XSF Discussion - 2021-06-08

  1. edhelas


  2. edhelas

    (in french, but you can find the same news in english)

  3. edhelas

    basically the company that was selling those "cryptophone" was based on OMEMO

  4. Ge0rG

    literally or a similar concept?

  5. edhelas


  6. edhelas

    no no, literally if I read correctly

  7. mathieui

    Ge0rG, literally, but probably backdoored to an extent

  8. Ge0rG

    I don't see mention of that in https://archive.is/yOVBN

  9. edhelas


  10. Daniel

    Ge0rG: read the court documents

  11. Daniel

    That blog post is weird or only somewhat related

  12. jonas’

    > The lead architect for OMEMO’s integration into Anøm is Daniel Gultsch.

  13. jonas’

    > […] mentor to Andreas Straub, the creator of OMEMO.

  14. jonas’

    now that’s something to have your nametag on

  15. moparisthebest

    if it was a conversations fork, did they release the code GPL or not ?

  16. Daniel

    Sue the FBI?

  17. Daniel

    For GPL violation

  18. moparisthebest

    now you are talking Daniel !

  19. Zash

    Note to self: Restock on popcorn.

  20. moparisthebest

    jonas’, where did you find that text?

  21. edhelas

    Daniel maybe you can just ask them to do a PR in the Conversations sourcecode

  22. edhelas


  23. jonas’

    to get the backdoor?

  24. jonas’

    moparisthebest, in the screenshot from edhelas

  25. edhelas

    jonas’ (don't say it out loud)

  26. flow

    Daniel, are court documents available?

  27. jonas’

    flow, https://www.documentcloud.org/documents/20799201-operation-trojan-shield-court-record

  28. flow

    jonas’, thanks

  29. edhelas


  30. edhelas

    so looks like they have a weird JID naming convention

  31. eevvoor

    what which court and why?

  32. eevvoor

    What did I miss?

  33. flow

    eevvoor, https://www.vice.com/en/article/akgkwj/operation-trojan-shield-anom-fbi-secret-phone-network

  34. flow

    uh thunderstorm coming

  35. edhelas

    the app screenshots seems really different from Conversations, looks like they did some work on the fork

  36. eevvoor

    where do you know from that it is a conv fork?

  37. edhelas

    wild guess, but you're true, we don't know

  38. eevvoor

    I see

  39. eevvoor

    Sadly, I do not sell or consume cocaine, so I have not see Anon in real /s.

  40. eevvoor

    Stupid criminals, who uses encryption propagated as "ultra" secure 😂️?

  41. edhelas will propose a change on the OMEMO XEP to add the word "ultra secure" to it

  42. edhelas

    "military grade"

  43. eevvoor

    ultra is for loosers

  44. eevvoor


  45. Daniel

    There is also this video https://twitter.com/AusFedPolice/status/1402150051762171904

  46. wurstsalat

    "hyper secure", to give it a frech touch ;)

  47. eevvoor

    quantum is missing!

  48. eevvoor

    AI quantum super hyper ulta mega cool secure and safe encryption

  49. eevvoor

    * with a tiny backdoor for the five eyes and friendz

  50. edhelas

    they didn't even used the latest Gajim release with the nice UI changes

  51. Daniel

    I think the video is fairly old

  52. Daniel

    I don't really understand what the video is supposed to tell us

  53. flow


  54. flow

    ausis don't wear shoes at home?

  55. edhelas

    I'm disappointed that they didn't used Matrix in the end

  56. edhelas

    maybe we can complete the https://xmpp.org/uses/social.html page :D

  57. eevvoor knows why they did not use matrix. XD

  58. şişio

    > eevvoor wrote: > eevvoor knows why they did not use matrix. XD Why?

  59. eevvoor

    quality ...

  60. edhelas

    because the FBI would only be able to arrest 16 guys and not 800

  61. moparisthebest

    XMPP: trusted by thousands of criminals

  62. moparisthebest

    FBI: violates copyright over 12,000 times!

  63. eevvoor

    We need good lawyers.

  64. eevvoor

    This should be a gold mine.

  65. Zash

    That's an odd spelling for "marketing department"

  66. eevvoor

    Daniel, be prepared to be rich.

  67. eevvoor


  68. edhelas

    hopefully they didn't used the name Jabber

  69. edhelas

    Cisco Lawyers Department enter the chat

  70. moparisthebest

    we probably don't want them in here... :)

  71. şişio

    I am scary

  72. şişio


  73. eevvoor


  74. mdosch

    > I am scary > ... Your avatar doesn't scare me. 😜

  75. şişio


  76. mdosch

    Probably you meant 'I am scared.'

  77. eevvoor


  78. mdosch


  79. eevvoor

    He wants to be scary in order to protect XMPP 🤣️

  80. mdosch

    Don't violate the license with your five eyes forks or şişio will come after you!

  81. şişio


  82. eevvoor


  83. rion


  84. moparisthebest

    wonder what server they used

  85. edhelas

    moparisthebest I'll be on ejabberd

  86. edhelas


  87. moparisthebest

    what server would like to advertise "trusted by the FBI for their stings"

  88. edhelas

    Maybe we can ask the FBI to do a nice presentation for the next CCC ?

  89. moparisthebest

    special invitation to the next XMPP Summit ?

  90. eevvoor

    me too edhelas

  91. deuill

    The real question is, did they leave federation on?

  92. moparisthebest

    why not, maybe they caught some Conversations users too?

  93. deuill

    It being a federal network

  94. edhelas

    and the second real question is, did they also get spammed by russian bots ?

  95. Menel

    It is possible they would attend. ~propaganda~ PR to be "hip" and attract qualified computer specialists

  96. jonas’

    the third real question: Did they do it right, or did they accidentally overwrite the OMEMO node name breaking interop?

  97. moparisthebest

    the video shows it working with gajim, so I'd guess they did it right ?

  98. deuill

    Jokes aside, this is probably a good example of how simple XMPP is to operationalize and scale, and how easy it is to extend the app ecosystem with additional functionality.

  99. deuill

    I'm guessing the encryption itself wasn't compromised, but the app (having access to the plain-text) would simply forward discussions as they were received.

  100. eevvoor

    deuill, that is why I meant Matrix was not used.

  101. moparisthebest

    deuill, it explicitly says that's what happened (they also encrypted to a master key the FBI had)

  102. eevvoor

    Because XMPP is easily extendable and adjustable which Matrix does not allow.

  103. edhelas

    eevvoor yes but "everything in XMPP is XML and there is hundreds of XEPs !!!"

  104. eevvoor

    yeah terrible!

  105. eevvoor

    we are so unhip and oldschool and grey that even the FBI likes our stuf ::D

  106. deuill

    It'd be interesting to learn what the operational aspects of this were -- I wouldn't be surprised if they just ran this on some modest, single-node ejabberd setup.

  107. edhelas

    eevvoor so unhype that even IBM is now interested to invest money in XMPP

  108. eevvoor

    no, on an ultrasingled core single-node ejabberd out-of-the-box installation ;-D

  109. edhelas

    on a RPI

  110. eevvoor

    edhelas, exactly, you got it.

  111. eevvoor

    on Rasp I perhaps XD

  112. moparisthebest

    they said only 12,000 phones and 27 million messages ?

  113. edhelas


  114. edhelas

    that could fit on a cheap 20€/month server

  115. moparisthebest

    ejabberd handled 10 million devices sending 2 billion messages per day back in 2019 https://www.process-one.net/blog/ejabberd-nintendo-switch-npns/

  116. edhelas

    I'm more wondering if they actually had a network of servers

  117. eevvoor


  118. eevvoor

    HPC cluster

  119. mdosch

    > Jokes aside, this is probably a good example of how simple XMPP is to operationalize and scale, and how easy it is to extend the app ecosystem with additional functionality. Just skimmed through and I thought they simply had a bad server used for their app which added an omemo id so they could read all messages. Did they do more? I'm only on mobile now so I didn't dig deeper.

  120. eevvoor

    mdosch, the same method you descibe was used for whatsapp, so yeah, why not reuse it? possible. likely.

  121. şişio

    What is the result?

  122. eevvoor

    the police can read vai the extra key.

  123. eevvoor

    şişio‎ the trick is just that people do not check their keys. If they do, the problem does not occur.

  124. eevvoor

    So it is a trick on the people not on the technique.

  125. eevvoor

    And not on the encryption.

  126. jonas’

    or maybe they just patched that out and/or hardcoded the key into the app

  127. eevvoor

    An English Talk tomorrow 18 CEST online in the Berlin Meetup: https://mov.im/?node/pubsub.movim.eu/berlin-xmpp-meetup/acb235de-69bf-470f-8c5d-c7984f636d6c . Topic: Curated list of XMPP servers.

  128. jonas’

    (I would’ve done the latter I guess)

  129. eevvoor

    that would be really laughing at the people :D. You can hardly call it encryption then. :D Thats why FLOSS is so important - review, review, review the code.

  130. eevvoor

    emus and melvo will give the talk. We are happy if *you* join. 😀️

  131. moparisthebest

    mdosch, at a glance the court document says "master key" so I assume backdoored client

  132. moparisthebest

    much easier than writing a server module

  133. jonas’

    eevvoor, as if anyone ever does that (reviewing the code)

  134. eevvoor

    🍻️ drinking beer after the talk is a requirement to join. Virtual beer.

  135. jonas’

    moparisthebest, more importantly, more reliable

  136. jonas’

    eevvoor, oh, good to know, then I won’t appear :)

  137. eevvoor

    perfect :)

  138. mdosch

    eevvoor: What is a virtual beer? I want it physically!

  139. eevvoor

    yours is physical, the ones from the others is virtual

  140. mdosch

    Good. 😃

  141. şişio

    I hate beer

  142. mdosch

    Poor guy. Efes is tasty.

  143. John

    I'm thinking about Teleportation XEP

  144. mdosch

    Teleport whom to where and how?

  145. John


  146. moparisthebest

    John, https://xmpp.org/extensions/xep-0183.html

  147. emus

    moparisthebest: I think that was one of the possibly best answers

  148. Zash

    Don't you know telepathy is a series of tubes? https://telepathy.freedesktop.org/xmpp/tubes.html

  149. L29Ah

    tubes huh

  150. John

    "Telepathy, direct transference of thought from one person"

  151. L29Ah

    i wonder if there's a working collaborative text editing solution that's not webshit these days

  152. John

    I want to teleport myself not my thoughts

  153. L29Ah

    John: so did you solve the Theseus paradox?

  154. John

    L29Ah: I never heard about it, I will look but I don't promise that I'll solve it

  155. John

    But I read that quantum teleportation is possible now

  156. Zash


  157. moparisthebest

    John: if you can teleport your mind anywhere, you don't even need a body at all

  158. John

    moparisthebest: I agree

  159. John

    moparisthebest: when you teleport with your body https://m.imgur.com/gallery/zFMFzlW

  160. L29Ah

    John: If you're seeing this message, that means JavaScript has been disabled on your browser, please enable JS to make Imgur work.

  161. John

    L29Ah, https://i.imgur.com/zFMFzlW.mp4