Gajim - 2025-08-23

🅷🅾🅻🅻🅾🆆 🅺🅽🅸🅶🅷🆃 🆂🅸🅻🅺🆂🅾🅽🅶 https://youtu.be/HYFyIinfyyc

> But of course 5 minutes is debateable is a timer really necessary at all if it's restricted to last message anyway? I'd say either or makes sense but both is a bit much imo ↺

hau: it all depends on the other clients as well. If other clients don't _accept_ corrections after a certain time, raising the time on one side does nothing

Pictures are not encrypted in xmpp

They are send over links

And not being deleted after receiving

They are end to end encrypted when sent with omemo. To decrypt the link you need the key

> They are end to end encrypted when sent with omemo. To decrypt the link you need the key The problem is the link exist ↺

And anyone with the link can access the photo

Every photo is stored by a link

deutschland: no, that's wrong

I made a video proof https://monocles.eu/file_share/068a970b-a659-7a70-b411-627d0233cf9f/recording_20250822_221617.mp4

Basically monocles is another account than the one on conversations

Try opening the link in a browser

> Try opening the link in a browser Just watch the video 🤣 you can try it yourself ↺

hi! i'm new to gajim/xmpp. thanks to anyone that can help me... i see where to select PGP encryption before sending a msg but where do i go to upload the PGP key?

I know you can do the video in double speed because I'm hellish slow

All you did was copy a link. Someone else outside of that chat can't get the image with that link

> All you did was copy a link. Someone else outside of that chat can't get the image with that link But the video shows the opposite ↺

> All you did was copy a link. Someone else outside of that chat can't get the image with that link I pasted it in another chat with another account in another app and downloaded it ↺

And it showed as shown in the private chat with omemo

Quantum computing will be funny for xmpp

But I think for quantum computing crypto will be the first target before governments spy our chats

Ah opsy, I misunderstood Yeah seems like the link you copied had the keys to decrypt it as well. So the link encrypted with omemo, and the image is encrypted with AES-256 and the keys are in that link. So someone with the link can't access the image, they need the stuff after the # to open it https://xmpp.org/extensions/xep-0454.html#aesgcm

That's a security issue

Should be fixed

Omemo has to be rebuild

Have at it

> Have at it A possible solution would be already if the link destroys after arrival ↺

As for quantum computing check out "Quantum attacks" under https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

> As for quantum computing check out "Quantum attacks" under https://en.wikipedia.org/wiki/Advanced_Encryption_Standard I know what quantum computing is, I mean technically it will be possible, what I said in the near future. ↺

Well you can work with quantum computers against quantum computers

Make every second randomly links being destroyed

deutschland: servers have retention periods. Files are not forever on a server. If it's not secure enough use your own server and set the retention period to a minute, but that's nothing Gajim can change.

> deutschland: servers have retention periods. Files are not forever on a server. If it's not secure enough use your own server and set the retention period to a minute, but that's nothing Gajim can change. You could bring me in your security team, and we figure out a way to make server protected. But I only got ideas I can't implement the ideas but I can tell people what they should do ↺

And in the end you will have government protection. But idk if that's something someone would want to have if there is briar...

Actually maybe what I said already exists on linphone maybe it's not worth what I said

I don't understand shit about lime in linphone 😂

I don't understand why people instead of signing a document with a key _***delivering_*** it decrypting it local on device.

Such that the document is only seconds on the server

Lightly encrypted

If the server you are using does not match your needs consider switching or hosting your own

Gajim can't do much from here

anyone gonna do anything about 0xCatPKG, ansper08 and Gurteltier just spamming connects disconnects? its driving my gajim insane every time i open this chat

https://downloadable.pain.agency/file_share/068a9790-4252-75ac-a5e0-371c19bc4c45/ffeb5904-56fd-4efd-a87c-0ffde12a5225.png

its like 50 reconnects a second

test

yes give me a moment

Thanks for mentioning it, but is this really useful to have joins/leaves shown in a big chat?

i normally dont mind leaving it, i like to see the general activity, but i figure even if i had the activity hidden the memberlist updating would still be putting load, and its probably putting load on the server

yeah no definitly, im not suggesting ignoring it, if i know i kick them

i just wondered that someone notices at all, because i never have this option enabled here

Spam

https://monocles.eu/file_share/068a970b-a659-7a70-b411-627d0233cf9f/recording_20250822_221617.mp4

Spam

deutschland, both your file and the link are encrypted. only you can decrypt the link. only if you have the link, you can decrypt the file. so the file is safe on the server, and only you can decrypt it. if someone spies on you _on your computer_, all hope is lost anyway.

this is how WhatsApp/Signal works as well, btw

> deutschland, both your file and the link are encrypted. only you can decrypt the link. only if you have the link, you can decrypt the file. so the file is safe on the server, and only you can decrypt it. if someone spies on you _on your computer_, all hope is lost anyway. But watch the video that I have posted ↺

Maybe you can't see it because I turned off orbot to send t wait I'm sending from another account

There we go

https://share.conversations.im/lolhdhxhchc/message/PazHtK2Ontv2Sims/recording_20250822_221617.mp4

deutschland, I think there is a misunderstanding here. If you share the _full_ link, others can download and decrypt the file.

Basically what I did is to send a video privately with omemo then I copy the link pasted it in another account and the other account could fetch the video

Gif

> deutschland, I think there is a misunderstanding here. If you share the _full_ link, others can download and decrypt the file. That's the issue :D

There is a `#fragment` attached to the link, which is required to decrypt the file.

So an admin can't decrypt the file, because the fragment is not part of the file's path

> There is a `#fragment` attached to the link, which is required to decrypt the file. It should be deleted from server after arrival

But if for example a file being deleted then the server knows this is a file which can be decrypted :D

Only people having both path and fragment can decrypt the file.

> Only people having both path and fragment can decrypt the file. What holds you back from finding out the key?

encryption?

> encryption? the key can be found out by quantum computing

Nobody but you have that fragment decrypted. If you share the link, that's on you

> > encryption? > the key can be found out by quantum computing Now you're trolling. ↺

Not at all

Give it a few years and we will have to decrypt it for attacks of quantum computers

Encrypt*

My poor english

Let's give it a few years then 🙄

Afaik Intel processors are not even using 1% of their regular potential, they just stopped optimizing

Ok 1% is a bit overvalued

Maybe they could optimize 10x out of their CPUs if they would work on it

Even the very old CPUs of Intel could be made 20 times faster

At this point I have to ask you to stop, since this leads nowhere and has no connection the Gajim.

cal0pteryx : don't waste your time, lolhdhxhchc and deutschland are just trolling on multiple XMPP channels since 3 days and sending the same images

Codimp, it's not wasted time if people (in this room) have a better understanding of the matter afterwards

hum, you're right

> Codimp, it's not wasted time if people (in this room) have a better understanding of the matter afterwards Well I would simply delete the file from the server ↺

> hum, you're right Not a troll

Well you need a server that is very resistent against quantum attacks too

So that they can't fetch the data

what do you think quantum computing is?

lolhdhxhchc, final warning :) stop now, or be gone

the fragment uses AES, which isn't specifically vulnerable to quantum computers as far as I know

> what do you think quantum computing is? Solving merge sort in lightning speed

wurstsalat pushed 1 commits to branch gajim/master fix: VCard grid: Fix setting birthday - https://dev.gajim.org/gajim/gajim/-/commit/e0598f34f25aa17e1c57b9e633216b2896f8f9da

lolhdhxhchc: you got no idea

> lolhdhxhchc: you got no idea When you can go all ways the same speed then you solve the key fast

it doesn't do "all possibilities at the same time", it's much more boring than that

> it doesn't do "all possibilities at the same time", it's much more boring than that It will do

lolhdhxhchc: the speed up comes from having negative intereference amplitudes

wurstsalat pushed 1 commits to branch gajim/master cfix: Quit dialog: Fix dialog name - https://dev.gajim.org/gajim/gajim/-/commit/705091d4edb9a238b922f0b205e932ff0995f958

> lolhdhxhchc: the speed up comes from having negative intereference amplitudes Don't underestimate the inventions

It might not be a teleporter

But doing what I said will be very likely

:-)

wurstsalat pushed 1 commits to branch gajim/master fix: VCard: Catch timeout error while receiving VCard - https://dev.gajim.org/gajim/gajim/-/commit/22719bb189e859fd362b2114359dd59d27bee3a4

wurstsalat pushed 1 commits to branch gajim/master fix: File transfers: Fix cancelling file transfers - https://dev.gajim.org/gajim/gajim/-/commit/8e969eaa10b6cf6f07095613213080f513d88cc8

> Click your account avatar, on the page there is a menu, search the archiving preferences menu, and check if the dropdown says always Thank you! This worked! ↺

> We only support currently correcting the last message and only if it was sent by Gajim and only within I think 5 mijutes Only last message AND only last 5 minutes is too restrictive Don't have a number of last message limit if it's a 5 minute limit Also should make that 1 hour limit ↺

Spam

Spam

Spam

Spam

Spam

Spam

Spam

Spam

Spam