XSF Discussion - 2024-08-13


  1. singpolyma

    > The problem I see with that is that you and your contacts have to agree on which encryption method to use (and spoiler: they won't) I think it's sane to use PFS with a contact who does no matter the setting. Probably. Obviously the devil is in the details and I can't know until I've tried it

  2. singpolyma

    > Also OMEMO vs PGP isn't only PFS or not there's a ton of other trade-offs Hmm. Which specific ones are you thinking of?

  3. moparisthebest

    Plausible deniability is another, with PGP you don't have it if you sign your messages

  4. singpolyma

    Oh sure, signing vs not is a seperate axis

  5. moparisthebest

    not really, OTR (and presumably OMEMO) give you plausible deniability *and* signatures

  6. singpolyma

    sort of. the explicitly don't give you signatures that's why they have deniability. They give you a kind of in-the-moment authenticity which I agree is for many cases probably equivalent to signatures

  7. singpolyma

    though deniability is all hypothetical anyway since courts in practise don't care about cryptography and just ask witnesses "did you say this?"

  8. ManDay

    the polite ones that is

  9. MSavoritias fae.ve

    the device to device/account to account MAM was what i was thinking too specifically yeah

  10. debacle

    > though deniability is all hypothetical anyway since courts in practise don't care about cryptography and just ask witnesses "did you say this?" That. And not only courts. If you are in conflict with e.g. a criminal organisation or a intelligence service, they will not discuss with you anyway.

  11. debacle

    > though deniability is all hypothetical anyway since courts in practise don't care about cryptography and just ask witnesses "did you say this?" That. And not only courts. If you are in conflict with e.g. a criminal organisation or an intelligence service, they will not discuss with you anyway.

  12. dwd

    Speaking of OMEMO (or whatever is actually deployed), is there a usable non-GPL library out there yet?

  13. lovetox

    python-omemo is MIT

  14. dwd

    Ah, interesting, thanks. I might have to write one in C++. :-)

  15. qy

    libomemo? its enough to use.

  16. Guus

    Am I right to say that _removing_ a value from a data form involves submitting the form field without a `value` (as not submitting the field at all should not cause the recipient to apply a change)?

  17. singpolyma

    Depends what you mean by removing, but yes

  18. singpolyma

    Set to null vs not set at all

  19. Strix

    I've previously pitched the idea of having time based (temporary banning) before, but would like to take this opportunity to remind everyone again of the idea. It would be great to have the ability of banning users in MUC's for a limited time when a permanent ban is too extreme.

  20. singpolyma

    Would be a fun module, probably not too hard

  21. Strix

    I wonder if the XEP needs to be adjusted/updated to accompany this change?

  22. nicoco

    I don’t know how relevant or interesting this is but here I go: telegram does not have kicks or permaban, but only has temporary bans, kicks being ‘ban for 0 minutes’ and our ‘permabans’ being ‘ban for 50 years or so’\

  23. nicoco

    Strix: as singpo

  24. lissine

    Strix: you can do this without editing the XEP e.g. if it's a server module that's used with adhoc commands. But if the feature is to be exposed to clients, then I think it should make it to the XEP (or to a separate new one)

  25. nicoco

    Strix: if we want a nice UI for that in clients, some sort of spec would need to be drafted. It is already implementable with adhoc commands I think, as syngpolyma said it may be a few lines of Lua for a prosody modules (or maybe more)

  26. lissine

    :))

  27. nicoco

    💕 I guess 😊

  28. singpolyma

    Yeah, as per my usual opinion on these things I think if someone prototypes with ad hoc commands then it can work and get the benefit immediately, then we can spec that as a "well known" command in the future in a xep for clients that want to pull it out into extra special UI more easily

  29. Guus

    XEP-0045 "Granting Owner Status": > If allowed by an implementation, an owner MAY grant owner status to another user; Is there a way to detect support for this?

  30. lissine

    > telegram does not have kicks or permaban, but only has temporary bans, kicks being ‘ban for 0 minutes’ and our ‘permabans’ being ‘ban for 50 years or so’ https://www.pcgamer.com/games/something-awful-forumite-achieves-posting-godhood-emerging-from-the-void-after-100000-hour-11-year-ban-to-continue-the-same-argument-from-2013/

  31. Seve

    Was about to share the same exact link 😁

  32. moparisthebest

    A client could also implement temporary bans entirely on the client

  33. moparisthebest

    Once I tried a temporary ban from cheogram only to realize I had to install gajim to reverse it 💀...

  34. lissine

    Client bans in MUCs are not robust. Most clients don't block measages from mam that originate from a blocked user.