Feature request: log ip + username when they join a room

[ian-kelling]

I'd like to be able to block a user on the firewall level if needed.

[ian-kelling]

Additional note: in other applications ip logs, user agent strings are often logged and that would be nice to see too.

[jech]

I have very mixed feelings about this feature request.

On the one hand, Galene tries really hard to preserve the users' privacy. In particular, we try to avoid logging the users' IP addresses (we sometimes do, as part of error messages, but I consider this as a bug), and we don't expose IP addresses in the debugging interface. Our users' social graph is none of the administrator's business, and I think that the administrator should not be able to find out who has been communicating with whom.

For example, it should be reasonably safe to use your employer's instance of Galene to have a chat with your trade union representative as long as the server has not been modified.

What is more, it is my understanding that the main goal is to be able to ban a user at the network layer. However, banning IP addresses is a blunt tool, and in the presence of CGNAT a single IP address can cover hundreds or thousands of users.

On the other hand, I understand that some people feel nervous about using Galene for public conferences without this feature, so we need to find some compromise between the need for privacy and the (perhaps misguided) desires of some network administrators. I'm still thinking about it, but a possible solution is a command /identify that gives out the IP address of a connected user without logging it persistently.

Opinions on the subject would be welcome.

[ian-kelling]

I think you are misunderstanding the issue completely.

You install Galene, post it to the internet, no passwords, anyone can join. Someone shows up anonymously, and ruins it with spam or whatever else. What do you do using free software? There are 2 options: #1 generally abandon anonymous chat entirely by asking everyone to identify themselves in some way, and then hand out user names and passwords. #2 ban the offender using the information they gave you: their ip address and user agent. Every web server logs ip addresses and user agents, trying to keep this out is misguided.

[ian-kelling]

Sorry, I get that ip logging can be privacy decreasing in some situations, but in the most common use case, as I stated above, it enables privacy preservation. The /identify idea is a good way to minimize this. You could ever limit that to the admin user. In any case, the server admin can put web server in front of Galene and then analyze traffic in order to log usernames without ever modifying Galene.

[jech]

Here's a prototype: https://github.com/jech/galene/tree/spy-on-users

It adds a command /identify and an entry to the context menu of a user. The command is limited to the group op, and it sends a warning to the user being spied upon.

I've based it on Galene 0.8.2 for your convenience, but it's not going into 0.8, if it goes in it will be in 0.9.

[TechnologyClassroom]

This is great! I really like the piece where the user is notified. That is a nice touch.

[TechnologyClassroom]

I tested this branch with identify and it works as expected. Thank you!

[jech]

Merged in a76f225.