@eyedeekay
&zzz
+FreefallHeavens
+R4SAS
+RN_
+Romster
+StormyCloud
+T3s|4
+cims
+eche|off
+hagen
+mareki2p
+mesh
+nilbog
+nyaa2pguy
+orignal
+postman
+red
+snex
+synergy3582
+wodencafe
Arch
Danny
Irc2PGuest28384
Irc2PGuest41436
NiceBoat_
Onn4l7h
Onn4|7h
Over1
Sleepy
T3s|4_
U1F642
Watson
Wikk_0
Zapek
aargh4
ac9f
acetone_
ahiru
ananas______
anontor
calamares
dr4wd3
duanin2
eyedeekay_
eyedeekay_bnc
ice_juice
leopold_
mahlay
makoto
marek
marek22k
n2
not_bob_afk2
onon_
orneodes
poriori
profetikla
qend-irc2p_
r00tobo
rapidash
sahil
test3847473
thetia
uop23ip
vivid_reader56
x74a6
zelgomer
eyedeekay
Thank you zzz. I'll be ready to go in the morning
eyedeekay
zzz I have the files up on the mirror if you want to grab i2pupdate.su3 whenever you're ready
zzz
ooh, moving fast this morning
eyedeekay
Oh yeah I was up at around 6 today which is pretty unusual for me, and things are going pretty smoothly this time
zzz
ok I got it, I'm ready
zzz
don't know if I said it, but for launchpad/deb, it's the same as last time, one build, jammy for everything
eyedeekay
Cool I'm just getting the news signed and uploaded but it should just be a few minutes
eyedeekay
Don't know if you said either but thanks for reminding me
zzz
did not succeed in getting debian to fix things up in time for ubuntu to get it
zzz
also I did finally get the 2.11.1 android
eyedeekay
Yeah we put up a special privacy policy just for Android and Google let it through. Google's moving goalposts pretty fast but we're good for now
zzz
is that something all devs have to follow? if so please point me to it
zzz
I trust you haven't committed us to something onerous, but we should take a look
eyedeekay
You have to have a privacy policy if you have certain permissions on the device: support.google.com/googleplay/android-developer/answer/9859455?hl=en#privacy_policy
zzz
so where is that policy?
zzz
you said you "put it up"
eyedeekay
It's more-or-less a list of things we never did in the first place
zzz
ok, seems benign, but when you're committing our organization to a certain policy, please run it by us next time
eyedeekay
Ack will do, sorry I didn't run it past the room here first
zzz
no big deal, you gotta do what google says
zzz
the source link on that page is to i2p.i2p only, you should add a link to i2p.android.base which is actually the "app source code"
eyedeekay
Oh right yes I'll get that when I push all these blog posts
zzz
I see there's also a "main" privacy policy linked there that I also didn't know about
zzz
what was the impetus for that one?
eyedeekay
Yeah that's a website-specific privacy policy, specific to the data from i2p.net/geti2p.net, I don't recall the specific reason for that one, we should ask StormyCloud
zzz
hmm. yeah it seems to be about website and mailing list mostly
zzz
but binding on I2P the organization
zzz
but without any push from google, so not sure who we're trying to satisfy
zzz
so same thing for StormyCloud, let's not commit the i2p organization to policies without discussion
zzz
it's all pretty harmless, but people should know what the policies are
eyedeekay
Understood. Hopefully that's the last of it but if it happens we need to add a document like that again in the future we'll bring it here
StormyCloud
rgr, no impetus just boiler plate policy to cover our behind just in case.
zzz
idk/SC since these are the policies they should be linked from the developer guidelines page, or new developers guide or both
zzz
I'll also ask if the main policy i2p.net/en/privacy is really true. Do we really not have clearnet server logs with IPs etc. on ANY server? Or does it only apply to "our website" meaning i2p.net only?
StormyCloud
rgr, got a few appts today but Ill add them. Is there any specific spot on those pages you want them?
StormyCloud
Policy is true, no IPs are being captured both on clearnet and in-net
zzz
yeah I guess it does only apply to the "website", not to the dozen other things we run
zzz
but you can see how a goal of "cover our behind" could actually become the opposite if we're vague or over-promising
zzz
eyedeekay, our d/l page shows android version 2.10.1, maybe a typo or maybe old?
eyedeekay
Could be either, I'll sync it up today regardless
zzz
StormyCloud, files.i2p.net returns a json error for directories, unlike files.i2p-projekt.de, why can't it be browsed? scrapers?
zzz
and is there IP logging on those sites?
eyedeekay
the only thing files.i2p-projekt.de is logging is the URL of the downloaded file
zzz
seems like files.i2p.net is a different server though with the json stuff
zzz
strange
eyedeekay
Yeah files.i2p.net is StormyCloud's and files.i2p-projekt.de is echelons, content is identical but config is different
zzz
what about the reseed servers operated by you and StormyCloud and echelon? are those official enough that they would fall under the Android privacy policy?
StormyCloud
I can take a look at directory browsing I’ve always just gone directly to the file download. I’m getting ready to run into an appt I can check afterwards
eyedeekay
I don't think so, the policy is pretty android-app focused, my reseed is configured to delete logs nightly
zzz
maybe
zzz
it could be interpreted as a "transmit" of "usage analytics or telemetry", at least for first install
zzz
the android policy doesn't _quite_ say we don't collect IPs, which the website policy does say
nyaa2pguy
random question about reseeds: does java support ECH for connecting to reseeds via tls? or not tested
zzz
but further down it says "we do not collect __any__ information"
StormyCloud
Just an update looks like monero is funding that ccs I2P project out of bounty funds
zzz
nyaa2pguy, if it does, it would be a recent java version. no idea
zzz
java usually runs way behind everybody else on TLS stuff
nyaa2pguy
ahh right
zzz
interesting StormyCloud, is that right synergy3582 ?
StormyCloud
Plowof posted an update bounties.monero.social/posts/32/140-219m-i2p-baked-into-the-monero-gui
eyedeekay
Yeah I saw that too, good because that bounty was extremely ill-conceived without the foundational work of implementing SAMv3 in place
zzz
sorry synergy3582 got my nicks confused. the monero guy was jg something
zzz
StormyCloud, whats your interpretation of the android privacy policy, does your reseed comply?
StormyCloud
I’ll review policy when I get home but none of our server keep logs so we should be good
zzz
but reseed is its own server with its own config
zzz
eyedeekay says his is "configured to delete logs nightly" which is debatable if that is compliant. Don't know what the default logging is for the reseed software
eyedeekay
I'll go over the logs in the reseed software in general soon to make sure it doesn't log any PII unless logging is set to DEBUG
eyedeekay
I am 90% sure that job is already done but I'll get to 100% after the release
StormyCloud
All logging is set to go to /dev/null but in any event we still have a script that purges all logs every 15mins for anything stubborn. This is our standard config on all of our servers
zzz
ok, so we do think that logging IPs and deleting nightly could violate that policy
StormyCloud
I’ll read the policy more in depth when I get a chance and report back.
zzz
ok
eyedeekay
Just had a look at *what* exactly I am deleting nightly, there are no IPs in it, there are target URLs and user-agent string
zzz
ok. "main" policy says "browser type or version" but the android one doesnt
zzz
but since the android policy flatly says "we do not collect any information", user-agent probably is information
eyedeekay
Yeah. Short term I can delete more frequently, long-term I'll move that to debug loglevel
zzz
ok you and stormy figure it out, you wrote the policy and the reseed software so make them consistent
IRCaBot
New messages won't show without JavaScript.
My JS code is small and simple. Check it at /realtimechat.js and come back with enabled!
My JS code is small and simple. Check it at /realtimechat.js and come back with enabled!