Gajim - 2017-11-30

  1. bot Adoa Coturnix created an issue in _gajim_ <>: #8790: <gajim-nightly builds for debian/ubuntu not updated since August>
  2. bot Adoa Coturnix modified an issue in _gajim_ <>: #8790: <gajim-nightly builds for debian/ubuntu not updated since August>
  3. bot Yann Leboulanger pushed 1 commit to branch _refs/heads/gajim_0.16_ of _gajim_ <>: *71514417* <> update translation files
  4. bot Yann Leboulanger closed an issue in _gajim_ <>: #8790: <gajim-nightly builds for debian/ubuntu not updated since August>
  5. SaltyBones
  6. SaltyBones
  7. SaltyBones
  8. SaltyBones why is my stupid image previewer not working
  9. lovetox because this are not uploaded with httpupload
  10. lovetox we dont display random image links anymore
  11. SaltyBones what?
  12. SaltyBones why?
  13. lovetox because we had many complaints that this is insecure
  14. SaltyBones What you can do with this is track if I have read a message. Is there anything else I am missing?
  15. lovetox getting your computer to connect to a server and download something
  16. SaltyBones So what is supposed to be vulnerable here?
  17. SaltyBones The python library that downloads the image?
  18. SaltyBones The image library that opens it?
  19. zuglufttier Plus the mentioned tracking. You trust your contact, so you trust the server but you don't genereally trust some random server.
  20. SaltyBones And how many times a day do people go to random websites with images on the internet?
  21. SaltyBones Oh, I totally get the tracking I just don't care.
  22. SaltyBones I send chat notifications. :p
  23. lovetox the point is that we dont want to download stuff without user interaction
  24. zuglufttier Conversations is doing this as well.
  25. zuglufttier I care about tracking.
  26. SaltyBones zuglufttier, I care in general but I don't care if somebody knows that I read messages in this chat.
  27. lovetox its not about reading messages
  28. SaltyBones Then what is it about?
  29. lovetox they have your ip, know in which country or even town you live
  30. zuglufttier That's true for me as well. But I care if someone from knows that you sent me an image.
  31. zuglufttier Automatically.
  32. lovetox and yes its an attack vector, if i know that some clients download and execute something with a certain lib all the time
  33. lovetox i start to look into how i can exploit that lib
  34. zuglufttier Actually, it would apply to every person in this muc.
  35. SaltyBones Yes, so essentially what they would know is that somebody is loading images from their server. ;)
  36. SaltyBones And if they put a lot of effort into it they will know that I posted the image.
  37. zuglufttier You can expose every IP of the users here that way. Just load place the link to an image on a server that is under your control.
  38. SaltyBones The argument with the image library is also correct but it applies to server uploaded images as well and generally I think not displaying images because the library might have bugs is a little too paranoid.
  39. zuglufttier Almost instantly, you'll get the IPs in your log file.
  40. SaltyBones There are better ways to exploit an image library than sending people pictures in jabber.
  41. lovetox its just bad behaviour to just download blindly any link to any server that is posted in a muc
  42. SaltyBones "its just bad behavior" is not a new argument, just a summary
  43. lovetox even more so for a desktop client
  44. lovetox where is the problem with clicking on the link
  45. SaltyBones "the problem"
  46. SaltyBones Calling it a problem is an exaggeration.
  47. SaltyBones I just liked not having to do it and having the pictures in the same window...
  48. SaltyBones And I agree with your reasons for turning it off although I personally would have preferred it to stay on.
  49. zuglufttier SaltyBones, I completey understand what you mean. But I must say that in this case, security and privacy must be more important than convenience.
  50. SaltyBones This is actually an interesting point, is there a generic way for requesting ressources in gajim that can be used to block things?
  51. SaltyBones zuglufttier, I agree in general but in this case I think the win for security and privacy is negligible. At least in my case since I'm not in any public chat rooms where it is secret that I'm in them.
  52. SaltyBones There is no sandboxing for plug-ins or the like, right?
  53. zuglufttier A solution might be this: If a user pastes a link to an image, it will automatically get uploaded with http_upload.
  54. zuglufttier Right now, using xmpp will never leak my ip to some unknown server, only to those contacts/server I wanted to.
  55. zuglufttier If the pasted links get uploaded automatically, this will stay the same.
  56. SaltyBones interesting point
  57. SaltyBones If I send an image with httpupload
  58. SaltyBones will you get it from my server or from the muc server?
  59. zuglufttier Whatsapp does not display pasted links. Not that whatsapp is a reference in privacy...
  60. zuglufttier SaltyBones, I think from your server.
  61. Asterix A button to d/l it would be in the middle
  62. SaltyBones zuglufttier, than we have the same problem as before, right? :)
  63. SaltyBones
  64. zuglufttier No, I trust your server.
  65. SaltyBones You must not.
  66. SaltyBones You don't know me. I could have joined here and uploaded an image just to mine the IPs of the people here like before.
  67. zuglufttier I must. Somewhere trust must be established.
  68. SaltyBones Makes no difference except that I need a server.
  69. zuglufttier Yes, that's true. You could setup am xmpp server just to get my IP.
  70. SaltyBones Sure, but if we just passed everything through the muc server then only that needs to be trusted.
  71. SaltyBones zuglufttier, that's not a big step from setting up an http server just to get your IP.
  72. zuglufttier Yes, that would be the perfect solution. The MUC would act as a proxy server.
  73. SaltyBones :o
  74. SaltyBones Which one of you is using tor to connect to this chat?
  75. zuglufttier SaltyBones, you mean only tor or a hidden service?
  76. SaltyBones zuglufttier, so, if we have now established that the security gain from turning this feature off is that an attacker has to set up a jabber server can we turn it back on? :p
  77. zuglufttier SaltyBones, no. The problem is different if you look at private chats where you already know everybody. You trust every contact and only establish connections to these contacts.
  78. SaltyBones Yes, it's different in that then the security implication disappears completely.
  79. SaltyBones Because people you know and trust now send you the links...
  80. zuglufttier No, it does not. Just because I trust a person does not mean that I trust every link that that person is sending to me.
  81. SaltyBones pff
  82. zuglufttier The person might send that link without knowing that it could be bad.
  83. zuglufttier This is how social engineering works.
  84. SouL Yup
  85. zuglufttier If you know one person of a secret group, send a link to him or her.
  86. zuglufttier If that person is sharing the link, all IPs of the secret group are revealed.
  87. SaltyBones Yes, and they will pass it on and then everybody in that group will MIRACULOUSLY realize that the link is bad and not click on it
  88. SaltyBones except that it is trivial to create a link that cannot be distinguished from a trustworthy one
  89. SaltyBones and NOBODY will ever check
  90. zuglufttier They will if their lives depend on it.
  91. SaltyBones Then they can fucking not install the image preview plugin!
  92. SaltyBones Don't get me wrong I'm on your side in general.
  93. Tschaeggaer Why not, it previews images from a secure source which eases your life a bit. :P
  94. zuglufttier This is not only about gajim, it's about every client. Security and privacy must be usable that's why Conversations won't display that link as well. As well as whatsapp.
  95. SaltyBones I just think that it helps nobody to make things shitty assuming some sort of hyper paranoid absurd scenario....
  96. SaltyBones I mean this is exactly one of the reasons that omemo is so bad. Somebody decided that they need to trust every device of a user separately so that nobody can sneakily add devices and now it's essentially broken because my devices are suddenly every one of my contacts problem...
  97. Tschaeggaer it's always a decision between privacy/security and convenience. but this one is not really hyper paranoid.
  98. SaltyBones :)
  99. SaltyBones No, it's okay.
  100. zuglufttier Omemo has to start somewhere, it's not perfectly usable right now in every case, I agree. But look at the alternatives.
  101. zuglufttier :D
  102. SaltyBones zuglufttier, I constantly do and signal is way better....
  103. zuglufttier Apart from federation and your phone number as identifier.
  104. SaltyBones I mean you can complain about the political issues but from a usability point of view it clearly wins.
  105. zuglufttier Of course.
  106. zuglufttier That's why we're arguing here to create something better.
  107. zuglufttier After some time :D
  108. zuglufttier Personally I cannot tell my parents to use xmpp because it's not good enough right now. Always in comparison to those big players out there. But I also don't want to use signal because it's only 90% of the solution.
  109. Tschaeggaer but if think about it. most will click on the link anyway (if they are active at the time). i think to upload it automatically via httpupload would be the best solution. or if there's a placeholder that says smth like "loading this will reveal your IP to XY" with a clickable button.
  110. SaltyBones DEAR GOD NO
  111. Tschaeggaer :D
  112. SaltyBones
  113. SaltyBones Tschaeggaer, the problem with uploading is, that it only works for images but the problem exists for links in general. :p
  114. Tschaeggaer just smth that came to my mind, didnt really think about it. but you have to click on smth anyway
  115. Tschaeggaer i dont get it. links that are not images won't be previewed, where's the problem there?
  116. Tschaeggaer you cannot check if links are smth bad everywhere
  117. SaltyBones Well, the original problem is that people can send you bad links
  118. SaltyBones and clicking on the links leaks something about you
  119. SaltyBones what we removed is the automated clicking in some cases, that's all
  120. Tschaeggaer ah i c. yeah, ok, that problem exists, but it exists everywhere.
  121. Tschaeggaer yep
  122. SaltyBones And if the users cannot properly distinguish links anyway that doesn't really gain us anything. ;)
  123. SaltyBones Which, given that most user interfaces allow styling and hiding the real link behind arbitrary text is impossible anyway.
  124. SaltyBones And also it is a commonly assumed that clicking on a link is safe.
  125. Tschaeggaer kinda safe
  126. SaltyBones Indeed.
  127. Tschaeggaer i just want to know: what does whatsapp do, if you post a link to an image (e.g. abc.jpg)?
  128. zuglufttier Like a said, it behaves the same as gajim or conversations.
  129. zuglufttier Doing nothing.
  130. zuglufttier It just shows the link.
  131. zuglufttier Which seems to work, even for non-tech people.
  132. zuglufttier About a billion people or so.
  133. Tschaeggaer ok, so we can constitute that this is nothing which prevents a program from becoming popular. :D
  134. zuglufttier Most people "share" images via inbuilt functions of android or ios and that will work different.
  135. zuglufttier Which is how it would work in Conversations as well. Using the share method of the OS will upload the picture properly.
  136. zuglufttier This sharing is just a concept that traditional desktop systems don't use. But those are also dying.
  137. SaltyBones :D
  138. SaltyBones that would be something
  139. SaltyBones while we're at it
  140. SaltyBones how does gajim determine if an image was uploaded using http_upload?
  141. bronko SaltyBones, it adds extra information to the message, if i am right this is where it happens:
  142. bronko SaltyBones, it adds extra information to the message, if i remember correctly, this is where it happens:
  143. zuglufttier This is the image you uploaded earlier: Its just coming from the defined place on the xmpp server you're using. I don't know if the image itself is getting some metadata but I doubt it.
  144. bot My created an issue in _gajim_ <>: #8791: <gajim crashes after OTF filetransfer, no more filetransfer ....>
  145. SaltyBones zuglufttier, I prefer bronko's explanation because I doubt there is a good way to do it just using the link....
  146. zuglufttier May do a diff on both files.
  147. zuglufttier Pretty easy to do ;)
  148. bronko use the XML console and check if there is extra information when sending a link vs using httpupload
  149. SaltyBones send one! :)
  150. lovetox yes the information is transported with xml
  151. dwd The specification is this one:
  152. zuglufttier
  153. lovetox dwd this happens outside of spec :)
  154. dwd And is actually under Last Call at the moment, so if you've input that'd be very welcome indeed.
  155. zuglufttier
  156. SaltyBones (zuglufttier, you are sending chat states btw)
  157. zuglufttier I know :D
  158. SaltyBones so looking at the xml console
  159. lovetox you can just ask what you want to know?
  160. SaltyBones
  161. lovetox its not a secret..
  162. SaltyBones what's not a secret?
  163. lovetox how we detect that ist a httpupload url
  164. bronko this should be it: "<x xmlns='jabber:x:oob'>"
  165. lovetox its because clients add a oob tag
  166. lovetox and before you say it, yes this can obviously be faked
  167. SaltyBones yeah, but the clients faking it is not the point
  168. zuglufttier lovetox, would that even be possible with omemo?
  169. zuglufttier Faking it, I mean.
  170. SaltyBones no, I think I'm fine with this but some weird detection based on the url would have been shitty ;)
  171. lovetox with omemo there is no oob tag added
  172. lovetox but the file does have the key attached to the link
  173. lovetox so we know its a httpupload
  174. SaltyBones yeah, but if I just craft a link that looks like that it will download the file and only then decryption will fail
  175. SaltyBones but then the IP has already been leaked
  176. SaltyBones so that's not good, I think
  177. zuglufttier I just thought about that as well. True, it's not perfect like this.
  178. zuglufttier The URL could be compared with the URL that is provided if you lookup the services of the xmpp server.
  179. zuglufttier Still not perfect ;)
  180. SaltyBones zuglufttier, also doesn't work. You use a weird url and put up your own dns server. Maybe you don't directly get the IP anymore...
  181. SaltyBones aesgcm://
  182. SaltyBones aesgcm://
  183. SaltyBones hm..yeah... :D
  184. mathieui aesgcm:// urls are not nice for browsers
  185. SaltyBones so on the plus side, I can upload encrypted images if I copy them over from an omemo chat ;)
  186. mathieui on the other hand, I cannot open it
  187. SaltyBones it does seem to defeat the detection that was added to the url preview plugin
  188. SaltyBones mathieui, yeah that's okay...
  189. SaltyBones aesgcm://
  190. SaltyBones here's another one that nobody can oben because the key is wrong :p
  191. zuglufttier Yep, I'm already clicking like mad.
  192. zuglufttier At least in mucs, a proxy for images would be nice.
  193. zuglufttier Right now, you are leaking your server info all the time if you use http_upload.
  194. zuglufttier And use a pseudo-anonymous muc.
  195. SaltyBones jup
  196. SaltyBones what is "pseudo-anonymous" though? :)
  197. zuglufttier This muc: The admins or moderators see the full JIDs but not the participants.
  198. SaltyBones hm
  199. SaltyBones I guess that's as anonymous as it can be withous using something like Tor :)
  200. bot Yann Leboulanger pushed 1 commit to branch _refs/heads/master_ of _gajim_ <>: *79ba8182* <> better parse of version in config file in case old sha version of git is used (-xyz instead of +xyz)
  201. zuglufttier Though it's giving you a false sense of anonymity.
  202. bot Philipp Hörist merge request for _gajim/master_ <>: Add new Join Groupchat dialog
  203. bot Andrey Gursky created an issue in _python-nbxmpp_ <>: #45: <smack acks not sent in time>
  204. bot Yann Leboulanger proposed a new merge request for _gajim/master_ <>: refactor the way we call SQL
  205. bot Yann Leboulanger pushed 2 commits to branch _refs/heads/master_ of _gajim_ <>:
  206. bot Yann Leboulanger merged a merge request for _gajim/master_ <>: refactor the way we call SQL
  207. bot Andrey Gursky proposed a new merge request for _gajim/master_ <>: Fix appearance of status icon in MATE
  208. bot Andrey Gursky merge request for _gajim/master_ <>: Fix appearance of status icon in MATE
  209. andrey.g In the second message from bot there are two white spaces before "merge request". "edited PR message" lost?
  210. lovetox yeah something is missing