-
debacle
Question about HTTP File Upload with OMEMO: Shouldn't the filename be encrypted? If Bob sends a file "nixon-wiretapped-dp.pdf" to Carl, it might ring hollow to say it were a funny cat video.
-
wgreenhouse
debacle: generally it is aesgcm://noisy-file-name?somekey
-
wgreenhouse
Conversations always fuzzes the filename even in clear
-
wgreenhouse
that's not part of xep-0454 but probably indeed a good idea
-
wgreenhouse
noisy-file-name#somekey excuse me
-
mjk
> Conversations always fuzzes the filename even in clear That's not enough and too much at the same time. :)) The extension is left "unfuzzed", and a possibly meaningful name is lost. So yea, encrypting the filename is best, but 454 is a mere hack... one that could be extended with filename encryption, muahaha
-
debacle
wgreenhouse mjk Yes, changing the filename to something random is not useful, because the receiver should get the original filename. Gajim uses the correct filename, fortunately. Yes, HTTP Upload is a hack, but a very successful one, just like HTTP ;-) Until we have something "better", more idiomatic to XMPP, we should at least save Bob and Carl.
-
Holger
> the receiver should get the original filename. The receiver should never get to see it unless he has a long Unix beard.
-
Holger
But FWIW Conversations usually generates a new (compressed) file when sending pics/videos. If you explicitly tell it to send a _file_ (as opposed to a pic/whatever), it won't touch the file name. I think.
-
jonas’
Holger, sending a file is the only way I know how conversations can send a pre-existing video and I think it (tries to) compress that. what am I missing?
-
Daniel
It's complicated™ and not very nice or deliberate
-
Holger
jonas’, I think my statements might be true except for video 🙂
-
Daniel
The random file name isnt a deliberate thing to hide the true filename (for security purposes or something)
-
Holger
(That's what I was trying to say.)
-
Daniel
It's mostly because androids file permissions force us to copy it anyway
-
Holger
debacle, anyway yes keeping the `illegal-info.pdf` file name for OMEMO-encrypted sharing sounds meh to me to.
-
jonas’
send it to some cloud AI to ask it whether it would find that file name suspicious and only obfuscate it in that case
-
bung
XMPP is best! :D
-
phryk
My pinephone just arrived. :>
-
phryk
Anybody here already using one for mobile XMPP?
-
mdosch
I've heard of people using dino on the pinephone, but I don't know who.
-
phryk
oh, that might be nice, then i have the same client on mobile and desktop…
-
phryk
tho last i heard the mobile UI stuff was just barely in the nightlies
-
debacle
phryk I have the pinephone Mobian edition and installed dino-im from debian/experimental, which has the "libhandy" patches applied. Works more or less, but not very well, in respect to UI.
-
mathieui
phryk: dino works, but I'm not really using it day to day due to the abysmal storage speed
-
debacle
Holger Yes, even the file extension should not be visible to intermediate entities.
-
emus
> phryk escribió: > My pinephone just arrived. :> > Anybody here already using one for mobile XMPP? would be happy to see a blog post with your experiences
-
phryk
oh, dino is even in the package repo of the preinstalled manjaro :)
-
lovetox
mathieui, whats "storage speed"
-
mathieui
lovetox: everything is sluggish because it runs from a very slow uSD card or slightly faster eMMC
-
mathieui
Loading everything takes a very long time
-
lovetox
ah k thanks