I was remember talking about encrypted rosters with someone a couple months back and they said it wouldn't be possible because the server has to decide who's authorized to messages to an account on it – but I just realized JIDs in rosters could easily be hashed and still be used for that check. This way, server compromises wouldn't expose users' social graphs in the network. ✎
Zash
The other RFC
Zash
https://xmpp.org/rfcs/rfc6121.html#roster
phryk
I was remembering talking about encrypted rosters with someone a couple months back and they said it wouldn't be possible because the server has to decide who's authorized to messages to an account on it – but I just realized JIDs in rosters could easily be hashed and still be used for that check. This way, server compromises wouldn't expose users' social graphs in the network. ✏
phryk
Ah, that would break rosters for new devices…
moparisthebest
> because the server has to decide who's authorized to messages to an account on it
moparisthebest
what? servers don't allow or disallow messages based on rosters
moparisthebest
at least, good servers
Zash
There were ideas by someone (waqas? me? someone else) about ways store things on the server in some form so that the administrator could not tell anything from it.
moparisthebest
you can do client-side only rosters already, no spec changes needed, messaging still works
Zash
Personally I feel like, if you want this, are you really sure you want XMPP and servers at all then?
millesimushas left
moparisthebest
what's the point though? assuming an evil server, they still have 100% of people you communicate with ?
Zash
moparisthebest, but then the evil untrustworthy server of doooooom will still see who you send messages to!!!!!!
moparisthebest
we've talked about a way where your server only knows the remote server of your contact, not the actual person there, but that's really only helpful when 2 people are using different large servers, so not all that often...
phryk
I'm not assuming an evil server, I'm assuming a good server being raided and forensically analyzed.
mhhas joined
Zash
full disk encryption
moparisthebest
^
phryk
Aye, and I can set up swatd. But even case-opened sensors are easy to bypass.
wgreenhousehas left
moparisthebest
so they don't have your roster just everyone you every communicate with post-raid ? meh
moparisthebest
assuming no logs that is
Zash
What actually happens: Your phone gets SWAT'd and you had all your conspiracies in plain text there.
pep.
moparisthebest, you can assume good operators/server being taken down. That's often an option critics overlook
junaidhas joined
pep.
FDE doesn't help much here either
phryk
Most phones come with encryption of this data if I'm not mistaken. Also they're right at hand so switching them of when a raid occurs is trivial. For a server in a diferent country that's completely unrealistic.✎
phryk
Most phones come with encryption of this data if I'm not mistaken. Also they're right at hand so switching them off when a raid occurs is trivial. For a server in a diferent country that's completely unrealistic. ✏
moparisthebest
most phones come with trivial visit-a-webpage root vulns too so none of that mattercs
pep.
If suddenly police gets access to the encryption key because operators are legally forced to. At least admins wouldn't get access to user storage unless somebody changes the software at this point, obviously
uhoreghas left
Matthewhas left
Rixon 👁🗨has left
homebeachhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
pep.
But canary and all that
Zash
Or we could focus on how useful it is to _trust the server_
Zash
Trust in the server, the server is good!
phryk
moparisthebest, just because one avanue of attack is possible doesn't mean you shouldn't protect against others? If you take that root, all security is pointless because perfect security is impossible…
moparisthebest
pep., are you saying admins would be forced to turn over the server to police but police wouldn't change the software to log the info they want ? that seems... crazy
pep.
Not saying that
pep.
I'm saying even if they would, birds would be singing
moparisthebest
phryk, you still haven't said what you are trying to protect against, or why you think not storing your roster on the server helps
pep.
But that's not a use-case to overlook anyway
moparisthebest
this whole "canary" concept seems highly questionable to me
pep.
You can trust the operators and not trust the cops
moparisthebest
you shouldn't trust anyone
pep.
(s/cops/governments, or..)
moparisthebest
*but* your server needs basic routing information to get your message from A to B, nothing can be done about this
pep.
You have to trust people at some point, you just have to choose who
moparisthebest
not even signal handwavy but muh SGX helps
pep.
SGX lol
pep.
So trusting Intel is fine by trusting my operator isn't?✎
pep.
So trusting Intel is fine but trusting my operator isn't? ✏
Zash
Let's all just go read 'Reflections on trusting trust' again until we realize it's all doomed and we can go do fun things instead
phryk
moparisthebest, following scenario: cops raid the provider, leave the server running (i.e. full-disk encryption not being worth much since the key is in memory) and extract data for it. logs i can deactivate, but the rosters are extremely valuable metadata.
moparisthebest
pep., did you read my message wrong? I specifically said SGX *does not* help, despite signal's claimns otherwise :P
pep.
Ok then
Daniel
Didn't signal have a canary and then they removed it but people kept using and recommending it?
millesimushas joined
pep.
><
chronosx88has left
dwd
Zash, Given I've spent the last month and a half writing a filter in Metre to strip e2ee, I'm thinking how useful it'd be to have server-side OMEMO now. All the benefits of OMEMO (for the other people that might need it), all the convenience and UX of not having it for me when my server it just over there _points toward the garage_
moparisthebest
dwd, so police just extract data once and don't change the server to logging?
Zash
dwd, YESSSS!
dwd
moparisthebest, How do the police get my server without asking me very nicely and having a warrant?
pep.
They can probably accuse you of terrorism and get away with it, and you'll get your server back.. never
moparisthebest
idk I thought we were talking about secret warrants served to providers
moparisthebest
pep., in that case FDE saves you
Zash
Not legal advice: Put your server in a drawer. I read somewhere that it takes an extra-specific warrant to go into drawers.
Daniel
> moparisthebest, How do the police get my server without asking me very nicely and having a warrant?
Immenent danger?
Daniel
Something smelled like weed?
dwd
moparisthebest, Sure, if you don't run your own server your threat model might be different.
chronosx88has joined
Zash
Or you at some point in the last 90 year violated someones copyright?
dwd
Daniel, None of that would give them access to my server.
pep.
It's not like we didn't have proof by now that cops aren't here to protect the people but governments in place
moparisthebest
right, I'm wondering what specific scenario encrypted and/or client-side roster protects a user against, anything I can come up with seems contrived and unlikely
phryk
moparisthebest, yes, i am assuming that i can either destroy the DNS entries (at least temporarily) myself and get the word out about a compromise or have somebody else do it for me.
pep.
Riseup had a nice page detailing their use-case, trying to find it again
moparisthebest
riseup's usecase was "we are lazy, just use signal" iirc
dwd
Daniel, Or at least, none of that would give access to my server but not my phone.
pep.
moparisthebest, no?
Daniel
I do like server side omemo though (for people how run their own)
moparisthebest
luckily as the user of an xmpp client, you don't need to use the roster at all
moparisthebest
so this problem is already solved, right phryk ?
ti_gj06has left
Daniel
And I'm super glad I don't have plain text logs of the shit people send over my (public) server
BASSGODhas joined
Zash
Server-side OMEMO↔OX translation?
dwd
Daniel, Right. E2ee protects providers very well, which is why WhatsApp do it.
phryk
moparisthebest, can you give me a source on that?
moparisthebest
phryk, sure, open a client, don't add anyone to your contact list, done ?
dwd
Zash, Well, it's all heavywieght TLS from your phone to you anyway, right?
phryk
and yes, if users can opt into that and then be sure the server doesn't store their roster, then that already solves the problem.
pep.
dwd, I'm curious though if they'd risk decrypting it server-side, or is your current work not related?
pep.
Otherwise they couldn't claim plausible deniability
phryk
moparisthebest, wow, how perfectly usable. :F
moparisthebest
phryk, why isn't it ?
Zash
dwd: ChaCha!
moparisthebest
you can message whoever you want at any time without adding them to your roster/contact list
phryk
because then they don't have a contact list which is an essential feature?
moparisthebest
it's completely optional
Zash
you can have the contact list on the client side
Zash
ignore presence
qwestionhas left
moparisthebest
most clients already do this
dwd
pep., It's a very long story, but the decryption is for the purposes of increasing security.
Zash
.. figure out how the heck to get omemo key shuffling to work again?
at least in gajim+dino+conversations if you start a conversation with someone, it'll stay there, even if you don't add them to your roster
moparisthebest
what are you missing exactly ?
Zash
phryk, you are aware that almost everything apart from XMPP Core is optional, right?
phryk
Yes.
Zash
You don't need rosters or presence to send messages
phryk
But I haven't ever seen any client making this optional.
moparisthebest
I've never seen a client where it *was not* optional ?
dwd
phryk, Oh, I have. But then, I've seen some weird clients.
moparisthebest
at least gajim, dino, conversations make it completely optional
pep.
"the decryption is for the purposes of increasing security." ah right :D
dwd
moparisthebest, Well, most clients use the roster, even if most don't mandate it.
pep.
Even if it were true, it's really fishy
wgreenhousehas joined
moparisthebest
right, but none of these 3 *force* you to add people to a roster to chat with them, or keep the conversation open
phryk
moparisthebest, one of us is consistently having a severe misunderstanding.
pep.
moparisthebest, wrong? I think Conversations forces you to add somebody in the roster to open a chat with them
pep.
I've been annoyed by that in the past
pep.
Or you managed to open the tab another way then it's all good✎
Daniel
pep.: yes and no. If you unload mod_roster it will still work fine
pep.
If you managed to open the tab another way then it's all good ✏
Wojtekhas left
pep.
So it needs to be added locally?
phryk
if i add someone to my contact list in dino, gajim et al – they go into the server-side roster, right? There's no setting in the client that lets me disable synchronizing my local contact list with the server roster, right?
pep.
(namely biboumi users. I don't want them in my roster)
Zash
If you somehow manage to invoke xmpp:someone-not@your-roster.example then you can still send messages
pep.
(or myself)
pep.
Or it's just that there's no UI for it, and yeah you need to workaround no UI
phryk
Daniel, so clients will (more or less) work fine if the roster is disabled on the server-side?
moparisthebest
phryk, so don't add them to your contact list? just start a conversation with them without doing that instead
Daniel
> Daniel, so clients will (more or less) work fine if the roster is disabled on the server-side?
Yes
phryk
moparisthebest, having a contact list is stil not optional.
mhhas left
Daniel
Quicksy.im almost didn't have one
phryk
Daniel, Okay, that's all the info I needed. Then I can probably implement an ad-hoc or something command that let's users temporarily activate the roster for example for multi-client contact sync and turn it off and wipe the data from the server afterwards.
wgreenhousehas left
mhhas joined
phryk
So that'd put users into control of how much of their data they are okay with being persistently on the server. And being able to prefer either comfort or security.
moparisthebest
phryk, sorry why is it not optional ?
phryk
moparisthebest, because otherwise UX is dogshit? o_O
moparisthebest
phryk, I think we are talking past each other, you are saying "users need it for good UX so it's not optional" and I'm saying "it's optional because they don't have to use it" ?
moparisthebest
users also need MAM for good UX and that involves you keeping all their messages + contacts on the server too so ¯\_(ツ)_/¯
phryk
OMEMO'd messages aren't on there in plaintext. And I have the extended mod_e2e_policy module for that.
moparisthebest
OMEMO'd messages sender/reciever are there in plaintext, ie, everything that'd be in your roster
phryk
But yes, I should make sure that MAM is kept short and wiped. IIRC that's a Prosody setting that my setup already has…
phryk
So MAM is transient data, meaning that at least *less* of the social graph would be exposed.
phryk
And I should now really get to work. :F
phryk
But one last question:
Zash, you mentioned OMEMO key shuffling issues when deactivating the roster – is this also an issue when a user is only using one device/client to access the server or a multi-client problem?
Zash
PEP depends on presence for signaling that that you wish to receive various kinds of data, including some OMEMO stuff, which you would probably have to poll for then.
mhhas left
mhhas joined
harry837374884has left
harry837374884has joined
phryk
Ah, so that would necessitate client modifications, am I understanding that right?
wgreenhousehas joined
Zash
Adding a new device / OMEMO identity might need some trickery to ensure the news goes to "contacts" who need to know
Zash
Excuse my word orders, am sleepy.
restive_monkhas left
phryk
Ye, but that sounds like it should also be covered by temporary activation of the roster when adding a new device and subsequently deactivating it again and wiping it after things are done. :)
phryk
No problem, get some sleep. :)
Zash
"temporary activation of the roster" makes no sense to me
gooyahas left
wgreenhousehas left
phryk
Oh. My understanding was that I could normally have the roster for a user deactivated, then activated it with the original client then syncing it up to the server and the server syncing it to all other clients logged into that account.✎
mhhas left
gooyahas joined
mhhas joined
phryk
Oh. My understanding was that I could normally have the roster for a user deactivated, then activate it so the original client then syncs its contacts etc. up to the server and the server syncing them to all other clients logged into that account. ✏
Zash
rosters are distributed data structures that live on both your and your contacts servers and is kept in sync by stuff
Zash
I meant like, when opening a chat, poll for devices at that time instead of relying on notifications about new devices
Zash
or when receiving a message with some new device tag, if that is a thing that exists
Zash
not an OMEMO expert 🤷️
phryk
Okay, seems I need to read more specs to reason better about this.^^
wgreenhousehas joined
moparisthebest
could always go back to OTR :P
moparisthebest
then you don't need roster, carbons, mam, *or* a good user experience
millesimushas left
dwd
Maybe we could use a blockchain?
dwd
I mean, i've no idea what for, but imagine the VC funding we'd get.
moparisthebest
XSFCoin when ?
mhhas left
moparisthebest
I tried to propose Conversations rolling out ConCoin but no one jumped on the idea :'(
dwd
Good name, though.
mhhas joined
Zash
Not Coinversations?
dwd
Nah. *Con* Coin is the most honest name for a cryptocurrency I've ever heard.
Zash
Clearly honesty is what sank the idea
Alacer_dsrthas joined
Alacer_dsrthas left
wgreenhousehas left
moparisthebest
ok but when are we going to start minting NFTs of the jabber trademark ?
wgreenhousehas joined
xnamedhas left
Guus
I was going to comment on the sorry state of affairs of pubs being locked down, forcing us to have conversations like these ... only to realize that most of us live in countries where lockdowns have already been lifted.
phryk
At least the club I want to go to is still closed :<
phryk
No raves for me T_T
daagshas left
Zash
Lockdowns? We just had stern recommendations.
ti_gj06has joined
moparisthebest
why go to a pub when you can drink at home and chat on XMPP though...