Post Atb1jMfMCmU7yzB5LU by hpk@chaos.social
(DIR) More posts by hpk@chaos.social
(DIR) Post #AtaqiNxenzSuDL4HPU by feld@friedcheese.us
2025-04-29T19:39:35.073739Z
1 likes, 1 repeats
TAKE IT DOWN bill passed the Senate and mandates encryption backdoors so they can spy on minors, but they continue to exclude email from the scopeedit: ahh i am confusing various bills, this one is about deefake/porn/revenge porn and platforms have to be able to take it down when requested, but this is... impossible for a secure messaging platform. So it would require a backdoor to do it. We'll see what happens.The did carve out "electronic mail" as exempt though
(DIR) Post #AtaqiPE06i8I8JiqWW by sun@shitposter.world
2025-04-29T19:42:12.458475Z
3 likes, 1 repeats
@feld isn't all app e2ee basically fake anyway,
(DIR) Post #AtaqiQCGUeL39DuySO by feld@friedcheese.us
2025-04-29T19:42:46.352513Z
2 likes, 0 repeats
@sun e2ee only promises what goes over the network
(DIR) Post #AtaqiRBwnJg8EWmEbI by sun@shitposter.world
2025-04-29T19:45:10.728933Z
4 likes, 1 repeats
@feld right I mean you can't really trust anything where the same entity controls both the channel and the app
(DIR) Post #AtaqiSRw7M3w8PGWA4 by feld@friedcheese.us
2025-04-29T19:41:49.676051Z
2 likes, 1 repeats
oh god it passed the House today tooTrump's gonna sign thishttps://www.commerce.senate.gov/2025/4/take-it-down-act-passes-the-house-heads-to-president-trump-s-desk
(DIR) Post #AtaqjFwS6gaTdEv51s by lain@lain.com
2025-04-29T19:44:30.640193Z
3 likes, 1 repeats
@feld time to get out the old RSA t-shirts again
(DIR) Post #AtaqqKZxGSRC2aloPY by sun@shitposter.world
2025-04-29T19:43:23.663391Z
1 likes, 1 repeats
@feld the bill is so confusing. why not just say don't offer it at all to minors
(DIR) Post #AtaqqPsZYfIiTmWFcm by sun@shitposter.world
2025-04-29T19:43:40.073329Z
1 likes, 1 repeats
@feld basically anything this badly written should be opposed
(DIR) Post #Atar3ChJsUUDMWLxgG by feld@friedcheese.us
2025-04-29T19:51:40.073757Z
2 likes, 0 repeats
@sun oh yeah they could absolutely target people implant surveillance code to target someone, etc etc.
(DIR) Post #Atar5rbKlqjqnjp0l6 by pernia@cum.salon
2025-04-29T19:45:39.329998Z
1 likes, 1 repeats
@feld lol, lmao
(DIR) Post #AtarB42PxTjIoyyBg8 by meowski@fluf.club
2025-04-29T19:53:46.479376Z
0 likes, 2 repeats
@feld there's nothing in here about mandating encryption back doors, from my skimming of the bill. https://www.commerce.senate.gov/services/files/A42A827D-03B5-4377-9863-3B1263A7E3B2what is crazy though is that it exempts law enforcement and intelligence agencies who publish revenge porn of minors
(DIR) Post #AtaraTxciQKISUqc0e by mangeurdenuage@shitposter.world
2025-04-29T19:58:23.932110Z
1 likes, 1 repeats
@sun @feld If only people knew how bad things are...
(DIR) Post #AtasLGPYuRnu2wDsB6 by adiz@mtl.jinxian.casa
2025-04-29T20:06:41.232471Z
0 likes, 0 repeats
@sun @feld All immoral laws should be opposed and ignored. Most of these bills will only ever affect large, centralized networks anyway. It's not going to change my XMPP service being encrypted in transit, or locally encrypted, or users encrypting chats with OMEMO, etc.. It's not going to affect this Fediverse instance, or our email, or cloud storage. ---We self host all of this on our own hardware, and we will never abide by legislation like this, ever.
(DIR) Post #AtauGT0yp2k9b0Z6US by feld@friedcheese.us
2025-04-29T20:20:34.408265Z
1 likes, 0 repeats
@adiz @sun the FBI has seized servers on the fediverse before. Self-hosting is not an escape hatch from the lawWhat you're saying is exactly how you get a no-knock warrant at 3am and get killed by copsBut also just use DeltaChat not XMPP because it is excluded from this law as it routes encrypted messages over email :)
(DIR) Post #AtauGTntt9sK2jSAk4 by adiz@mtl.jinxian.casa
2025-04-29T20:28:20.942488Z
0 likes, 0 repeats
@feld DeltaChat sucks. Used both. XMPP is far superior.I don't care about no-knock raids. We aren't going to abide by legislation or laws we disagree with. If they want to confiscate our hardware, so be it. We're a small community and we support the formation and endurance of other small communities---greater and greater decentralization, ever more intimate networks. @sun
(DIR) Post #AtauIUCfNHMdrRzhYm by sun@shitposter.world
2025-04-29T20:28:45.255283Z
0 likes, 1 repeats
@adiz @feld I'm liking it better personally but to each their own
(DIR) Post #Atav94Aatek2T464vo by wowaname@freesoftwareextremist.com
2025-04-29T20:35:38.358518Z
0 likes, 0 repeats
@sun @feld @adiz i prefer xmpp but i'm open to using both if i need to
(DIR) Post #Atav95PsGKYgKkFnO4 by adiz@mtl.jinxian.casa
2025-04-29T20:38:12.601934Z
0 likes, 0 repeats
@wowaname The claims of DeltaChat being functional with just your email are kinda not-true because to be really usable (sanely) and anywhere near as performant as XMPP you ought have a distinct email address solely for use over DeltaChat (or otherwise ruin your email experience) + you need to host a specific email server stack tuned to maximizing DeltaChat functionality. In which case you could just setup an XMPP service and get better performance and more functionality in every metric. @feld @sun
(DIR) Post #AtavDEJj6xLV66M0zA by sun@shitposter.world
2025-04-29T20:39:00.554804Z
0 likes, 1 repeats
@adiz @wowaname @feld I am currently avoiding configuring my mail server to work for both delta chat and regular mail
(DIR) Post #AtawNKZumsI5MkJ3oG by wowaname@freesoftwareextremist.com
2025-04-29T20:43:43.986161Z
0 likes, 0 repeats
@adiz @feld @sun >+ you need to host a specific email server stack tuned to maximizing DeltaChat functionality.i never heard this shit
(DIR) Post #AtawNLKhytilhsCQkK by adiz@mtl.jinxian.casa
2025-04-29T20:51:59.377071Z
0 likes, 0 repeats
@wowaname You don't need to host a specific email stack, but it's recommended if you want real performance out of DeltaChat. Otherwise you're going to experience measurable latency. And, still lack a lot of features possible with XMPP. DeltaChat is a "neat idea", but SMTP isn't purpose designed to be an instant messenger and even XMPP has been suggested as a superior alternative for email than SMTP. @feld @sun
(DIR) Post #AtaxI6WlhTIQIJuFbU by phnt@fluffytail.org
2025-04-29T21:02:16.700967Z
1 likes, 1 repeats
@feld @adiz @sun >Self-hosting is not an escape hatch from the lawI'll also add that self-hosting your own services for yourself is an instant self-dox to the government. You can't have true anonymity if you host anything yourself on the clearnet.>XMPP service being encrypted in transit, or locally encrypted, or users encrypting chats with OMEMOhttps://notes.valdikss.org.ru/jabber.ru-mitm/
(DIR) Post #AtaxbxFzsSJrKmWjrs by feld@friedcheese.us
2025-04-29T20:59:30.857417Z
0 likes, 0 repeats
@adiz @wowaname @sun what performance do you think XMPP has that SMTP does not?Click the link in my bio to setup an account and message me. The messages are deliverered in less than 1 second, and since the default server is actually in the EU if you sign up specifically on my server (chat.feld.me) and are in the USA you can get your messages delivered in less than 200ms
(DIR) Post #AtaxbxoNobpD3QcCSu by adiz@mtl.jinxian.casa
2025-04-29T21:05:51.719978Z
0 likes, 0 repeats
@feld We have an XMPP server and an email server. I've tried both services. XMPP is markedly more performant than Delta Chat (our XMPP server vs. Delta Chat using my email address on our email server). I'm aware that "best practice" for Delta Chat is a specific Delta Chat account + an email server stack tuned for Delta Chat (which ours is not). @wowaname @sun
(DIR) Post #Atay3Ku44LhIUTKCQK by PurpCat@clubcyberia.co
2025-04-29T21:10:46.897897Z
1 likes, 1 repeats
@adiz @feld @sun
(DIR) Post #AtayMqoDfVyywjtcIq by PurpCat@clubcyberia.co
2025-04-29T21:14:18.456017Z
1 likes, 1 repeats
@adiz @wowaname @feld @sun remember this is all because we couldn't teach normies not to take dick pictures and send them to other normies
(DIR) Post #AtaySWkVAEA2T8rcNU by wowaname@freesoftwareextremist.com
2025-04-29T20:43:05.544474Z
0 likes, 0 repeats
@sun @feld @adiz configuring? it's one sieve filter to reroute username+dc@example.net to a separate folder. that's pretty much what i was gonna do
(DIR) Post #AtaySY2GNfxkSWBJhY by feld@friedcheese.us
2025-04-29T21:05:38.172530Z
0 likes, 0 repeats
@wowaname @adiz @sun a Chatmail server has a very specific configuration:- message bodyparts are deduplicated so a 1MB attachment sent to 100 people on the same server only takes 1MB of space- incoming messages to users pass get checked by a service that will trigger an APNS/FCM push notification to devices- TLS 1.3 is enforced for clients, TLS 1.2 is enforced for federation- automatic deletion of messages server-side when using multiple devices for an account (server has to expire them after a configurable time period or not all devices are guaranteed to receive the message from IMAP)- blocks all emails that are not encrypted to guarantee nothing plaintext enters or leaves the server- zero spam filtering as it's not needed and kills performance
(DIR) Post #AtaySZ5qRqQDjurgvI by sun@shitposter.world
2025-04-29T21:15:21.260843Z
0 likes, 1 repeats
@feld @wowaname @adiz I think we went through this and I forgot. I won't host my own if I can't share it with email. what a pain.
(DIR) Post #Atayb9jc6GL1hJYxlo by feld@friedcheese.us
2025-04-29T21:16:17.134956Z
0 likes, 0 repeats
@sun @wowaname @adiz it's like $6/month to have a VPS somewhere that runs your own Chatmail server :shrug:
(DIR) Post #AtaybAwPcAAbRIYhMG by sun@shitposter.world
2025-04-29T21:16:55.731482Z
0 likes, 1 repeats
@feld @wowaname @adiz things that need their own server start adding up
(DIR) Post #AtayiV9YrgRm9YCbsu by feld@friedcheese.us
2025-04-29T21:17:39.881917Z
0 likes, 0 repeats
@sun @wowaname @adiz self-hosting will have less of a use case with multi-transport anyway. If you do run a public Chatmail server it will basically be a public service for the overall network.
(DIR) Post #AtayiVsEBcAyO56HVQ by sun@shitposter.world
2025-04-29T21:18:15.337904Z
1 likes, 1 repeats
@feld @wowaname @adiz I'll use yours forever if you don't care I guess. I trust you, I just feel weird not hosting it myself
(DIR) Post #AtaymUpxyw88KawSm0 by adiz@mtl.jinxian.casa
2025-04-29T21:18:58.210493Z
1 likes, 0 repeats
@sun That's what I'm saying. DeltaChat will disingenuously advertise you can "just use your pre-existing email address" and immediately start chatting with anyone else using their email address too. Which, is technically true---you can technically so that. But, it sucks. And for DeltaChat to really function the "best practices" are a specially tuned email stack/server + a native, distinct DeltaChat "email address" for utilization with it. Which, again, at that point, you could just be using XMPP (or, anything else). @wowaname @feld
(DIR) Post #Ataz5sqCxaWyHQId1s by adiz@mtl.jinxian.casa
2025-04-29T21:22:28.131207Z
0 likes, 0 repeats
@phnt We have a C-corp that owns hardware in a colocation center. And, therein, my personal organization utilizes space on it for VMs for hosting. So, still, identity somewhat obfuscated.And this XMPP man-in-the-middle attack sounds like it could have affected almost any service as it was contingent on bunk certificates. Still shouldn't have affected encrypted messages, just unencrypted messages in transit. @feld @sun
(DIR) Post #AtazCXcKGhp8TxysEK by feld@friedcheese.us
2025-04-29T21:21:10.360599Z
0 likes, 0 repeats
@adiz @wowaname @sun except XMPP can more easily be blocked by a government.The only use case for "classic" email support is for people under an opressive government to be able to exfiltrate information securely, whistleblowers, etc. It doesn't *need* to be instant-messaging-performant for that use case.This is how it's being successfully used today in Cuba, China, Iran, Russia... e.g., the Kremlin can't block Yandex, so if you want to exfiltrate data out of Russia use a Yandex address. Works great.
(DIR) Post #AtazCZ0T6QjIn8HfV2 by adiz@mtl.jinxian.casa
2025-04-29T21:23:39.589058Z
1 likes, 0 repeats
@feld XMPP isn't blocked in China. @wowaname @sun
(DIR) Post #Atb021xzBpmRNUfF9U by phnt@fluffytail.org
2025-04-29T21:32:59.880590Z
0 likes, 1 repeats
@adiz @feld @sun >And this XMPP man-in-the-middle attack sounds like it could have affected almost any service as it was contingent on bunk certificates. Still shouldn't have affected encrypted messages, just unencrypted messages in transit. It won't affect the content of encrypted messages, but in the context of the bill being introduced, it will affect your services unlike you said. It's just another tool in their toolbox for intercepting, analyzing data. Also in the case of XMPP, I think you could possibly inject new OMEMO signatures into the conversations, but I'm not sure about that.
(DIR) Post #Atb1jMfMCmU7yzB5LU by hpk@chaos.social
2025-04-29T21:35:35Z
0 likes, 0 repeats
@feld really a bit weird that no one talks about it? Can't claim to fully understand the take it down act but it sounds like potentially having far reaching implications.
(DIR) Post #Atb1jNUP8zJmXJ3que by feld@friedcheese.us
2025-04-29T21:49:23.793967Z
1 likes, 0 repeats
@hpk EFF says:> This definition leaves much room for interpretation, and nudity or graphic displays are not necessarily required.So it will be abused because it's overly broad. Trump already said he wants to use it to silence critics who say things about him he doesn't like
(DIR) Post #Atb4E6rTDSlFqodECu by feld@friedcheese.us
2025-04-29T21:27:38.708221Z
0 likes, 0 repeats
@adiz @wowaname @sun China is not sleeping on XMPPhttps://monal-im.org/post/00010-ios-banned/
(DIR) Post #Atb4E7gAAzJKO2LiDo by adiz@mtl.jinxian.casa
2025-04-29T22:19:56.700044Z
0 likes, 0 repeats
@feld I regularly use XMPP inside of China without issue. And, China is already planning to reopen some of their internet from behind the "great firewall". Shanghai is slated to be a test city for Internet liberalization this year if I remember correctly. @wowaname @sun
(DIR) Post #Atb4i1bJL72mDsL13g by adiz@mtl.jinxian.casa
2025-04-29T22:25:23.773799Z
0 likes, 0 repeats
@phnt It's always going to be a cat and mouse game, is all. Doesn't mean one should ever stop trying to avoid the cat, metaphorically speaking. There will be methods to encrypt, methods to bypass that encryption, and methods to circumvent those bypasses, etc. et al.. I don't really see utility in even discussing these things knowing that. As long as there is refusal to concede or abide there will be developed methods to remain private and secure. @feld @sun
(DIR) Post #AtbANcJeEoV1jijDUG by feld@friedcheese.us
2025-04-29T21:23:50.945787Z
0 likes, 0 repeats
@adiz @phnt @sun > identity somewhat obfuscatedFYI anonymous LLCs exist, but are getting harder to access as few states still have them. But still. And I mean truly anonymous -- not even the gov knows the identity of who owns the LLC.
(DIR) Post #AtbANd7zDelWFqHPwu by sun@shitposter.world
2025-04-29T23:28:56.888037Z
0 likes, 1 repeats
@feld @phnt @adiz I heard Trump made them fully legal again somehow but I don't know the details
(DIR) Post #AtbAea6DjSq3miXLc0 by adiz@mtl.jinxian.casa
2025-04-29T23:31:48.637930Z
0 likes, 0 repeats
@sun He also promised tax breaks for middle class/blue collar workers and no tax on tips + overtime but none of that has materialized. The dude is a liar and a charlatan. @phnt @feld
(DIR) Post #AtbAhooRU934HmlUJ6 by sun@shitposter.world
2025-04-29T23:32:36.719601Z
0 likes, 1 repeats
@adiz @phnt @feld I heard he actually did this one but of course this benefits rich people
(DIR) Post #AtbDr6RjanFJRdGJvM by zaitcev@shitposter.world
2025-04-30T00:07:54.988548Z
2 likes, 2 repeats
@sun @feld @adiz @phnt My accountant says that the FinCen reporting of beneficial owners is required, even if the state allows anonymity. New for 2024.
(DIR) Post #AtbF26XZgNBgsOntOS by feld@friedcheese.us
2025-04-30T00:14:11.515870Z
1 likes, 1 repeats
@zaitcev @sun @adiz @phnt ALERT [Updated March 26, 2025]: All entities created in the United States — including those previously known as “domestic reporting companies” — and their beneficial owners are now exempt from the requirement to report beneficial ownership information (BOI) to FinCEN. Existing foreign companies that must report their beneficial ownership information have at least an additional 30 days from March 26, 2025—until April 25, 2025, for most companies—to do so. For more information, see press release and alert.https://www.fincen.gov/boi
(DIR) Post #AtbF27T0Er7nkVfkuG by adiz@mtl.jinxian.casa
2025-04-30T00:21:03.402257Z
0 likes, 0 repeats
@feld So we don't need to report anything identifying anymore? @phnt @sun @zaitcev