XSF Discussion - 2023-04-13

  1. Dele Olajide

    >Guus : do you happen to know if Jitsi Meet runs on arm64? If linux-aarch64 quallifies at arm64, then yes. They generate binaries for this label

  2. jonas’

    nice!

  3. goffi

    https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/ ==> would it be interesting to, and if so can we replicate this feature? An index of public keys which could be publicly audited by anybody.

  4. goffi

    my guess is yes to both questions.

  5. MSavoritias (fae,ve)

    Sounds like the pgp key directories or whatever

  6. Peter Waher

    Problem would not be such a public-key registry; it would be to what additional data such keys are associated… I.e. would such a registry permit “anybody” to extract information about users in the network…

  7. goffi

    in the blog, they say that they can remove uses and the key is left there but not attached to anybody. I'm not sure how they're planning to do that though.

  8. goffi

    remove users*

  9. Peter Waher

    If the database just consists of an ordered set of public keys, and a mechanism to see if a public key is used by anyone (true/false), by checking the existance of the key in the registry: What would the purpose of such a registry be in an open setting? If a fraudulent user wants to invent public keys, they could just populate such a list with the fraudulent keys… Typically, to check the validity of a public key, is to perform a challenge/response to the party that claims to have the private key. That would require communication access however. To do such a challenge/response via a public repository, the repository would need to know the JID of the party… And then the problems begin…

  10. mjk

    > > do you happen to know if Jitsi Meet runs on arm64? > If linux-aarch64 quallifies at arm64, then yes. They generate binaries for this label assuming the ISA version they generate code for is not too new

  11. goffi

    Peter Waher: sure, but you don't have to use publicly identifiable data. On top of my head, I can imagine a unique number only shared with contact with you you share presence data. This way you can link the public key to the user, while limiting the publicly identifying metadata.

  12. mjk

    > > do you happen to know if Jitsi Meet runs on arm64? > If linux-aarch64 quallifies at arm64, then yes. They generate binaries for this label assuming the ISA version they generate code for is not too new, like in the case of a certain "Python" package that tries to run illegal instructions on a raspberry pi 4

  13. Peter Waher

    It would still be considered personal identifieable data (pseudonymous identifier)

  14. Peter Waher

    pseudonymous here meaning that the information can be used, in conjunction with other (unspecified) data, to identify the person, according to the GDPR

  15. Peter Waher

    (GDPR still consideres such pseudonymized data to be sensitive, and must be protected, i.e. not publicly accessible)

  16. emus

    *Elbe-Sprint Hamburg 2023* I got the final confirmation. So feel free to book accomodations etc. & sign up in the Wiki. If you want to join, but don't got a wiki account ask me or others for a favor to do so (atm better ask others, as I am traveling 🙏) https://wiki.xmpp.org/web/Sprints/2023-06_Elbe-Sprint_Hamburg https://jabbers.one:5281/file_share/RD3geQ-OCYRKE1_6I0Hzweoe/elbe-sprint.png