@sun Did basicly the same thing for XMPP. Using XMPP is a security win because I control the XMPP server, so I'm not depending on openclaw security to decide who can talk to my bot. I can just stop that account from federating.
@fastfinge very nice. I do actually run an xmpp server but the image attachments are always broken + I didn't want to raise the size limit for everyone, so I just went with my friend's delta.chat.
the telegram stuff icked me out, it uses some random unknown person's bot management service? how long until that gets pwned
@sun I'm thinking about tempmail for that. I don't really want my bot sending unsupervised emails, but tempmail has an API so it can set itself up as many inboxes as it wants. github.com/elbunuelo/tempmail
@Ree@sun Seems like security theatre. Openclaw is just sending them to some AI service anyway. Yes, local AI where possible. But it isn't, always. And openclaw could just randomly decide to email all log files to a guy named Bruce anyway. If I'd want it encrypted, I don't want it in openclaw.
@Ree@sun Yes exactly. Better to make sure that even if it, say, hands out the password to its XMPP account, nobody can log into that account anyway, because it's protected by an IP allow list. And the XMPP server is a different machine, so it can't add your IP to the allow list even if it wants to. Same for API keys and so on. Assume it will give them to any random jerk who puts up a webpage that asks it to. Make sure they can't do anything with those keys.
@sun I'm using snikket and things seem to work fine. Also means I can have different accounts for different agents if I want. The other services other than IRC make getting second accounts hard enough, never mind third or fourth or fifth ones. I don't have that many valid phone numbers LOL. But on my own XMPP server I can just make all the accounts I want without bothering anyone.
