From de3c6fad73421df5acedb8fc84d0939acbcde728 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Thu, 14 Apr 2022 12:07:36 +0200 Subject: [PATCH] threat-model: update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maxime “pep” Buquet --- content/posts/thread-model.en.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/content/posts/thread-model.en.md b/content/posts/thread-model.en.md index 38974e9..982897b 100644 --- a/content/posts/thread-model.en.md +++ b/content/posts/thread-model.en.md @@ -109,9 +109,9 @@ isn't very much used. Even though it may also be the case for Dino.. Currently in server logs, a few things can be used to identify a client, such as the resource string set by the client to something similar to -`clientname.random`, or the `disco#info` which lists capabilities of a client. -Both are actually stored on the server for possibly good reasons, but that's -always more information to identity somebody. +`clientname.randombits`, or the `disco#info` which lists capabilities of a +client. Both are actually stored on the server for possibly good reasons, but +that's always more information to identity somebody. [Conversations]: https://conversations.im [Dino]: https://dino.im @@ -159,12 +159,14 @@ Interactions with OMEMO between non-contacts is a mess. Some servers have the [`mod_block_strangers`] module deployed as an anti-spam measure: when a user from such a server joins a private room, non-contacts will be prevented from fetching their keys. Dino creates the OMEMO node as [only accessible by -contacts][dino-omemo] (to prevent deanonymization in some types of MUCs). And -Conversations [doesn't allow sending encrypted messages][conversations-omemo] -if it doesn't have keys of all participants in a private room. +contacts][dino-omemo] (to prevent deanonymization [in some Prosody +MUCs][prosody-pep]). And Conversations [doesn't allow sending encrypted +messages][conversations-omemo] if it doesn't have keys of all participants in +a private room. [`mod_block_strangers`]: https://modules.prosody.im/mod_block_strangers.html [dino-omemo]: https://github.com/dino/dino/issues/1139 +[prosody-pep]: https://issues.prosody.im/1441 [conversations-omemo]: https://github.com/iNPUTmice/Conversations/issues/3081 I am not even talking about OMEMO implementations (using [OMEMO