• 4 Posts
  • 42 Comments
Joined 4Y ago
cake
Cake day: Feb 20, 2021

help-circle
rss

https://jaas.8x8.vc/#/pricing

(I have never used their commercial offering).


Jitsi works really well, and the developers seem to have made an effort to have it work well on any platform, even mobile browsers and PSTN. I’ve always found it the lowest friction teleconferencing method for all types of users.

It’s self-hostable, integrates with SIP, and 8x8’s commercial offering mentions HIPAA, BAA and GDPR.




Migadu is a decent option if you don’t want to self-host.


It’s no use. “VPN” means gateway/MITM service, just like “crypto” means digital tulip mania.

Today’s episode brought to you by our friends CoinSkank™ and EchelonVPN.


The article does not explain the primary design purpose of a VPN – providing an encrypted tunnel into or between two private subnets.

For example, your home subnet is typically all 192.168.nnn.nnn addresses – a class of addresses which the wider internet does not route, and which your router/modem does not allow the wider internet to access unless explicitly permitted.

Say you have a NAS on your home network, and you want to access it from your laptop while at a cafe; you could set up a VPN between your laptop and your home router, and it can make your home network appear as your local network to your laptop, giving you access to your NAS.

Or between two office locations of a business – their database servers, accounting systems, printers, etc can all be freely accessible between offices without being exposed to the wider internet.


Yeah, I was doing some more reading and I think it might only be the newest version of the UnifiedPush spec which requires the message to be encrypted.

I noticed that the examples given on https://codeberg.org/iNPUTmice/up/src/branch/master/README.md are unencrypted.


I mean ntfy’s primary purpose is not dependent on UnifiedPush – all UP functionality could be removed and ntfy would still work as intended.

Ntfy server knows how to be a UP gateway, and relays those messages to the ntfy app, which knows how to be a UP distributor.

As far as I understand it, a client app using UP to recieve push notifications does perform a registration step with the UP gateway (via the distributor app which communicates with the gateway via its own transport), which sets up and responds with the api endpoint details, which the client app relays to its servers, which can then send UP notifications via the specified gateway.


You could have a look at the messages ntfy is passing around using its trace function: https://docs.ntfy.sh/troubleshooting/


It doesn’t matter. Even if the ntfy message was plaintext, that plaintext content would be a UnifiedPush “Push message” which is the RFC8291-encrypted raw POST data.


Not really. “Use” isn’t a well defined word in this context.

The ntfy server/client and the protocol it uses is merely the conduit for the UnifiedPush protocol. Sort of like how tls or ssl are a conduit for http.

In its typical primary use, ntfy is unrelated to UnifiedPush.


a private DNS server that only has records from your local services would at least prevent apps from reaching out as long as they aren’t smart enough to fall back to an IP address if DNS fails.

Yes, this. It’s important that your local DNS server does not even forward queries from the isolated subnet to external DNS, because these queries (and responses) can contain information. (“DNS tunneling”).


What will this mean for Lemmy instances? XMPP servers? Email servers?

What if a 15 year old runs their own personal Mastodon server? LoL this is gonna be yet another entertaining Australian government shitshow.


The government is being pretty coy about the details, so most of the article is necessarily conjecture. Selected excerpts from the article: >**The definition of a social media service, as per the Online Safety Act** > >An electronic service that satisfies the following conditions: > > 1. The sole or primary purpose of the service is to enable online social interaction between two or more end users; > 2. The service allows end users to link to, or interact with, some or all of the other end users; > 3. The service allows end users to post material on the service. > Under the proposed changes, it will be the responsibility of social media companies to take reasonable steps to block people under 16. > **How will your age be verified?** > >The government's legislation won't specify the technical method for proving a person's age. > >Several options are on the table, including providing ID and biometrics such as face scanning. > >The government's currently running an age assurance trial to assess all the methods, and it's scheduled to continue into 2025. > >Based on the results of that trial, eSafety commissioner Julie Inman Grant will make recommendations to platforms. > >It's possible that Australians will be asked to provide their IDs or biometric data directly to social media companies in order to use their platforms, but that's not guaranteed. > >Many of the big players, including Meta, have instead argued for the age verification onus to be placed on app stores, rather than individual platforms, as that would mean proving your age once — rather than every time you sign up to a platform. > >It's also possible that a third-party company that specialises in ID verification will act as a go-between between users and social media platforms. > >No matter which model is adopted, the prime minister has said privacy protections will be introduced to cover any data people end up providing.
fedilink

I think a lot of comments have missed that ntfy.sh does not use UnifiedPush, the ntfy server is a UnifiedPush provider and the ntfy app is a UnifiedPush distributor.


Regarding encryption of the push message, from https://unifiedpush.org/developers/spec/android/ :

Push message: This is an array of bytes (ByteArray) sent by the application server to the push server. The distributor sends this message to the end user application. It MUST be the raw POST data received by the push server (or the rewrite proxy if present). The message MUST be an encrypted content that follows RFC8291. Its size is between 1 and 4096 bytes (inclusive).


That rules it out for me then. I like to use XMPP+OMEMO with about 4-5 clients which I can continue a conversation with at any time. Main mobile, tablet, desktop, other desktop, and backup mobile which is usually switched off. (Even if a device has been missing for too long and run out of OMEMO keys, the keys sync up again once I send a message with it.)


You have to trust the servers with your metadata, and that the servers have their inter-server communication locked down, but at least you can choose/operate servers.

Some clients are a bit flaky with their e2e encryption defaults or from a UI perspective it is easy to send an unencrypted message (in a new chat for example) before noticing that was how it was set.

There are a few XEPs the server needs which enable things like OMEMO, efficient mobile data/battery use, offline and multiple device deliverability, file transfers, etc. Audio/video calling has various requirements as I think xmpp only facilitates the setup of the call.


XMPP lacks good clients and suffers from fragmentation of protocol standards implementation

  • For Android: Conversations is excellent, also on F-Droid if you don’t want to use the Google store.
  • For iOS/MacOS: Siskin or iOS/MacOS: Monal.
  • For Linux/Windows: Gajim or Linux: Dino.

“Protocol fragmentation” is not a valid complaint about XMPP – it’s like complaining that ActivityPub is fragmented; but that’s not a problem: you use the services (Mastodon, Lemmy, Kbin, etc) built with it which suit your needs, mostly interacting with that sector of the federation (eg, Lemmy+Kbin), but get a little interoperability with other sectors as a bonus (eg, Lemmy+Mastodon).



Most people1, even in this very thread, clearly don’t […]

  1. Signal shill-bot personas.

MP Bob Katter would disagree that crocodiles are non-political: https://youtu.be/_ih1EuMLspY


If that’s the main problem then that’s easy to solve! Simply use a free public xmpp server.

I mention the self- and paid-hosting options because businesses tend to like having a sevice agreement backed by a contract, and may have additional specialised requirements not provided by free services (xmpp or otherwise).


XMPP. A business can self-host, there are public servers, or there are many businesses which offer customised xmpp hosting as a service.

I can be federated with other xmpp servers or be a locked-down work-only service, or federate with chosen other servers (such as a client company’s xmpp servers).



“Current AI models cannot forget data they were trained on, even if the data was later removed from the training data set,” Han’s report said.

Bullshit. You delete the entire model and start again.



It’s a talking-head video presentation on a well-known video publishing website.

Given your browser couldn’t show anything useful from that webpage, @kugmo@sh.itjust.works offered a solution: just feed the URL into mpv, which happens to be excellent at playing audio/video from web pages if you also have yt-dlp installed.


Siskin has been working well for some people I know on iPhone.

There used to be some settings you need to tweak, not sure how it is these days:

screenshots of siskin config screens showing how to configure it

Monal has also been getting some regular development and is worth trying out.


Huh? Why not use K-9 or Fair Email?

They’re both excellent email clients.


LineageOS still phones home to Google for most things.

Do you have a source on this? I thought LineageOS was completely de-googled now.



Conversations on Android and Siskin on iOS.

One non-techie parent has Siskin running on their iPhone and it hasn’t skipped a beat in years of messaging using omemo-encrypted XMPP. For servers, they’re on tigase.im and I’m on conversations.im.

Here’s a guide on optimum siskin settings; I don’t know if defaults are better now or not.

Conversations.im is free on fdroid but it’s well worth paying something to the developer directly.


Yeah, there’s a distinct lack of nonsense with Migadu.


It’s always crickets when the issue of improper poor ranking of XMPP is addressed in these threads…


Yep. Really need to compare the best-practice XMPP clients (e.g. Conversations, Siskin), not half-developed clients more suited to the XMPP landscape of 20 years ago. – Just as Matrix’s ranking in the table is high because only the state-of-the-art clients are considered – there are plenty of Matrix clients which don’t support e2ee, for example.

This list of mistakes isn’t exhaustive, but extending from poVoq’s mentions, here are some things XMPP(conversations) does actually have positive findings for:

  • End to end encrypted by default [OMEMO]
  • End to end encryption is available [OMEMO]
  • Voice/video calls are end to end encrypted [“calls are always end-to-end encrypted with DTLS-SRTP”]
  • Utilizes Perfect Forward Secrecy [OMEMO]
  • Data is encrypted in transit [TLS and OMEMO]
  • You can verify contacts out of band [https://gultsch.de/trust.html]
  • There has been a third party code audit [2016]
  • Provider can scan for illegal content [If you send content unencrypted, otherwise no different to Matrix/Signal]

I’m not sure there’s much differentiation between any apps when it comes to “What can the apps hand to police?”; if the police have physical access to your device and app, they have access to everything you do on that device/app.





[Panquake](https://lemmy.ml/post/139820) have released some source code. Not for Panquake itself, but for a link shortening service. I suppose it's a brand-exposure exercise. https://talkliberation.substack.com/p/panquake-early-release-pnqk-now-available
fedilink

Here are the github repository, issues and comments immortalised for posterity in IPFS:

The issues and comments are in github json format – if anyone wants to collate them into a human-readable text or html file, please do so.

Edit: Its immortality of course depends on you to access and pin the content.


**"Mr Rolles was arrested in late June, when he was pulled off the street in Sydney for allegedly blocking roads and obstructing traffic."** > Since late June, Greg Rolles must produce on demand his computer and mobile phone for police inspection, and tell them his passwords. > > He is not allowed to use any encrypted messaging apps, like Signal or WhatsApp. He can only have one mobile phone. > [...] > > These are the strict technology-related bail conditions imposed on some Blockade Australia climate protesters — a development legal experts have criticised as "unusual" and "extreme". > [...] > > Defence lawyer Mark Davis, who is representing some of the Blockade Australia activists, said the vagueness of the prohibition was concerning. > > "It used to name the things you couldn't have, and then they made it all encrypted communication," he said. > > "It could be you're on your PlayStation." > > He also takes issue with the non-association rules, and the lack of specificity about what an "association" might be. > Mr Davis said one of his clients had been pulled in by police after they reacted with a "thumbs up" emoji to Facebook comments [...]
fedilink

DuckDuck…Gone: “Why not signal”
So, this is interesting. I wanted to find that essay by [@dessalines@lemmy.ml](https://lemmy.ml/u/dessalines) outlining the many issues of Signal and suggested alternatives, but DuckDuckGo had _nothing_ for me. Not on the first page, not on the 2nd, 3rd, 4th, 5th page. I thought maybe I just imagined the title, but sure enough, on searching lemmy posts, [it was right there](https://lemmy.ml/post/81033). Then I thought "hang on, there's hardly a mention let alone criticism of signal on any page of those search results!". Hmm.. the wording might be a bit ambiguous, but let's compare: - [DuckDuckGo "why not signal"](https://archive.ph/IeWpR) - NOTHING - [Google "why not signal"](https://archive.ph/j5tTb) - Plenty of results! Dessaline's essay is first up, followed by a plethora of discussions about the essay on HN, Reddit, lemmys, mastodons, and more. Not evil! ..this time. - [DuckDuckGo "why not signal" dessalines](https://archive.ph/09kpY) - Okay, so DDG has indexed it just fine. Maybe dessalines is "downranked" à la RT.com? - [DuckDuckGo "why not market socialism"](https://archive.ph/mKuAb) - Nope, finds one of dessalines' socialism essays just fine, half way down the page. All of the following except Gigablast returned a healthy list of results including the original essay: - [Qwant "why not signal"](https://archive.ph/T7EWn) - [Bing "why not signal"](https://archive.ph/MwiNa) - [Brave "why not signal"](https://archive.ph/4n1MA) - [Gigablast "why not signal"](https://archive.ph/Sjiwf) - [Mojeek "why not signal"](https://archive.ph/fRiUd) - [Startpage "why not signal"](https://archive.ph/7dhKj) - [Yandex "why not signal"](https://archive.ph/ffQLv) - [Paulgo (searxng) "why not signal"](https://archive.ph/ksOg7)
fedilink