joined
marchas left
marchas joined
vanitasvitaehas left
antranigvhas joined
vanitasvitaehas joined
vanitasvitaehas left
Dele Olajidehas left
Dele Olajidehas joined
alameyohas left
alameyohas joined
adityaborikarhas left
antranigvhas left
lorddavidiiihas left
Wojtekhas joined
Dele Olajidehas left
goffihas left
goffihas joined
winfriedhas left
winfriedhas joined
antranigvhas joined
wladmishas left
wladmishas joined
Mikaelahas left
antranigvhas left
archas left
archas joined
antranigvhas joined
archas left
archas joined
archas left
archas joined
debaclehas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
Dele Olajidehas joined
DebXWoodyhas joined
lorddavidiiihas joined
adityaborikarhas joined
lovetoxhas joined
sonnyhas left
sonnyhas joined
adityaborikarhas left
adityaborikarhas joined
eevvoorhas left
focus121has left
focus121has joined
stpeterhas joined
stpeterhas left
lovetoxhas left
sonnyhas left
Dele Olajidehas left
Dele Olajidehas joined
jcbrandhas left
sonnyhas joined
akkikohas joined
focus121has left
focus121has joined
jcbrandhas joined
focus121has left
focus121has joined
sonnyhas left
sonnyhas joined
focus121has left
focus121has joined
sonnyhas left
focus121has left
focus121has joined
sonnyhas joined
focus121has left
focus121has joined
Ge0rGhas left
Ge0rGhas joined
alex-a-sotohas left
Steve Killehas left
alex-a-sotohas joined
focus121has left
focus121has joined
Steve Killehas joined
nycohas joined
nycohas left
nycohas joined
Andrzejhas left
Andrzejhas joined
nycohas left
nycohas joined
xeckshas left
xeckshas joined
Andrzejhas left
Andrzejhas joined
nycohas left
Mikaelahas joined
nycohas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
intosihas left
nycohas left
nycohas joined
Andrzejhas left
Andrzejhas joined
antranigvhas left
nycohas left
nycohas joined
Andrzejhas left
Andrzejhas joined
nycohas left
Andrzejhas left
pasdesushihas joined
intosihas joined
meesonhas left
meesonhas joined
antranigvhas joined
pasdesushihas left
nycohas joined
nycohas left
nycohas joined
intosihas left
ChronosX88has left
paulhas left
lovetoxhas joined
nycohas left
pasdesushihas joined
nycohas joined
vanitasvitaehas joined
antranigvhas left
pasdesushihas left
nycohas left
sonnyhas left
sonnyhas joined
intosihas joined
vanitasvitaehas left
Andrzejhas joined
vanitasvitaehas joined
paulhas joined
antranigvhas joined
alex-a-sotohas left
alex-a-sotohas joined
antranigvhas left
papatutuwawahas left
papatutuwawahas joined
Andrzejhas left
intosihas left
marchas left
emushas left
Andrzejhas joined
Dele Olajidehas left
intosihas joined
Dele Olajidehas joined
marchas joined
marchas left
emushas joined
marchas joined
nycohas joined
werdanhas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
antranigvhas joined
nycohas left
nycohas joined
Andrzejhas left
antranigvhas left
antranigvhas joined
inkyhas joined
nycohas left
nycohas joined
Ge0rG
MattJ: somebody complained that 313 still recommends storing MUC messages in user archives in https://xmpp.org/extensions/xep-0313.html#business-storeret-user-archives - would be nice to change that
Ge0rG
Probably also something about last calls.
nycohas left
Dele Olajidehas left
nycohas joined
antranigvhas left
adityaborikarhas left
paulhas left
paulhas joined
moparisthebesthas left
moparisthebesthas joined
intosihas left
DebXWoodyhas left
intosihas joined
marchas left
Zashhas left
Zashhas joined
MattJ
Huh
lovetoxhas left
lovetoxhas joined
MattJ
As I suspected, that was added in the revision I wasn't involved in :)
MattJ
And doesn't MIX depend on this?
MattJ
(though we concluded that was generally not a good thing)
antranigvhas joined
lovetoxhas left
pasdesushihas joined
intosihas left
inkyhas left
intosihas joined
pasdesushihas left
pasdesushihas joined
Mikaelahas left
Tobiashas left
pasdesushihas left
intosihas left
goffihas left
pep.has left
wladmishas left
pasdesushihas joined
wladmishas joined
pasdesushihas left
intosihas joined
meesonhas left
werdanhas left
pasdesushihas joined
inkyhas joined
edhelashas left
edhelashas joined
pasdesushihas left
intosihas left
pasdesushihas joined
lorddavidiiihas left
pasdesushihas left
pasdesushihas joined
pasdesushihas left
stpeterhas joined
stpeterhas left
pasdesushihas joined
wladmishas left
pasdesushihas left
pasdesushihas joined
intosihas joined
jcbrandhas left
paulhas left
pasdesushihas left
Dele Olajidehas joined
pasdesushihas joined
intosihas left
pasdesushihas left
pasdesushihas joined
pasdesushihas left
deuillhas joined
alameyohas left
stpeterhas joined
stpeterhas left
pasdesushihas joined
Ge0rG
What message type does mix use? Do I even want to know?