Category: XMPP.is

  • New rules for our chat services, and our efforts to moderate them

    Over the many years that we’ve operated our free and public federated chat services, XMPP.is and the Unredacted Matrix server, we’ve quickly and effectively responded to abuse reports and made great strides in clamping down on the blatant abuse of our services. This hasn’t come without a cost, as we’ve spent countless hours banning thousands of accounts and rooms involved in all sorts of nefarious behavior.

    Our moderation efforts

    While we attempt to moderate effectively, XMPP has been and is notoriously hard to develop moderation solutions for. For example, we have to perform all actions on the command-line and develop scripts that parse through the flat-file storage of our server (it doesn’t use a DB). Generally, XMPP users are much more well-behaved from our observations and lack of abuse reports. We haven’t had a huge problem with abusive users besides the occasional spammer. It’s also hard to keep tabs on statistics for XMPP moderation, so we don’t have many unfortunately.

    Matrix is a different story, with a proper database and a robust admin API – we are enabled to do much more. We’re able to look back at our stats, and see what we’ve done so far.

    We’ve compiled some information on our efforts below.

    • We have blocked over 600 rooms from external Matrix servers involved in the distribution of harmful content based on room names, descriptions and other observed patterns.
    • Locked nearly 500 user accounts which signed up to our Matrix server and engaged in nefarious behavior.
    • Installed the Draupnir moderation bot, which will enable us to properly moderate our rooms and protect against various spam attacks.
    • Began the exploration of new moderation solutions which allow us to automate parts of our work.

    New rules

    Although Unredacted advocates for free speech, objectively harmful or even dubiously harmful content that harms humans or animals is not welcome. It potentially jeopardizes the good natured people using our servers as a haven from the dragnet surveillance from governments and that which is employed by many of the corporate world’s unencrypted and insecure chat services.

    We spent a very long time thinking about what is fair, and attempting to not be too rigid at the same time. A part of this process was asking our community for feedback as well. We felt that we’ve come up with the right set of rules, and it’s time to implement them. Our goal here is to create communities that are as safe as possible, and without having to moderate each user and room closely. As such, users and rooms created on our chat services must comply with the following rules.

    Chat Service Rules

    • Illegal or objectively harmful content is not allowed.
      • No CSAM (including real/fictional/illustrations/AI/3D), threats of violence, or content that harms humans or animals.
    • Violence, gore, or disturbing imagery is not allowed.
      • No media, discussions or rooms that glorify violence, gore, abuse, or any extreme content that harms humans or animals.
      • No promoting, glorifying, encouraging, or normalizing behaviors, ideologies, or practices that are harmful, abusive, or illegal to humans or animals.
    • Don’t be a jerk in official Unredacted rooms and discussions.
      • This means no excessive trolling or lack of general civility.
    • NSFW themes are not allowed in Official Rooms.
      • No adult content which includes no clearly NSFW media, discussions, or profile pictures in official Unredacted rooms.
    • NSFW rooms have rules.
      • NSFW rooms on Unredacted server must comply to these rules. These rooms must:
        • Be and remain unpublished from the server’s room directory.
        • Room Owners are required to join the “Unredacted Room Owners” room. (Request an invite from a server admin or mod).
        • Moderate their rooms and ensure a zero tolerance rule for illegal content.
        • Report illegal content in the “Unredacted Room Owners” room or contact a server admin directly.

    Illegal acts and content will lead to an instant ban. Otherwise, we will issue you a warning if you are breaking any of the rules. If you continue to break the rules you will be banned.

    Our thought process

    As there will be some that disagree with our new rules and decision to implement them, we want to explain ourselves and our thought process going into this. We don’t intend to force a version of religious morality. We intend to be fair and just in our decisions, and want to promote peace.

    Part of our mission is to “operate with transparency, morality and empathy with the purpose of benefiting all living beings.” There is a lot of content on the Internet that is not in line with those values, and frankly; we want to keep it off our services (as we have always done in a legal context). Content which harms humans or animals is simply objectively abhorrent. It doesn’t promote goodness or civility. It actively subverts all of what we stand for.

    What’s next?

    As of the posting of this blog, the rules will have gone into effect. Over time, we will slowly reach out to users and room owners which violate these new rules (which are not illegal). Depending on the severity of the violations we will generally give existing room owners a grace period before removing their rooms. Any new rooms which violate these rules will be removed at our discretion.

    If you have any questions, please contact us.

  • What we’re doing in response to the jabber.ru MITM attack

    As you may have heard, jabber.ru, a popular XMPP service discovered a sophisticated MITM attack against their service that may have lasted for up to 6 months. They published a great blog post, going over all the details of the attack and measures to prevent this sort of attack from happening on other services.

    From reading the post, it was apparent that the same attack could also happen on XMPP.is, and potentially other Unredacted services. We’ve confirmed in multiple ways that this attack is not currently happening on XMPP.is infrastructure. However, it’s important for us to take precautions and be alerted to this sort of attack if it were to happen in the future.

    What we’ve done

    • We have utilized CertWatch, a service by xmpp.net to alert us to the potential fact that there is an ongoing MITM attack against our XMPP service. At the time of this post, there is no ongoing MITM attack according to their service.
    What it looks like if no MITM is active when manually checking CertWatch
    • To subscribe to CertWatch alerts for XMPP.is, you can open either link in your XMPP client:
    • We have verified that our XMPP.is certificate fingerprint transparency automation is working as intended.
      • If you wish to manually check that the certificate presented to your XMPP client is valid, we have a script that has been running for many years that outputs the fingerprints from newly issued certificates. The output can be found here and is automatically updated.
    A screenshot of the current fingerprints as of this blog post
    • We have signed up for Cloudflare’s Certificate Transparency Monitoring on all important domains, so that admins can be notified when new certificates get issued for Unredacted services. This allows us to have 2 sources in which we could be notified of a potential MITM attack.
    • We have double checked and ensured that we utilize CAA records across all domains.

    What we will explore

    • We are considering automating the monitoring of default gateway MAC address changes across our dedicated hardware infrastructure. We already ingest metrics via Prometheus node_exporter that allow us to track this historically.
    • We are planning on setting up Cert Spotter, and monitoring all important domains so that we can be notified of certificate changes when they happen.
    • We plan to ensure that all existing XEPs that are mentioned in this blog post (which are supported by Prosody) get implemented on XMPP.is. This will help support channel binding and other existing SASL issues.

    Our final thoughts

    It is concerning that any attack like this can go unnoticed, and it’s unfortunately something that’s easy to miss. People think as valid certificates as automatically trustworthy. However, in cases where someone has access to your physical infrastructure a lot of things are possible, including what happened with jabber.ru (issuing Let’s Encrypt certificates from their DNS A/AAAA record IP). It’s also equally worrying that there are many certificate authority failures. When they are the root of trust, and they are not trustworthy it creates the potential for many problems with TLS on the internet.

Donate