mdosch>Personally I think it's correct as is. I don't like the current way most clients I've used send images (OOB and the URL in the body) and in my own clients I wouldn't want to do that because I personally expect to be able to send a separate message along with an image like most commercial messengers, MMS, etc. let you do.
Sam on the ML. I'd really like to be able to send a caption together with an image/file too but using the message body might cause problems as afaik you have to put the URL of the uploaded file only there and not OOB if you use OMEMO as it only encrypts the body.
adityaborikarhas left
adityaborikarhas joined
marchas joined
marchas left
Dele Olajidehas joined
Andrzejhas left
marchas joined
papatutuwawahas joined
j.rhas left
j.rhas joined
ChronosX88has joined
alex-a-sotohas left
emushas left
alex-a-sotohas joined
emushas joined
eevvoorhas left
debaclehas joined
ZashOOB does support a description, but I don't know if that shows up anywhere and you can't have it in the body with this undocumented body==url method.
adityaborikarhas left
adityaborikarhas joined
Ge0rGI'm sure somebody will document the undocumented body==url method Real Soon Now™
xeckshas joined
Link Mauvehas joined
eevvoorhas joined
eevvoorhas left
lskdjfhas joined
lorddavidiiihas joined
ZashAny day now
Danielafter reading 66 again I too believe it should be a seperate informational xep
Danielbecause retrofitting 66 to cover the current usage is … bad…
Ge0rGDaniel: you could change §6 into §6.1 under a new section "Application Use Cases", and add inline media as §6.2
Ge0rG§6 already claims:
> This section is non-normative.
flow+1
Ge0rGDaniel: did you have any pending further changes on CS'21 beyond the submitted and accepted PR?
Danielnone written down
Danieli'd still like to mention styling
Ge0rGDaniel: +1 to that
Ge0rGDaniel: but now that XEP-0443 is in Last Call, it would be better to reply to standards@ with the suggestion
Ge0rGI'm sure there will be plenty controversy.
Danieli don’t want to include it in the compliance part
Danieljust mention it
Ge0rG...from the "UX is outside of the scope of the XSF" faction ;)
DebXWoodyhas left
MattJGe0rG [08:50]:
> I'm sure somebody will document the undocumented body==url method Real Soon Now™
It's been documented on modernxmpp.org for months (years?) ;)
SeveThe face when you tell people they can't write a message along with the image they are sending
edhelassend the picture, then send a message
edhelaset voilà :p
SeveFixing the root cause might also be a solution ;)
Ge0rGMattJ: next time you do an XMPP poll, ask the people whether they knew about modernxmpp.org before you asked.
adityaborikarhas left
adityaborikarhas joined
Alexhas left
Andrzejhas joined
Ge0rGDaniel: would you write that email?
lorddavidiiihas left
DanielI can create a PR
DanielNever ask the people if you don't know the out come
DanielOr something along those lines
lorddavidiiihas joined
Ge0rG> Daniel: but now that XEP-0443 is in Last Call, it would be better to reply to standards@ with the suggestion
goffihas joined
Ge0rG(it's no problem to say "no", I'd just like to know because otherwise I'd write that)✎
mdoschWouldn't it be helpful to give the reporter the ability to send the last (or last N) received messages with a 0377 report? How is a server operator supposed to know whether the complaint is legit or not if no debug logging is activated?✎
mdoschWouldn't it be helpful to give the reporter the ability to send the last (or last N) received message(s) with a 0377 report? How is a server operator supposed to know whether the complaint is legit or not if no debug logging is activated? ✏
Ge0rGmdosch: the problem is that a user could fake a spam report in that case
Ge0rGI've already asked back in the day to include the stanza-id (not the stanza id, ha-ha) of the offending message, so that the server operator can pull it from the user's MAM
serge90has joined
eevvoorhas joined
DanielGe0rG: technically you could probably put something in the privacy policy that by reporting a jid as spam you give the operator permission to access your MAM for that account
DanielBecause in proper cases it's all spam messages anyway
DanielOr just one really
DanielNo need to provide an individual id
Ge0rGDaniel: as I'm not convinced of the current status of 0377 and I refuse to implement it because the current implementations are a mere simulation of handling the problem, no.
mdoschYes, I'd also say the "report this user" is giving you consent to access this particular chat.
Ge0rGAnd my privacy policy already contains a statement about messages automatically flagged as spam
Ge0rGOnce 0377 can report actual spam messages / ensure that they are available in the user's MAM, and once there is useful admin escalation beyond writing something to the server log file, well, then we are talking.
ZashThat's implementation, nothing to do with the XEP itself.
mdoschRight now it's only "X reported Y for $reason", no message content or message id.
Nano4BeingYouhas joined
Ge0rGI'm sure the current implementations are well-intentioned, but they don't work against real-life spambots with throw-away JIDs, which only spam you once or at most twice and then stop being used.
Nano4BeingYouhas left
Ge0rGSo a user will eagerly "block & report" the first one, then wonder why the same spam comes from a different user, then just give up in resignation
Ge0rGSo effectively you are teaching users that "block & report" doesn't yield the desired effect.
Ge0rGGiven a stanza-id, the server implementation could at least block the same message from being ever sent to the user again
ZashThat thread never turned into a XEP revision? Hrm
ZashAnyone wanna volonteer to PR?
Ge0rGZash: you just did!
ZashI have -1 spare cycles at the moment.
eevvoorhas joined
Ge0rGZash: do the PR, then you are at -2. Repeat often enough and you'll yield an integer overflow and have almost unlimited time
Ge0rGZash: while you are at it, please specify that the report may contain zero, one or many stanza-id references.
peetahhas joined
Ge0rGFWIW, you could just allow stuffing a list of <stanza-id xmlns='urn:xmpp:sid:0'/> elements into the <report/>
winfriedhas left
winfriedhas joined
winfriedhas left
winfriedhas joined
mdosch> Given a stanza-id, the server implementation could at least block the same message from being ever sent to the user again
That would be a big improvement. 😃
Ge0rGmdosch: oh really?
ZashDoes Sam still want to be author?
Andrzejhas left
Andrzejhas joined
peetahhas left
APachhas left
MattJAgain, I think this is unnecessary and silly
MattJUsers don't report individual messages in reality
MattJ"This message from the spam bot was spam, but none of the other messages were"
MattJSeriously? :)
APachhas joined
KevIf we were to use References it'd allow you to report which bit of the body of a particular message was spammy, excluding the rest of the message.
mdoschMattJ:
> "This message from the spam bot was spam, but none of the other messages were"
> Seriously? :)
It's for the operator to have a proof that it was a spambot and not a false complaint.
MattJHow does it add proof?
ZashLike Daniel said, could just fetch the last few messages (probably only one or two) with that "contact" (MAM 'with') and ????
ZashAssuming these go in MAM
MattJIf they don't, a stanza id is useless
Andrzejhas left
mdosch> How does it add proof?
You see the message was e.g. carder spam and not the ex-girlfriend which annoyed the user. In the latter case he can block her but there is no need for the server operator to take further actions.
Andrzejhas joined
mdoschRight now the reports are not really useful for me.
MattJYou can go and look up messages in the archive right now, you don't need an id
KevI think you mean evidence, rather than proof, FWIW. But I think Matt is right, at least for the type of spam we see at the moment looking at any messages in the archive would probably be sufficient.
mdosch> martin@mdosch.de reported shark2@404.city as spammer: no reason given
> martin@mdosch.de reported comprehend@default.rs as spammer: no reason given
So I have to dig in the archive now?
MattJmdosch, and what do you think a stanza id will do for you?
winfriedhas left
winfriedhas joined
mdosch> I think you mean evidence, rather than proof, FWIW.
Maybe, no native speaker here.
KevBut I also think that mdosch is right in that if you rely on whole-archive searching spammers will start sending legitimate-messages between themselves to make that more onerous, and highlighting where the admin should look helps.
MattJ> martin@mdosch.de reported shark2@404.city's message 25ee8f48-851d-4cb9-8d81-3c34b1f892ce as spam: no reason given
MattJAn immense improvement!
mdosch> mdosch, and what do you think a stanza id will do for you?
The server module could fetch it and add it to the notification I hope. 😃
KevAh, righ,t what I say is false. You know who submitted the report, so you can look at the spammer's history with that entity.
KevSo I'm mostly with Matt, I think.
DanielJust get the last three messages from Spammer to reporter and add it
MattJmdosch, as I and everyone else already said, you don't need an id to query the archive
Ge0rGKev: it's about automatic processing. Having a stanza-id or a list of stanza-ids will allow the server to automatically fetch the message content and to do smart content-based blocking
Ge0rGWhile *technically* you could just fetch the message history of the user with the reported JID without explicit consent, you still don't know which of the messages are the ones that you'd like to auto-block, maybe even for other users.
DebXWoodyhas joined
marchas left
marchas joined
Ge0rGOTOH, the overhead of adding a list of stanza-ids to the protocol looks rather trivial
winfriedhas left
winfriedhas joined
DanielIn the case or a real Spammer it will all be spam messages
archas left
archas joined
Ge0rGhow is the server admin supposed to know who's a real spammer?
archas left
archas joined
DanielYou have to sanity check that either way
ZashHow is whatever receives the reports supposed to know that I'm not trying to game the reporting system?
mdosch> In the case or a real Spammer it will all be spam messages
I recently got a sub and totally innocent looking message prior to the spam.
mdoschSome also send a simple 'Hello' first. You probably don't want to block this message content automatically.
DanielYes. But that's independent of blocking with or without message I'd ✎
MattJThe premise of adding stanza-id(s) to the report: 1) it helps admins (false) 2) clients will expose per-message reporting in their UI (hopefully false)
DanielYes. But that's independent of blocking with or without message id ✏
DanielYes exactly. The UX flow in my client will remain as 'block this user'
DanielNot report this message
Ge0rGDaniel: "block this user and report the messages to the server admin"
ZashYou could have "report this conversation"
MattJGe0rG, all that does it tell the server information it already has?!✎
Ge0rGor "block this user // [ ] report message content"
MattJGe0rG, all that does is tell the server information it already has?! ✏
ZashMattJ, it'd tell the admin about messages that got trough whatever spam filters are in place, so they can be further tuned.
MattJZash, messages that are blocked go into the archive?
Ge0rGMattJ: it's also about explicit consent
Ge0rGMattJ: GDPR and things
MattJGe0rG, it's absolutely not, the wire protocol has no bearing on consent at all
ZashMattJ, ???
Ge0rGyeah, right. Let the admin sort out the GDPR issues.
MattJGe0rG, "the client sent me some ids, therefore the user consented to me reading them" is absolutely not going to stand up in the court of GDPR :)
Ge0rGMattJ: given explicit message flagging (a sane UI for which is probably not too far fetched), the server could block the content of those messages automatically in the future
Ge0rGMattJ: no, but a privacy policy where "messages flagged by the user as spam will be inspected" will
MattJZash, I don't understand what you're saying - how would it tell the admin anything?
MattJGe0rG, so when the user reports a greeting message, the server should block all greetings?
ZashMattJ, messages that got trough the spam filter (and into the archive), those can be reported and let the admin see what got troguh
Ge0rGMattJ: to that user
MattJZash, but that is unrelated to whether stanza ids are included in the report, no?
Ge0rGMattJ: I also wanted to make 0377 depend on the user having MAM
Ge0rGMattJ: well, technically I don't care *how* it is technically implemented, as long as there is a way for the user / client to tell the server admin which messages are spam.
Syndacehas left
Syndacehas joined
Ge0rGbut the current combination of XEP and implementations is useless for me as a server admin trying to fight spam, and that hasn't changed in some three years.
Ge0rGand now I'm back to doing real work.
ZashMattJ, well, "this message right here" vs "some of the recent messages this user sent" can be useful?
MattJZash, only if that's exposed in the UI
MattJwhich as we just heard from one of the leading client authors, it won't be
ZashLong-press the spam, "report this" ?
MattJand I can understand why
Ge0rGwhat Zash said.
Ge0rGalternatively, have a list of the last N messages with checkboxes in front
MattJ...
ZashOptional? If left out, its "something recently in this conversation"
winfriedhas left
winfriedhas joined
MattJ<-- despair
MattJAdd it to the XEP, nobody will use it for many reasons, but at least it's there and we can stop talking about it then :)
DanielBut is 'only some of those messages are spam' a realistic scenario?
MattJIt will change absolutely nothing
DanielThat would require hijacking accounts right?
DanielIs this happening on a large scale?
ZashIf we only care about spam
Zash377 also has some stuff about "general abuse"
ZashMattJ, one client author is not going to use it and another client author refuses to implement unless stuff... how2resolve?
Ge0rGDaniel: yes it is, because many spam bots start with a "hi" and then only follow up with spam if you respond
DanielWell in that case the hi is spam as well
DanielNot something you might want to train your filter with
Ge0rGDaniel: but not every hi is spam, whereas every spam message is
DanielBut Spam nonetheless
DanielYes. But it's part of a general pattern
DanielUltimately you want to block that as well
Ge0rGYes.
Ge0rGBut I won't come closer to that goal by receiving spam reports about messages that are only "hi"
DanielIf I was to report it manually I'd report that initial message as well
Ge0rGExcept maybe if I get full XML of those messages from which I can derive even more things.
DanielI often block people after sending me a single hi and nothing else
DanielWe just don't have reporting enabled
Ge0rGAnyway, if the server admins would rather fix the tooling than change the XEP, and if everybody is in agreement that all messages from a reported JID must be spam, then please just go on and implement the tooling!✎
Ge0rGAnyway, if the server developers would rather fix the tooling than change the XEP, and if everybody is in agreement that all messages from a reported JID must be spam, then please just go on and implement the tooling! ✏
APachhas left
APachhas joined
Alexhas left
Alexhas joined
MattJI look forward to your funding for that work :)
Andrzejhas left
DanielIt doesn't seem too far fetched to actually do get some funding for that
Andrzejhas joined
Ge0rGI've said time and again that user spam reporting is worthless for me without having full XML of the offending content. Actually I'd even want to see the full presence XML, but nobody is storing that anyway.
Ge0rGMattJ: ironically, my existing approach works well enough without user reports.
MattJSure, I don't blame you for not wanting user reports right now, as they're unnecessary for anything you are doing
Ge0rGhaving to manually inspect user reports would actually worsen the situation for me.
MattJBut we need to have the protocol there and implemented, because we can do useful things when it is
Ge0rGMattJ: in that case please go on and implement useful things with the existing protocol
Ge0rGit's been there since 2017 ;)
MattJI shall, at some point
Ge0rGI'd eagerly use it once it is actually reducing the cost for me vs. what I'm doing now
MattJI've been doing a lot, but I have a lot to do in many different areas
Ge0rGMattJ: yes, we all suffer under limited time
MattJI've put some serious research into this topic, including what existing tools and frameworks we can lean on (if properly integrated)
MattJWe're not the first people to suffer from spam and abuse :)
Ge0rGMattJ: yes, and there will be a time when xmpp spammers start to learn from other spammers
ZashAlso, how does reporting work in MUC/MIX?
Ge0rGZash: you can report and block the MUC
ZashMyeah...
Ge0rGwell, you *could* implement 0377 on a MUC JID, but reports don't contain a timestamp or a message reference, so you'd end up reporting a random nickname.
Ge0rGgood luck finding out who owned that nickname from the server's MAM
ZashOccupant IDs
Ge0rGbut of course you could add a XEP-0421 inside
Ge0rGI still think that 0421 is a sort of a privacy violation
MattJNow for MUC... stanza-id would be useful :)
ZashVote-based XEP-0425?
Ge0rGcan you say that again, louder?
ZashDetaching the reporting from the blocking also makes more sense with MUC
Ge0rGwould a report generate a popup on all logged in room moderators' clients?
ZashThere's prior art for that kind of thing, with asking for voice
ZashI'd probably stick some ⚠️ symbol with a counter on the message or something, plus a notification
ZashSaid the server developer who isn't working on a client.
moparisthebesthas left
florettahas joined
moparisthebesthas joined
antranigvhas left
winfriedhas left
winfriedhas joined
neshtaxmpphas left
lorddavidiiihas left
neshtaxmpphas joined
lorddavidiiihas joined
florettahas left
goffihas left
LNJhas left
DebXWoodyhas left
LNJhas joined
florettahas joined
Dele Olajidehas left
Nano4BeingYouhas joined
lorddavidiiihas left
Seve🕊
MattJOh :)
MattJGuus?
Guushere
Nano4BeingYouhas left
MattJLet's have a short one
MattJ0) Roll call
MattJMe
lorddavidiiihas joined
Guuseye
Guusaye?
Guusme.
Sevesays "me"
MattJ1) Topics for decisions
MattJ1.1) Martin Dosch to be appointed to the Editor Work Team
adityaborikarhas left
marchas left
MattJThis is a motion from Ralph via email. Martin applied, and has been approved by Council per the process (who knew?)
MattJAll that remains is that Board approves
MattJand Ralph also sent a +1 on this via email
MattJI am also +1, and thank Martin for volunteering :)
Guus+1 for me
Seve+1 too, thank you Martin
pep.has joined
pep..
MattJJust in time, pep. :)
pep.+1 for Martin :)
jonas’%s/Martin/mdosch/ for local mentions :)
MattJExcellent, approved unanimously
MattJXSF_Martin
MattJ2) AOB
MattJLooks like Trello has been tidied (thanks to Ralph/whoever did that)
lorddavidiiihas left
MattJThere are a number of "Awaiting feedback" items that I'm not inclined to wade through right now unless someone wants to pick one up specifically
pep.Just a note from me to say I'm not reapplying as member (membership expiring this quarter), nor for board.
MattJ:(
Zash:(
GuusSorry to hear that, pep.
jonas’oh
SeveSad to hear that, hope all is right pep.
adityaborikarhas joined
jonas’I follow the sentiments of Guus and Seve on this one
pep.Yeah. I'm just spending my time differently. I'm more useful elsewhere
MattJYou'll be missed, though I hope you're not departing the community :)
alex-a-sotohas joined
MattJOk, let's wrap up the meeting
MattJ3) Date of next
MattJ+1w
pep.ok
Seve+1
MattJ4) Meeting closed
vanitasvitaehas left
SeveThank you for picking up the steering wheel today MattJ
MattJI'll send minutes for this and the previous meeting shortly
goffihas joined
mdoschThank you all. 😃
emusThanks Martin!
MattJmdosch, Github username? :)
mdoschmdosch
MattJShocking
MattJInvite sent
mdoschThanks
neshtaxmpphas left
jonas’mdosch, also xmpp:editor@muc.xmpp.org?join
marchas joined
lorddavidiiihas joined
vanitasvitaehas joined
Dele Olajidehas joined
marchas left
marchas joined
vanitasvitaehas left
antranigvhas joined
vanitasvitaehas joined
vanitasvitaehas left
Dele Olajidehas left
Dele Olajidehas joined
alameyohas left
alameyohas joined
adityaborikarhas left
antranigvhas left
lorddavidiiihas left
Wojtekhas joined
Dele Olajidehas left
goffihas left
goffihas joined
winfriedhas left
winfriedhas joined
antranigvhas joined
wladmishas left
wladmishas joined
Mikaelahas left
antranigvhas left
archas left
archas joined
antranigvhas joined
archas left
archas joined
archas left
archas joined
debaclehas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
archas left
archas joined
Dele Olajidehas joined
DebXWoodyhas joined
lorddavidiiihas joined
adityaborikarhas joined
lovetoxhas joined
sonnyhas left
sonnyhas joined
adityaborikarhas left
adityaborikarhas joined
eevvoorhas left
focus121has left
focus121has joined
stpeterhas joined
stpeterhas left
lovetoxhas left
sonnyhas left
Dele Olajidehas left
Dele Olajidehas joined
jcbrandhas left
sonnyhas joined
akkikohas joined
focus121has left
focus121has joined
jcbrandhas joined
focus121has left
focus121has joined
sonnyhas left
sonnyhas joined
focus121has left
focus121has joined
sonnyhas left
focus121has left
focus121has joined
sonnyhas joined
focus121has left
focus121has joined
Ge0rGhas left
Ge0rGhas joined
alex-a-sotohas left
Steve Killehas left
alex-a-sotohas joined
focus121has left
focus121has joined
Steve Killehas joined
nycohas joined
nycohas left
nycohas joined
Andrzejhas left
Andrzejhas joined
nycohas left
nycohas joined
xeckshas left
xeckshas joined
Andrzejhas left
Andrzejhas joined
nycohas left
Mikaelahas joined
nycohas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
intosihas left
nycohas left
nycohas joined
Andrzejhas left
Andrzejhas joined
antranigvhas left
nycohas left
nycohas joined
Andrzejhas left
Andrzejhas joined
nycohas left
Andrzejhas left
pasdesushihas joined
intosihas joined
meesonhas left
meesonhas joined
antranigvhas joined
pasdesushihas left
nycohas joined
nycohas left
nycohas joined
intosihas left
ChronosX88has left
paulhas left
lovetoxhas joined
nycohas left
pasdesushihas joined
nycohas joined
vanitasvitaehas joined
antranigvhas left
pasdesushihas left
nycohas left
sonnyhas left
sonnyhas joined
intosihas joined
vanitasvitaehas left
Andrzejhas joined
vanitasvitaehas joined
paulhas joined
antranigvhas joined
alex-a-sotohas left
alex-a-sotohas joined
antranigvhas left
papatutuwawahas left
papatutuwawahas joined
Andrzejhas left
intosihas left
marchas left
emushas left
Andrzejhas joined
Dele Olajidehas left
intosihas joined
Dele Olajidehas joined
marchas joined
marchas left
emushas joined
marchas joined
nycohas joined
werdanhas joined
nycohas left
nycohas joined
nycohas left
nycohas joined
antranigvhas joined
nycohas left
nycohas joined
Andrzejhas left
antranigvhas left
antranigvhas joined
inkyhas joined
nycohas left
nycohas joined
Ge0rGMattJ: somebody complained that 313 still recommends storing MUC messages in user archives in https://xmpp.org/extensions/xep-0313.html#business-storeret-user-archives - would be nice to change that
Ge0rGProbably also something about last calls.
nycohas left
Dele Olajidehas left
nycohas joined
antranigvhas left
adityaborikarhas left
paulhas left
paulhas joined
moparisthebesthas left
moparisthebesthas joined
intosihas left
DebXWoodyhas left
intosihas joined
marchas left
Zashhas left
Zashhas joined
MattJHuh
lovetoxhas left
lovetoxhas joined
MattJAs I suspected, that was added in the revision I wasn't involved in :)
MattJAnd doesn't MIX depend on this?
MattJ(though we concluded that was generally not a good thing)
antranigvhas joined
lovetoxhas left
pasdesushihas joined
intosihas left
inkyhas left
intosihas joined
pasdesushihas left
pasdesushihas joined
Mikaelahas left
Tobiashas left
pasdesushihas left
intosihas left
goffihas left
pep.has left
wladmishas left
pasdesushihas joined
wladmishas joined
pasdesushihas left
intosihas joined
meesonhas left
werdanhas left
pasdesushihas joined
inkyhas joined
edhelashas left
edhelashas joined
pasdesushihas left
intosihas left
pasdesushihas joined
lorddavidiiihas left
pasdesushihas left
pasdesushihas joined
pasdesushihas left
stpeterhas joined
stpeterhas left
pasdesushihas joined
wladmishas left
pasdesushihas left
pasdesushihas joined
intosihas joined
jcbrandhas left
paulhas left
pasdesushihas left
Dele Olajidehas joined
pasdesushihas joined
intosihas left
pasdesushihas left
pasdesushihas joined
pasdesushihas left
deuillhas joined
alameyohas left
stpeterhas joined
stpeterhas left
pasdesushihas joined
Ge0rGWhat message type does mix use? Do I even want to know?