-
Azeez
Hi, how can I implement view once functionality with XMPP?
-
MattJ
Azeez: this is not really a protocol thing
-
MattJ
To be honest it's not really a computing thing, there is no 100% secure/correct way to implement "view once"
-
MattJ
Snapchat for example has many ways to bypass their functionality
-
MattJ
And all the attempted restrictions are implemented in the app. For example, display the message, then delete it... simple. Android had an API for apps to disable screenshots, I assume iOS has similar. On desktop... good luck.
-
jonas’
no, not good luck
-
jonas’
the worst of luck, actually
-
jonas’
we don't need no more DRM
-
pep.
^ this
-
MattJ
But all these are app things, not protocol things. The most you'll potentially want from the protocol is a way to indicate that this "view once" functionality should be enabled for a given message, there's no standard for that (nor much interest in one AFAIK) but it's trivial to add it yourself
-
jonas’
(regarding the screenshot or screencast stuff… if both parties consent to the removal of a message from the client after reading, that's ok; but don't introduce APIs to prohibit desktop-wide things, that's just dangerous)
-
pep.
There's probably interest in it, given how many proprietary apps use XMPP, just that they probably don't care submitting it
-
jonas’
I seem to recall it was even rejected once
-
pep.
heh
-
jonas’
message expiry or so?
-
pep.
I don't know about this one. I know about ephemeral messages but I guess (hope?) that's not what you're talking about
-
MattJ
That's the one I think of
-
pep.
It's not the same goals to me :x
-
pep.
It's about the same signaling for sure
-
MattJ
What's the difference?
-
pep.
The goal is to "prevent" cops to access the message in the device, not the user. (Note the quotes)
-
Zash
FDE?
-
pep.
That's one more thing sure
-
pep.
(FDE is close to FDO in French, which means Force De l'Ordre, i.e., cops :p)
-
jonas’
pep., but that's still a product, not a protocol, thing
-
pep.
Anyway it's definitely not bulletproof, but it didn't really hurt I think. It's not the same as DRM to me in goals. In the end surely the user also didn't have access to the message anymore, but that's a strong they can change themselves (before the expiry of the given message of course), which a view once app probably wouldn't allow?
-
pep.
jonas’: agreed. Wiring is about the same
-
pep.
Well both parties need to agree on something so yes there is protocol
-
pep.
Typically Signal allows changing the delay by all parties in the chat.
-
pep.
That's a thing* they can change themselves
-
pep.
Completion.
-
pep.
fwiw you have me doubt now about the thing being DRM. I still think I want to disagree
-
MattJ
Of course, DRM is bad
-
MattJ
But Signal is based on SGX 😄
-
jonas’
pep., as soon as it starts preventing screenshots or so, it is exactly what DRM software (think netflix) wants.
-
pep.
MattJ, :(
-
pep.
Yeah that's definitely not what I have in mind for the ephemeral thing
-
pep.
Just messaging getting out of logs at some agreed delay✎ -
pep.
Just messages getting out of logs at some agreed delay ✏
-
MattJ
C now has local options for preventing screenshots and deleting messages after a certain amount of time
-
MattJ
Seems you just want signaling for this
-
pep.
I don't want to prevent screenshots :x
-
MattJ
Do you want to prevent someone permanently storing history?
-
pep.
I want to change defaults really
-
jonas’
defaults for what?
-
pep.
I don't want defaults to be "store everything forever"
-
jonas’
I want them to be exactly that
-
jonas’
I'd be furious if I found out after a year that poezio rotated logs away
-
pep.
You'll be able to set that if you want
-
jonas’
but store everything forever has been the default forever, changing it will break expectations badly.
-
pep.
If it's provided with a UI..
-
jonas’
"first start" UI type of thing would work
-
Zash
fork, call it privacyezio, store logs on encrypted tmpfs
-
pep.
"hey you can set messages to disappear in xxx" "your contact has set messages to disappear in xxx" "no way, I don't want that" "your contact has set messages not to disappear"
-
MattJ
pep.: so product not protocol then. Slight tweak to C is all that's needed.
-
pep.
MattJ: there is protocol in what I just sent
-
jonas’
is modernxmpp about protocol or product? :)
-
pep.
Both clients need to be aware of the value set by one user
-
Zash
`<{please-delete-my-messages}after t=xs:integer/>` 🤷️
-
pep.
That
-
jonas’
put it into presence?
-
Zash
But as we all know, you can't truly know that it will be enforced
-
pep.
Zash: sure sure
-
pep.
I think it doesn't matter
-
Zash
jonas’, itym `<{disco#info}feature var='I promise I will respect your retention policy'/>`
-
pep.
Most people won't edit their client and that's fine by me
-
Zash
s/edit/install something other than your Conversations fork/
-
pep.
Whatever
-
Zash
Tho with mutual feature advertising, you could in theory at least say "this contact might keep your messages longer than expected, don't tell them your secrets"
-
Zash
EXCEPT that's dead, thanks to MAM and carbons and offline messages 🙁
-
Zash
Can't have nice things
-
pep.
The point is not to have messages on disk anymore
-
pep.
I'm not personally set on dis/allowing mam if that's set, but that's a question to be asked for sure
-
jonas’
do we need activistxmpp@?
-
pep.
Don't we have it already :)
-
jonas’
many things you describe sound terrible for the average user I know.
-
jonas’
do we?
-
pep.
It doesn't for me
-
jonas’
you're an outlier in my sample set.
-
jonas’
hence, the word average :)
-
Zash
or did you mean mean user?
-
pep.
I also have "average" users around me
-
jonas’
Zash, I even mean median user
-
Zash
don't be mean
-
Zash
😛
-
jonas’
:P
-
pep.
Who apart from nerds go check their 6-months old logs anyway.. most users don't even know they still have them
-
jonas’
not 6 months, but a few years I have seen to happen
-
jonas’
my wife is still very sad about the loss of her ICQ logs from a decade ago on a broken disk drive
-
pep.
Well if she has expectations then she could just not opt-in (or opt-out depending on the client)
-
jonas’
are we back to: 09:27:17 jonas’> "first start" UI type of thing would work
-
pep.
It could be added to a wizard but that's not how I'm seeing it
-
pep.
Also presence, I'm not sure. Values can be different per cha✎ -
pep.
Also presence, I'm not sure. Values can be different per chat ✏
-
jonas’
pep., how else?
-
jonas’
there's expectations [where you know that they might not be fulfilled] and expectations [where they seem so normal to you that you don't even consider them to not be fulfilled]
-
pep.
Not sure I understand
-
Zash
Schrödingers logs. People want them available everywhere but stored nowhere.
-
jonas’
pep., I expect poezio to store logs forever, but the thought that it might not do that by default would not have crossed my mind when I set it up.
-
jonas’
so I would never have searched for an "archive everything forever" switch
-
jonas’
and I would be very angry when I needed to look at something weeks/months/years later
-
Zash
poezio logs?
-
jonas’
(using poezio as a random exampe here; same holds for any other client)
-
Zash
As someone who rotates between clients, those logs, if they exist, are going to be useless and full of holes
-
pep.
jonas’: I wouldn't start with a value set fwiw. You'd be free to set it, or to unset it if a contact sets it in a chat
-
pep.
And you'd be advertised that it is being set of course
-
pep.
The feature would be there and available
-
pep.
I always think the biggest hurdle when trying to add a feature is nerds, really :x
-
pep.
(me included for sure)
-
jonas’
pep., you talked about changing defaults eariler✎ -
jonas’
pep., you talked about changing defaults earlier ✏
-
jonas’
that's what I was referring to
-
jonas’
I don't care about additional non-default features, go ahead
-
pep.
That would come in its time, in some circles
-
pep.
If enough people use that
-
pep.
Still I would like conversations to not default to "never" delete logs, even setting it to 6 months would be nice..