phrykI was remember talking about encrypted rosters with someone a couple months back and they said it wouldn't be possible because the server has to decide who's authorized to messages to an account on it – but I just realized JIDs in rosters could easily be hashed and still be used for that check. This way, server compromises wouldn't expose users' social graphs in the network. ✎
ZashThe other RFC
Zashhttps://xmpp.org/rfcs/rfc6121.html#roster
phrykI was remembering talking about encrypted rosters with someone a couple months back and they said it wouldn't be possible because the server has to decide who's authorized to messages to an account on it – but I just realized JIDs in rosters could easily be hashed and still be used for that check. This way, server compromises wouldn't expose users' social graphs in the network. ✏
phrykAh, that would break rosters for new devices…
moparisthebest> because the server has to decide who's authorized to messages to an account on it
moparisthebestwhat? servers don't allow or disallow messages based on rosters
moparisthebestat least, good servers
ZashThere were ideas by someone (waqas? me? someone else) about ways store things on the server in some form so that the administrator could not tell anything from it.
moparisthebestyou can do client-side only rosters already, no spec changes needed, messaging still works
ZashPersonally I feel like, if you want this, are you really sure you want XMPP and servers at all then?
millesimushas left
moparisthebestwhat's the point though? assuming an evil server, they still have 100% of people you communicate with ?
Zashmoparisthebest, but then the evil untrustworthy server of doooooom will still see who you send messages to!!!!!!
moparisthebestwe've talked about a way where your server only knows the remote server of your contact, not the actual person there, but that's really only helpful when 2 people are using different large servers, so not all that often...
phrykI'm not assuming an evil server, I'm assuming a good server being raided and forensically analyzed.
mhhas joined
Zashfull disk encryption
moparisthebest^
phrykAye, and I can set up swatd. But even case-opened sensors are easy to bypass.
wgreenhousehas left
moparisthebestso they don't have your roster just everyone you every communicate with post-raid ? meh
moparisthebestassuming no logs that is
ZashWhat actually happens: Your phone gets SWAT'd and you had all your conspiracies in plain text there.
pep.moparisthebest, you can assume good operators/server being taken down. That's often an option critics overlook
junaidhas joined
pep.FDE doesn't help much here either
phrykMost phones come with encryption of this data if I'm not mistaken. Also they're right at hand so switching them of when a raid occurs is trivial. For a server in a diferent country that's completely unrealistic.✎
phrykMost phones come with encryption of this data if I'm not mistaken. Also they're right at hand so switching them off when a raid occurs is trivial. For a server in a diferent country that's completely unrealistic. ✏
moparisthebestmost phones come with trivial visit-a-webpage root vulns too so none of that mattercs
pep.If suddenly police gets access to the encryption key because operators are legally forced to. At least admins wouldn't get access to user storage unless somebody changes the software at this point, obviously
uhoreghas left
Matthewhas left
Rixon 👁🗨has left
homebeachhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
pep.But canary and all that
ZashOr we could focus on how useful it is to _trust the server_
ZashTrust in the server, the server is good!
phrykmoparisthebest, just because one avanue of attack is possible doesn't mean you shouldn't protect against others? If you take that root, all security is pointless because perfect security is impossible…
moparisthebestpep., are you saying admins would be forced to turn over the server to police but police wouldn't change the software to log the info they want ? that seems... crazy
pep.Not saying that
pep.I'm saying even if they would, birds would be singing
moparisthebestphryk, you still haven't said what you are trying to protect against, or why you think not storing your roster on the server helps
pep.But that's not a use-case to overlook anyway
moparisthebestthis whole "canary" concept seems highly questionable to me
pep.You can trust the operators and not trust the cops
moparisthebestyou shouldn't trust anyone
pep.(s/cops/governments, or..)
moparisthebest*but* your server needs basic routing information to get your message from A to B, nothing can be done about this
pep.You have to trust people at some point, you just have to choose who
moparisthebestnot even signal handwavy but muh SGX helps
pep.SGX lol
pep.So trusting Intel is fine by trusting my operator isn't?✎
pep.So trusting Intel is fine but trusting my operator isn't? ✏
ZashLet's all just go read 'Reflections on trusting trust' again until we realize it's all doomed and we can go do fun things instead
phrykmoparisthebest, following scenario: cops raid the provider, leave the server running (i.e. full-disk encryption not being worth much since the key is in memory) and extract data for it. logs i can deactivate, but the rosters are extremely valuable metadata.
moparisthebestpep., did you read my message wrong? I specifically said SGX *does not* help, despite signal's claimns otherwise :P
pep.Ok then
DanielDidn't signal have a canary and then they removed it but people kept using and recommending it?
millesimushas joined
pep.><
chronosx88has left
dwdZash, Given I've spent the last month and a half writing a filter in Metre to strip e2ee, I'm thinking how useful it'd be to have server-side OMEMO now. All the benefits of OMEMO (for the other people that might need it), all the convenience and UX of not having it for me when my server it just over there _points toward the garage_
moparisthebestdwd, so police just extract data once and don't change the server to logging?
Zashdwd, YESSSS!
dwdmoparisthebest, How do the police get my server without asking me very nicely and having a warrant?
pep.They can probably accuse you of terrorism and get away with it, and you'll get your server back.. never
moparisthebestidk I thought we were talking about secret warrants served to providers
moparisthebestpep., in that case FDE saves you
ZashNot legal advice: Put your server in a drawer. I read somewhere that it takes an extra-specific warrant to go into drawers.
Daniel> moparisthebest, How do the police get my server without asking me very nicely and having a warrant?
Immenent danger?
DanielSomething smelled like weed?
dwdmoparisthebest, Sure, if you don't run your own server your threat model might be different.
chronosx88has joined
ZashOr you at some point in the last 90 year violated someones copyright?
dwdDaniel, None of that would give them access to my server.
pep.It's not like we didn't have proof by now that cops aren't here to protect the people but governments in place
moparisthebestright, I'm wondering what specific scenario encrypted and/or client-side roster protects a user against, anything I can come up with seems contrived and unlikely
phrykmoparisthebest, yes, i am assuming that i can either destroy the DNS entries (at least temporarily) myself and get the word out about a compromise or have somebody else do it for me.
pep.Riseup had a nice page detailing their use-case, trying to find it again
moparisthebestriseup's usecase was "we are lazy, just use signal" iirc
dwdDaniel, Or at least, none of that would give access to my server but not my phone.
pep.moparisthebest, no?
DanielI do like server side omemo though (for people how run their own)
moparisthebestluckily as the user of an xmpp client, you don't need to use the roster at all
moparisthebestso this problem is already solved, right phryk ?
ti_gj06has left
DanielAnd I'm super glad I don't have plain text logs of the shit people send over my (public) server
BASSGODhas joined
ZashServer-side OMEMO↔OX translation?
dwdDaniel, Right. E2ee protects providers very well, which is why WhatsApp do it.
phrykmoparisthebest, can you give me a source on that?
moparisthebestphryk, sure, open a client, don't add anyone to your contact list, done ?
dwdZash, Well, it's all heavywieght TLS from your phone to you anyway, right?
phrykand yes, if users can opt into that and then be sure the server doesn't store their roster, then that already solves the problem.
pep.dwd, I'm curious though if they'd risk decrypting it server-side, or is your current work not related?
pep.Otherwise they couldn't claim plausible deniability
phrykmoparisthebest, wow, how perfectly usable. :F
moparisthebestphryk, why isn't it ?
Zashdwd: ChaCha!
moparisthebestyou can message whoever you want at any time without adding them to your roster/contact list
phrykbecause then they don't have a contact list which is an essential feature?
moparisthebestit's completely optional
Zashyou can have the contact list on the client side
Zashignore presence
qwestionhas left
moparisthebestmost clients already do this
dwdpep., It's a very long story, but the decryption is for the purposes of increasing security.
Zash.. figure out how the heck to get omemo key shuffling to work again?
moparisthebestat least in gajim+dino+conversations if you start a conversation with someone, it'll stay there, even if you don't add them to your roster
moparisthebestwhat are you missing exactly ?
Zashphryk, you are aware that almost everything apart from XMPP Core is optional, right?
phrykYes.
ZashYou don't need rosters or presence to send messages
phrykBut I haven't ever seen any client making this optional.
moparisthebestI've never seen a client where it *was not* optional ?
dwdphryk, Oh, I have. But then, I've seen some weird clients.
moparisthebestat least gajim, dino, conversations make it completely optional
pep."the decryption is for the purposes of increasing security." ah right :D
dwdmoparisthebest, Well, most clients use the roster, even if most don't mandate it.
pep.Even if it were true, it's really fishy
wgreenhousehas joined
moparisthebestright, but none of these 3 *force* you to add people to a roster to chat with them, or keep the conversation open
phrykmoparisthebest, one of us is consistently having a severe misunderstanding.
pep.moparisthebest, wrong? I think Conversations forces you to add somebody in the roster to open a chat with them
pep.I've been annoyed by that in the past
pep.Or you managed to open the tab another way then it's all good✎
Danielpep.: yes and no. If you unload mod_roster it will still work fine
pep.If you managed to open the tab another way then it's all good ✏
Wojtekhas left
pep.So it needs to be added locally?
phrykif i add someone to my contact list in dino, gajim et al – they go into the server-side roster, right? There's no setting in the client that lets me disable synchronizing my local contact list with the server roster, right?
pep.(namely biboumi users. I don't want them in my roster)
ZashIf you somehow manage to invoke xmpp:someone-not@your-roster.example then you can still send messages
pep.(or myself)
pep.Or it's just that there's no UI for it, and yeah you need to workaround no UI
phrykDaniel, so clients will (more or less) work fine if the roster is disabled on the server-side?
moparisthebestphryk, so don't add them to your contact list? just start a conversation with them without doing that instead
Daniel> Daniel, so clients will (more or less) work fine if the roster is disabled on the server-side?
Yes
phrykmoparisthebest, having a contact list is stil not optional.
mhhas left
DanielQuicksy.im almost didn't have one
phrykDaniel, Okay, that's all the info I needed. Then I can probably implement an ad-hoc or something command that let's users temporarily activate the roster for example for multi-client contact sync and turn it off and wipe the data from the server afterwards.
wgreenhousehas left
mhhas joined
phrykSo that'd put users into control of how much of their data they are okay with being persistently on the server. And being able to prefer either comfort or security.
moparisthebestphryk, sorry why is it not optional ?
phrykmoparisthebest, because otherwise UX is dogshit? o_O
moparisthebestphryk, I think we are talking past each other, you are saying "users need it for good UX so it's not optional" and I'm saying "it's optional because they don't have to use it" ?
moparisthebestusers also need MAM for good UX and that involves you keeping all their messages + contacts on the server too so ¯\_(ツ)_/¯
phrykOMEMO'd messages aren't on there in plaintext. And I have the extended mod_e2e_policy module for that.
moparisthebestOMEMO'd messages sender/reciever are there in plaintext, ie, everything that'd be in your roster
phrykBut yes, I should make sure that MAM is kept short and wiped. IIRC that's a Prosody setting that my setup already has…
phrykSo MAM is transient data, meaning that at least *less* of the social graph would be exposed.
phrykAnd I should now really get to work. :F
phrykBut one last question:
Zash, you mentioned OMEMO key shuffling issues when deactivating the roster – is this also an issue when a user is only using one device/client to access the server or a multi-client problem?
ZashPEP depends on presence for signaling that that you wish to receive various kinds of data, including some OMEMO stuff, which you would probably have to poll for then.
mhhas left
mhhas joined
harry837374884has left
harry837374884has joined
phrykAh, so that would necessitate client modifications, am I understanding that right?
wgreenhousehas joined
ZashAdding a new device / OMEMO identity might need some trickery to ensure the news goes to "contacts" who need to know
ZashExcuse my word orders, am sleepy.
restive_monkhas left
phrykYe, but that sounds like it should also be covered by temporary activation of the roster when adding a new device and subsequently deactivating it again and wiping it after things are done. :)
phrykNo problem, get some sleep. :)
Zash"temporary activation of the roster" makes no sense to me
gooyahas left
wgreenhousehas left
phrykOh. My understanding was that I could normally have the roster for a user deactivated, then activated it with the original client then syncing it up to the server and the server syncing it to all other clients logged into that account.✎
mhhas left
gooyahas joined
mhhas joined
phrykOh. My understanding was that I could normally have the roster for a user deactivated, then activate it so the original client then syncs its contacts etc. up to the server and the server syncing them to all other clients logged into that account. ✏
Zashrosters are distributed data structures that live on both your and your contacts servers and is kept in sync by stuff
ZashI meant like, when opening a chat, poll for devices at that time instead of relying on notifications about new devices
Zashor when receiving a message with some new device tag, if that is a thing that exists
Zashnot an OMEMO expert 🤷️
phrykOkay, seems I need to read more specs to reason better about this.^^
wgreenhousehas joined
moparisthebestcould always go back to OTR :P
moparisthebestthen you don't need roster, carbons, mam, *or* a good user experience
millesimushas left
dwdMaybe we could use a blockchain?
dwdI mean, i've no idea what for, but imagine the VC funding we'd get.
moparisthebestXSFCoin when ?
mhhas left
moparisthebestI tried to propose Conversations rolling out ConCoin but no one jumped on the idea :'(
dwdGood name, though.
mhhas joined
ZashNot Coinversations?
dwdNah. *Con* Coin is the most honest name for a cryptocurrency I've ever heard.
ZashClearly honesty is what sank the idea
Alacer_dsrthas joined
Alacer_dsrthas left
wgreenhousehas left
moparisthebestok but when are we going to start minting NFTs of the jabber trademark ?
wgreenhousehas joined
xnamedhas left
GuusI was going to comment on the sorry state of affairs of pubs being locked down, forcing us to have conversations like these ... only to realize that most of us live in countries where lockdowns have already been lifted.
phrykAt least the club I want to go to is still closed :<
phrykNo raves for me T_T
daagshas left
ZashLockdowns? We just had stern recommendations.
ti_gj06has joined
moparisthebestwhy go to a pub when you can drink at home and chat on XMPP though...