XSF Discussion - 2022-01-14


  1. debacle

    Question about HTTP File Upload with OMEMO: Shouldn't the filename be encrypted? If Bob sends a file "nixon-wiretapped-dp.pdf" to Carl, it might ring hollow to say it were a funny cat video.

  2. wgreenhouse

    debacle: generally it is aesgcm://noisy-file-name?somekey

  3. wgreenhouse

    Conversations always fuzzes the filename even in clear

  4. wgreenhouse

    that's not part of xep-0454 but probably indeed a good idea

  5. wgreenhouse

    noisy-file-name#somekey excuse me

  6. mjk

    > Conversations always fuzzes the filename even in clear That's not enough and too much at the same time. :)) The extension is left "unfuzzed", and a possibly meaningful name is lost. So yea, encrypting the filename is best, but 454 is a mere hack... one that could be extended with filename encryption, muahaha

  7. debacle

    wgreenhouse mjk Yes, changing the filename to something random is not useful, because the receiver should get the original filename. Gajim uses the correct filename, fortunately. Yes, HTTP Upload is a hack, but a very successful one, just like HTTP ;-) Until we have something "better", more idiomatic to XMPP, we should at least save Bob and Carl.

  8. Holger

    > the receiver should get the original filename. The receiver should never get to see it unless he has a long Unix beard.

  9. Holger

    But FWIW Conversations usually generates a new (compressed) file when sending pics/videos. If you explicitly tell it to send a _file_ (as opposed to a pic/whatever), it won't touch the file name. I think.

  10. jonas’

    Holger, sending a file is the only way I know how conversations can send a pre-existing video and I think it (tries to) compress that. what am I missing?

  11. Daniel

    It's complicated™ and not very nice or deliberate

  12. Holger

    jonas’, I think my statements might be true except for video 🙂

  13. Daniel

    The random file name isnt a deliberate thing to hide the true filename (for security purposes or something)

  14. Holger

    (That's what I was trying to say.)

  15. Daniel

    It's mostly because androids file permissions force us to copy it anyway

  16. Holger

    debacle, anyway yes keeping the `illegal-info.pdf` file name for OMEMO-encrypted sharing sounds meh to me to.

  17. jonas’

    send it to some cloud AI to ask it whether it would find that file name suspicious and only obfuscate it in that case

  18. bung

    XMPP is best! :D

  19. phryk

    My pinephone just arrived. :>

  20. phryk

    Anybody here already using one for mobile XMPP?

  21. mdosch

    I've heard of people using dino on the pinephone, but I don't know who.

  22. phryk

    oh, that might be nice, then i have the same client on mobile and desktop…

  23. phryk

    tho last i heard the mobile UI stuff was just barely in the nightlies

  24. debacle

    phryk I have the pinephone Mobian edition and installed dino-im from debian/experimental, which has the "libhandy" patches applied. Works more or less, but not very well, in respect to UI.

  25. mathieui

    phryk: dino works, but I'm not really using it day to day due to the abysmal storage speed

  26. debacle

    Holger Yes, even the file extension should not be visible to intermediate entities.

  27. emus

    > phryk escribió: > My pinephone just arrived. :> > Anybody here already using one for mobile XMPP? would be happy to see a blog post with your experiences

  28. phryk

    oh, dino is even in the package repo of the preinstalled manjaro :)

  29. lovetox

    mathieui, whats "storage speed"

  30. mathieui

    lovetox: everything is sluggish because it runs from a very slow uSD card or slightly faster eMMC

  31. mathieui

    Loading everything takes a very long time

  32. lovetox

    ah k thanks