XSF Discussion - 2022-01-04

kurisu: The only bridge that you can easily connect and is not proprietary and paid is irc as far as i know. And that one is hated by a lot of people in irc and will get you block bicause the matrix team hasnt integrated it well. Never mind that the signal and whatsapp bridge they have is basically a hacky man in the middle solution that was called out the minute it was announced and people were outraged.

Are xmpp bridges well integrated into irc? How can a bridge not be a man in the middle? Isn't it pretty much by definition a man in the middle?

biboumi for example so perfectly integrates into IRC that IRC users can't tell I'm using XMPP

what do matrix-irc bridges do that lets others tell you're using matrix?

it doesn't put a [m] by my name and spam pastebin links and such to IRC channels

>spam pastebin links wait wut

here's a brief example of how bad the experience is for IRC users https://drewdevault.com/2019/07/01/Absence-of-features-in-IRC.html

the experience for IRC users is always bad regardless of gateways because irc is a poor protocol 🙂 jokes aside, isn't that a matter of configuration in the matrix bridge?

when I forget I'm on an irc channel and send a multiline message irc users either receive it without multilines or as multiple messages. Never bothered to check

Is it?

Why do people ever pick irc over xmpp ever? That poor thingy doesn't even offer chat history. For me it's a total killer. What if the channel is slow and I might expect to receive a message overnight, am I then to leave my computer on the entire night? What the kek, I wouldn't expect that expectation from an old protocol especially, given that in the past internet connection were sometimes charged by the hour. Today it still is inconvenient and laughable. What if I don't have internet access 24/7? What if the connection or power is lost while I sleep? That's not even speaking about how repelling it is to non "pro" users. I mean I personally have a server running 24/7 and I run a client there and connect thru ssh, but come on I shouldn't have to. Actually the only thing I use that for are i2p irc servers unreachable by xmpp gateways

kurisu: the bad experience with the matrix bridge is by default, and nearly everyone uses the matrix.org bridges

which don't tell you, the matrix user, as they turn your long messages into opaque links

well I'd still take that over no obvious integration at all

https://biboumi.louiz.org splits multiliner nicely in multible one liners. The only thing I've to remember, is not to use to many emoticons, since most users dont hava a font to supprt them. (but some do)

kurisu: Irc has its uses. Personally i love the ephemeral "open space" it has. Also it is one of the lightest protocols to self host. Its the best for its use case. Also why not actually be respectful towards irc people and not use bridges that destroyes the readability of the chat? We need to be better neighbours. As for the bridge of course it is a man in the middle. You wont see the matrix folks saying that though when you rent the bridge. And when they were asked about it they said: "If you are not a journalist or an activist you dont have to worry about encryption".

not like it makes sense to care about encryption in this case even if you're an actitivist. By definition a bridge translate your protocol to another protocol, it's impossible to translate encrypted data

at least nearly impossible. ort could work if both sides support it.

So it's like you're asking for a translator's services and then syncing about how you can conceal the conversation's contents from him. You can't as long as you need his services. You can only learn the language of the interlocutor yourself

Sure. But when its marketed to normal people you have a responsibility to inform them. Plus in the case for the signal bridge it breaks the security of signal. Because now i will have to check with every person if im talking to them or matrix + them. It essentially makes the whole signal uses encryptioe enot so sure anymore

imho security of a centralised "app" that requires your phone number can never be trusted anyway so screw that

As for informing I agree however ✏

And thats the core of the issue for me. With irc its all unencrypted i dont care. But with signal i have some encryption some basic privacy assumptions. And now a company i dont know is basically offering to mim that without a way for me to opt out.

signal is much more of a "company". It's centralised and violates your privacy by requiring a phone number.

msavoritias, I'm not sure that you can make any assertion, on any system, about whether the messages you send to someone else remain encrypted or not. I mean, you know for a fact they're decrypted at some point, of course, but you can't really be sure when.

dwd: Thats redactive. When i am using conversations i dont have a wish for omemo to be used. I expect it to be used. Likewise when i use signal i expect stuff to be encrypted. Matrix breaks that expectation in a way that is not configurable by me. I wouldnt even know its happening. Both if them im talking about e2e encryption btw. Nothing gets leaked between my phone and the other persons phone.

msavoritias, Sure, I get what you mean. I'm just saying that is, broadly, an unsafe expectation without further verification, and even then it's probably bogus thanks to cleartext backups of messaging history.

msavoritias, Of course, in all these cases, the encryption isn't there to protect you, anyway. It's there to protect WhatsApp, or Signal, or whoever.

dwd: what do you mean?

By the latter? I mean that WhatsApp (for example) enforces encryption to avoid having to deal with "phone tapping" orders. Both for the cost of handling them and the reputational damage.

Their internal implementation isn't defined by practical security, or indeed whether they could intercept, it's based on what they could be forced to disclose via a court order. So they'll keep your private keys, for example, unencrypted in their server's volatile memory as that's exempt from seizure based on court precedents.

Now, I don't know if WhatsApp do keep a copy of your private key in such a way, to be clear. But I've heard engineers from multiple "encrypted" messaging services discuss doing so.

dwd: Look i hate whatsapp as much as anyone but as far as i know it was implemented securely. Also assuming that apps only put encryption for court orders is pretty cinical with no evidence. At least for signal how matter misguided they are they dont want to sell data.

I'm just telling you what I've heard discussed by engineering teams from multiple encrypted text chat providers in the same room as me.

I mean, I'm still cynical, for sure. But I have the evidence. :-)

Sure sure

Meanwhile I can *also* tell you that militaries *don't* use e2ee, and they don't use it because they can build more secure systems. Ah, the irony.

I agree with that. It could be less needed. The problem is i havent heard of one. If you want actual security you may as well burn your computer and go be a farmer.

"as far as i know it was implemented securely"

Haven't heard of what, sorry?

right, since no one knows anything about how it's been implemented, it's secure, as far as anyone knows :)

dwd: of a secure system

terrible to make those kind of assumptions if you *need* security though

everybody needs security, but it's not the same security for everybody.

moparisthebest: I am going with what the signal folks have said plus that i havent heard anything related to it being broken.

sure, don't trust code, just trust whatever anyone tells you, that sounds secure

msavoritias, In fairness, I've no reason not to trust the aims of Signal itself.

moparisthebest, At some point, you have to trust someone else unless you've a solid background in number theory etc.

msavoritias, sorry for the sarcasm, but the point is *actual* secure systems come from a standard being documented publically, reviewed, and multiple compatible implementations being able to be created from it, for example TLS

not from facebook saying "trust us guys, it's secure"

dwd: given the number of abstraction layers below a typical e2ee app that are all required to run it, number theory alone won't save you

or from signal saying "trust us, it's secure, but we aren't going to document anything and compatible implementations are forbidden"

moparisthebest: Who said facebook? Plus nobody can audit all the millions of lines of code and the hardware semantics. You have to trust someone at some point

Ge0rG, True, but at least you can count the ways you're screwed.

msavoritias, you were talking about whatsapp right? that's facebook

I'm sure number theory is very useful for counting potatoes

moparisthebest: Yes but nobody said to trust facebook.

> <msavoritias> Look i hate whatsapp as much as anyone but as far as i know it was implemented securely. you said it ¯\_(ツ)_/¯

> I wrote: > moparisthebest: > I am going with what the signal folks have said plus that i havent heard anything related to it being broken. Did you miss the next message? At least read the whole conversatioe.

so to clarify, you trust facebook because the signal folks said to trust them ? :/

for the sake of argument, let's say the signal folks are trustworthy, and facebook's impl was trustworthy when the signal folks last looked at it, why should anyone trust that they didn't change it immediately ?

I trust open source code implementing open standards, and nothing else

moparisthebest, You're very trusting. :-)

not all of it mind you :) but "open source code implementing open standards" is a pre-requisite to be able to ever trust anything

moparisthebest: I trust that the encryption was implemented correctly. Whatsapp doesnt need to break the encrypion to get your messages

ok, just seems like an insane thing to trust

How many OS'es are out there that are open-standard based that have multiple open source implementations?

Guus, POSIX, I suppose?

isn't that shell-oriented?

moparisthebest: Standard encryption is not always good though mind you.

"loads of wiggle room"

Guus, No, POSIX covers the whole UNIX thing, not just the shell. Linux aims at POSIX, but so do the *BSDs.

msavoritias, what is "standard encryption"

moparisthebest, Double ROT-13.

Lmao, true

moparisthebest, By the way, there have been cases of attackers subverting the entire standards process before. Linux, rather famously, did not use the standard PRNG, and it turned out that the NSA had (perhaps) injected weaknesses into the definition. So even standards cannot be a priori trusted. And Open Source can be subverted as well, with subtle bugs which defy examination. Ultimately you do have to trust people, and that generally means understanding their motives.

moparisthebest, Paradoxically, this means I do trust WhatsApp security, despite their motives differing from mine by rather a lot...

right, open standards + open source alone is not sufficient for trust, but it's a pre-requisite for trust

moparisthebest, No, I think understanding motives is the prerequisite. Open standards and open source both provide a lot of visibility into people's motives, I think.

take signal for example, they publish their client code, and have published some specs, but are you allowed to use any of those to connect to the service? nope, you have to use *their* binary; cannot be trusted period

motives don't interest me, and can change

I think technically it's a reproducible build

Not that I ever actually tried

Daniel: did you receive my PM?

actually google is a famous example for motives, their motto used to be "don't be evil" and got cut down to "be evil" :D

guus.der.kinderen, even Windows implemented POSIX at some point.

It was woefully useless, as it didn’t integrate with their other subsystem, and they implemented it just to win a contract IIRC.

Daniel: it is notoriously hard to get it to reproduce, from what I have heard