Mac beta 4

There is another new beta for the Mac client. I’ve made a few UI fixes and adjustments to MAM. Generally, I think the MAM code is working well enough that I will push this client out to production with some more UI fixes.  You will probably see me working on Mac UI issues on GitHub for a little bit.

Regarding iOS. I am still unhappy with the push server. At the moment it is not properly throttling pushes and I see far more pushes coming for a single message  than there should be. There are also issues with the XMPP spec (XEP) that I am unhappy about. In particular, I feel pushes should only happen for messages and voip calls and nothing else.  It appears to be happening for far more than that.  Due to the way that push is designed for user privacy, I don’t see what content is triggering a push. It is entirely dependent on individual servers.

GDPR: Removing Monal from the EU

As many people know the EU’s GDPR regulations come into effect on May 25th. While Monal is privacy focused, it is also free, open source and run by a single person — me.  I simply do not have the resources or the time to jump through the regulatory hoops required by the EU.  While I do not live in the EU, I frequent Europe and do not want to get into legal trouble on vacation.  As GDPR approaches, I get the impression that it is an end of an era for the internet. The days of someone making something, putting it on the internet and offering it to the world seem to be over.  EU users can always download the source on GitHub and compile the iOS app but they will be blocked from using push when I deploy it.

The problems below are likely not unique to me and there are many other issues. Other open source projects may want to consider their fate under GDPR as well.

Data Protection Officer

I do not have the resources to hire a Data Protection Officer (DPO) or EU Representative as required by GDPR.  I do not have designated EU contacts.

Crashes

Tracking crashes with Crashlytics introduces new issues because it is posted to Fabric from a user’s device,  IP addresses are in the logs this is  personally identifiable information  (PII).  Crashlytics  is GDPR compliant but the burden is on me to show  regulators that I am compliant points back to the need for DPO.

Push

Even though no message traffic passes through Monal’s sever, registering for a push does make an HTTP call which logs a user’s IP and this  requires GDPR compliance.  APNS push tokens are associated with devices which can be traced back to a user if combined with info on the originating XMPP server. Obviously, this is needed for a notification to be delivered to the right person. However,the fact that it can be combined to identify a person makes it PII. I believe in privacy but I do not have the resources to meet the letter of the law for compliance especially with respect to retention and processing these tokens.

XMPP Federation in General

Honestly, I do not know if XMPP federation is legal anymore in the EU with GDPR.  EU user data is sent out of Europe constantly.  GDPR is written such that a user cannot agree to a user agreement that gives up GDPR requirements it’s not a matter of saying you agree to X by using this service. GDPR compliance is something the XSF is talking about right now.

 

 

New Mac beta

There is a new Mac beta. I have updated the Message Archive Management to 2 from 0.  I am trying something new here. In theory, when you enter a conversation it should synch all the messages from the last message. Let me know if it works for you.

iOS Betas

It has been a long time since I have posted about this, but there is an active iOS beta program for Monal 3.  This is a far more advanced client than the one currently in the App Store.  If you are interested in trying it out, send your apple id to info@monal.im.

New Betas

There should be a new beta going out to iOS users right now and the same code in a new Mac beta (v 2.1) available for download on the left.  There are a bunch of performance improvements under the hood but the most notable thing for most users will be that the real names (instead of jid) will show up on the contact list if it is available.