XSF Discussion - 2022-03-07

emus: Great, thank you!

With pleasure!

The current situation around Ukraine and especially Russia really shines another light on disappearing (self-destructing) messages.

Maybe those should be revisited

vanitasvitae: what's the connection exactly?

I feel like for people in russia who are chatting with people from abroad, now is possibly a good time to activate disappearing messages when talking about certain topics / naming certain events

There are reports of people being stopped by authorities in the street, not being allowed to leave until they've looked at your phone. I'm not sure if this is new, or not happening in other places - but I can see how this supports the argument for having ephemeral messages.

exactly

Not sure if there ever was an argument to not have a XEP for ephemeral messages?

A quick google results in https://xmpp.org/extensions/inbox/ephemeral-messages.html

I can only speak for myself, but I mostly rejected the idea so far, as the sender cannot guarantee that the receiver really deletes the message. I have not really considered that ephemeral messages are also intended to protect the sender

But I changed my mind 🙂

Push for clients to have a "clear the last n minutes of history" button or something? Doesn't strictly have to be a protocol

And will you always know ahead of time what messages may be considered incriminating in the future?

I like signals model of activating disappearing messages per conversation

vanitasvitae, Conversations already supports clearing history after a period of time

If other IM solutions have forms of ephemeral messages, then that's a strong suggestion that there is a end-user desire to have this. I'm not sure if it is up to us to debate if that demand is valid. With that in mind, 'properly' supporting it with a XEP seems reasonable. I'm not sure if we can reasonably guarantee that messages are indeed removed (as we can't control the implementation), but that's a matter for the security notes in the XEP, I think.

"ephemeral encryption" might be more useful. Not so much "clear recent history", but if you delete the keys to an encrypted message, useful metadata remains, but incriminating content gone, and with OMEMO using a key-per-message, quite possible

Isn't OMEMO already like that?

Most impls store all key for all messages forever and give no option to delete them

But yes with a client reset, it would be

No perfect forward secrecy

I'm reasonably certain that most implementations throw the key away but keep a plain text copy of the message

Oh thats even worse

MattJ, ralphm, arc, jcbrand: any vetos to add the members list to the community/maillists page? https://mail.jabber.org/pipermail/members/

I think its missing there

https://xmpp.org/community/mailing-lists/

It's an internal list that people can't join so it doesn't seem useful to have it on a community mailing lists page

agreed. but maybe we should have it there out if completeness

Well, the archives are public, so I don't mind adding it there, with the note that you have to be a member to be able to subscribe. Or somesuch.

of course

oh I was thinking the archives were private; nevermind, that makes sense then

FYI

https://summerofcode.withgoogle.com/programs/2022/organizations/xmpp-standards-foundation

Yes, I am fixing things already 🙂

microsoft just emailed me a security code and it was "5222" <_< >_>

thanks for sharing that

😀

Thats a sign!

yea a sign *they* are watching

Scary

https://twitter.com/xmpp/status/1500966819045199873 https://fosstodon.org/web/@xmpp/107917701995916850

Excellent work again emus

😙️ Thanks you moparisthebest ❤️