[Social] [Fwd: [Standards] Proposed XMPP Extension: Auto-Discovery of JabberIDs]
David Banes
david at banes.org
Tue Apr 29 20:19:03 CDT 2008
On 30/04/2008, at 7:39 AM, Peter Saint-Andre wrote:
> David Banes wrote:
>> Just a note that maybe;
>>
>> 5. Security Considerations
>>
>> should mention privacy and identity theft, this would be one more
>> piece
>> of personal information available on the net for bots to grab when
>> scanning social networking sites.
>
> That wouldn't help a spammer if the URL points to a pubsub node. But I
> suppose it might be a problem for MUC rooms and user accounts.
>
>> Maybe there should be a recommendation to encode the address?
>
> Like the MD5 hashes that FOAF uses for email addresses?
I'm not familiar with FOAF yet but if they are creating an MD5 of an
address that points to a real mailto: uri to send email then yes that
sounds like a sensible approach.
>
> Personally I think it's the responsibility of those who run the XMPP
> network to protect against abusive traffic natively, because people's
> JIDs will leak out no matter what we do.
I see your point but coming from a security background I always think
it's much better to design in as much security as you can that's
either mandatory or recommended.
We've moved away from displaying email addresses online to using
contact forms, maybe it's an idea obfuscate IM uri's now rather than
later.
>
>
David Banes
web: http://davidbanes.com/
rss: http://www.davidbanes.com/feed/
email: david at banes.org
xmpp: dbanes at clearim.net
skype: dmbanes
iChat: dbanes at mac.com
Director & Secretary, Internet Industry Association
------------------------------------------------------------------------------------------------
Email Security by Cleartext a CO2 Free company - www.cleartext.net
------------------------------------------------------------------------------------------------
More information about the social
mailing list