nickvergessen
commented
3 years ago There is an option to make the conversation read-only. It will also prevent people to delete messages, so that should be what you are looking for?
Open kimcdow opened 3 years ago
nickvergessen
commented
3 years ago There is an option to make the conversation read-only. It will also prevent people to delete messages, so that should be what you are looking for?
kimcdow
commented
3 years ago Joas,
I will be more than willing to help in any way I can to implement this widespread need.
My request is to implement an archiving solution for talk/spreed that meets federal records requirements in a similar fashion as what has been accomplished within Nextcloud for HIPPA, SOX, GDPR, File Archiving and Journaling.
What you suggested is a partial work around until such time as a formal message archive can be created. It also relies on the user to change expired conversations to read only.
Instant messaging or chat is becoming an increasingly popular form of communication internally within many organizations, as well as being used externally between organizations. In many cases, it is now being used as an alternative to more traditional email communication. Just as with email, there is likely to be a need to retain all IM content and make it available for search and retrieval, whilst managing the ongoing storage requirements for this.
Many organizations are subject to industry or business regulations that require them to accurately capture and preserve all instant message conversations for legal and compliance purposes. They will need to respond to eDiscovery requests for search, legal hold, audit and export, and comply with a range of laws and regulations that require message archiving and retrieval, such as FOIA.
The National Archives and Records Administration (NARA) released a directive which deals with how government and state agencies along with contractors by association should manage electronic records, including instant messaging, chat and mobile communication.
Some of the crucial points in the directive highlight the need to store and retain records in a trustworthy and tamper-proof manner, as well as the ability to locate, retrieve and deliver them in a timely manner.
To stay compliant with NARA, agencies need to be able to:
Please let me know how I can help, or what additional information I might be able to provide.
Regards, Kurtis McDowell
On Tue, Aug 24, 2021 at 9:51 AM Joas Schilling @.***> wrote:
There is an option to make the conversation read-only. It will also prevent people to delete messages, so that should be what you are looking for?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nextcloud/spreed/issues/6141#issuecomment-904661654, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2YCZRASSTL6W7TGWJYQULT6OPX3ANCNFSM5CVR7QXA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
kimcdow
commented
3 years ago Joas,
Here is the link to NARA bulletin 2015-02 Guidance on Managing Electronic Messages (https://www.archives.gov/records-mgmt/bulletins/2015/2015-02.html)
NARA instant Messaging FAQ https://www.archives.gov/records-mgmt/initiatives/im-faq.html
I believe other countries will have similar data retention requirements https://www.project-consult.de/files/Iron%20Mountain%20Guide%202013%20Germany%20Retention.pdf
Again please let me know how I can help. I am more than willing to work on developing a solution with you.
Regards Kurtis McDowell
On Tue, Aug 24, 2021 at 10:31 AM Kurtis McDowell @.***> wrote:
Joas,
I will be more than willing to help in any way I can to implement this widespread need.
My request is to implement an archiving solution for talk/spreed that meets federal records requirements in a similar fashion as what has been accomplished within Nextcloud for HIPPA, SOX, GDPR, File Archiving and Journaling.
What you suggested is a partial work around until such time as a formal message archive can be created. It also relies on the user to change expired conversations to read only.
Instant messaging or chat is becoming an increasingly popular form of communication internally within many organizations, as well as being used externally between organizations. In many cases, it is now being used as an alternative to more traditional email communication. Just as with email, there is likely to be a need to retain all IM content and make it available for search and retrieval, whilst managing the ongoing storage requirements for this.
Many organizations are subject to industry or business regulations that require them to accurately capture and preserve all instant message conversations for legal and compliance purposes. They will need to respond to eDiscovery requests for search, legal hold, audit and export, and comply with a range of laws and regulations that require message archiving and retrieval, such as FOIA.
The National Archives and Records Administration (NARA) released a directive which deals with how government and state agencies along with contractors by association should manage electronic records, including instant messaging, chat and mobile communication.
Some of the crucial points in the directive highlight the need to store and retain records in a trustworthy and tamper-proof manner, as well as the ability to locate, retrieve and deliver them in a timely manner.
To stay compliant with NARA, agencies need to be able to:
- define, monitor, review and update access to electronic records,
- prevent unauthorized access, tampering, deletion or destruction of archived records and
- have audit trail and legal hold capabilities.
Please let me know how I can help, or what additional information I might be able to provide.
Regards, Kurtis McDowell
On Tue, Aug 24, 2021 at 9:51 AM Joas Schilling @.***> wrote:
There is an option to make the conversation read-only. It will also prevent people to delete messages, so that should be what you are looking for?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nextcloud/spreed/issues/6141#issuecomment-904661654, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2YCZRASSTL6W7TGWJYQULT6OPX3ANCNFSM5CVR7QXA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
nickvergessen
commented
3 years ago I will be more than willing to help in any way I can to implement this widespread need.
Maybe you can create small tasks for the individual incompliances and then someone or maybe you can even work on those. It's good to have a meta/overview ticket, but the actual tasks need solving anyway
kimcdow
commented
3 years ago Sure I will attempt to do that... Hopefully you can tell me if what I come up with is workable as I am not a software engineer. Can you give me some insight on how Spreed messaging works internally? Is it Jabber, XMPP or something else? is it peer to peer connection or does it go through a messaging server on the host? How is it end to end encrypted?
Thanks Kurtis
On Tue, Aug 24, 2021 at 11:38 AM Joas Schilling @.***> wrote:
I will be more than willing to help in any way I can to implement this widespread need.
Maybe you can create small tasks for the individual incompliances and then someone or maybe you can even work on those. It's good to have a meta/overview ticket, but the actual tasks need solving anyway
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nextcloud/spreed/issues/6141#issuecomment-904751950, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2YCZTFOAHYSDM6NMIB7Y3T6O4HLANCNFSM5CVR7QXA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
nickvergessen
commented
3 years ago It's a custom API, calls are peer-to-peer (unless the HPB is used, then its peer-to-HPB-to-peer), chat is stored unencrypted in the Nextcloud Database
kimcdow
commented
3 years ago Thanks for the information that is great news! I will send you an update as soon as possible.
On Tue, Aug 24, 2021 at 1:06 PM Joas Schilling @.***> wrote:
It's a custom API, calls are peer-to-peer (unless the HPB is used, then its peer-to-HPB-to-peer), chat is stored unencrypted in the Nextcloud Database
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nextcloud/spreed/issues/6141#issuecomment-904821771, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2YCZV5CIDLNKDWLIWKMH3T6PGQLANCNFSM5CVR7QXA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
kimcdow
commented
3 years ago Joas,
Here is the first cut... Let me know what you think. I don't think it will be that hard to implement.
I really appreciate your willingness to consider and work on this. If there is more I can do please let me know.
Kurtis
On Tue, Aug 24, 2021 at 3:27 PM Kurtis McDowell @.***> wrote:
Thanks for the information that is great news! I will send you an update as soon as possible.
On Tue, Aug 24, 2021 at 1:06 PM Joas Schilling @.***> wrote:
It's a custom API, calls are peer-to-peer (unless the HPB is used, then its peer-to-HPB-to-peer), chat is stored unencrypted in the Nextcloud Database
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nextcloud/spreed/issues/6141#issuecomment-904821771, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2YCZV5CIDLNKDWLIWKMH3T6PGQLANCNFSM5CVR7QXA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
kimcdow
commented
3 years ago Joas,
Not that I didn't give you a week's worth or more of development work yesterday on the chat side of things.
My request now is is there a way to change the background on video conferences to either blur or replace the background on video calls?
Thank you
-- Privacy is important to everyone whether you think you have something to hide or not. Your mail is scanned for advertising and other purposes and the wrong word taken out of text can cause you a lot of trouble. I love google for ease of use and their use of TLS. I use Virtru mail encryption for sending mail. (https://www.virtru.com) My PGP public key can be found at hkp://keys.gnupg.net
nickvergessen
commented
3 years ago My request now is is there a way to change the background on video conferences to either blur or replace the background on video calls?
For record keeping requirements, I would like Talk to log at least the text portion of the conversation(s) so that even if a standard user deleted one or more conversations there would be an archive record available to management.