XSF Discussion - 2022-03-07


  1. Kev

    emus: Great, thank you!

  2. emus

    With pleasure!

  3. vanitasvitae

    The current situation around Ukraine and especially Russia really shines another light on disappearing (self-destructing) messages.

  4. vanitasvitae

    Maybe those should be revisited

  5. MattJ

    vanitasvitae: what's the connection exactly?

  6. vanitasvitae

    I feel like for people in russia who are chatting with people from abroad, now is possibly a good time to activate disappearing messages when talking about certain topics / naming certain events

  7. Guus

    There are reports of people being stopped by authorities in the street, not being allowed to leave until they've looked at your phone. I'm not sure if this is new, or not happening in other places - but I can see how this supports the argument for having ephemeral messages.

  8. vanitasvitae

    exactly

  9. Guus

    Not sure if there ever was an argument to not have a XEP for ephemeral messages?

  10. Guus

    A quick google results in https://xmpp.org/extensions/inbox/ephemeral-messages.html

  11. vanitasvitae

    I can only speak for myself, but I mostly rejected the idea so far, as the sender cannot guarantee that the receiver really deletes the message. I have not really considered that ephemeral messages are also intended to protect the sender

  12. vanitasvitae

    But I changed my mind 🙂

  13. Zash

    Push for clients to have a "clear the last n minutes of history" button or something? Doesn't strictly have to be a protocol

  14. Zash

    And will you always know ahead of time what messages may be considered incriminating in the future?

  15. vanitasvitae

    I like signals model of activating disappearing messages per conversation

  16. MattJ

    vanitasvitae, Conversations already supports clearing history after a period of time

  17. Guus

    If other IM solutions have forms of ephemeral messages, then that's a strong suggestion that there is a end-user desire to have this. I'm not sure if it is up to us to debate if that demand is valid. With that in mind, 'properly' supporting it with a XEP seems reasonable. I'm not sure if we can reasonably guarantee that messages are indeed removed (as we can't control the implementation), but that's a matter for the security notes in the XEP, I think.

  18. qy

    "ephemeral encryption" might be more useful. Not so much "clear recent history", but if you delete the keys to an encrypted message, useful metadata remains, but incriminating content gone, and with OMEMO using a key-per-message, quite possible

  19. Zash

    Isn't OMEMO already like that?

  20. qy

    Most impls store all key for all messages forever and give no option to delete them

  21. qy

    But yes with a client reset, it would be

  22. qy

    No perfect forward secrecy

  23. Daniel

    I'm reasonably certain that most implementations throw the key away but keep a plain text copy of the message

  24. qy

    Oh thats even worse

  25. emus

    MattJ, ralphm, arc, jcbrand: any vetos to add the members list to the community/maillists page? https://mail.jabber.org/pipermail/members/

  26. emus

    I think its missing there

  27. emus

    https://xmpp.org/community/mailing-lists/

  28. Sam

    It's an internal list that people can't join so it doesn't seem useful to have it on a community mailing lists page

  29. emus

    agreed. but maybe we should have it there out if completeness

  30. ralphm

    Well, the archives are public, so I don't mind adding it there, with the note that you have to be a member to be able to subscribe. Or somesuch.

  31. emus

    of course

  32. Sam

    oh I was thinking the archives were private; nevermind, that makes sense then

  33. emus

    FYI

  34. emus

    https://summerofcode.withgoogle.com/programs/2022/organizations/xmpp-standards-foundation

  35. emus

    Yes, I am fixing things already 🙂

  36. moparisthebest

    microsoft just emailed me a security code and it was "5222" <_< >_>

  37. Zash

    thanks for sharing that

  38. emus

    😀

  39. emus

    Thats a sign!

  40. moparisthebest

    yea a sign *they* are watching

  41. moparisthebest pulls tin foil hat on tighter

  42. mjk

    Scary

  43. emus

    https://twitter.com/xmpp/status/1500966819045199873 https://fosstodon.org/web/@xmpp/107917701995916850

  44. moparisthebest

    Excellent work again emus

  45. emus

    😙️ Thanks you moparisthebest ❤️