[Standards-JIG] bot-challenge proto-JEP

Ian Paterson ian.paterson at clientside.co.uk
Fri Sep 2 07:30:54 CDT 2005


After thinking about this a bit more, I think false SPIM reports could
probably be combated in better ways than with Bot Challenges.

The server would not need to store past messages either. After it
receives a couple of SPIM reports about an entity, the server will
probably want to examine the stanzas still being sent to users on the
same server by the alledged SPIM bot. The bot will probably be sending
out substantially similar stanzas, so it shouldn't be too difficult to
*automatically* confirm the validity of the content of the reported SPIM
stanzas.

- Ian


> -----Original Message-----
> From: standards-jig-bounces at jabber.org 
> [mailto:standards-jig-bounces at jabber.org] On Behalf Of Ian Paterson
> Sent: 02 September 2005 11:04
> To: 'Jabber protocol discussion list'
> Subject: RE: [Standards-JIG] bot-challenge proto-JEP
> 
> 
> > > One thing I mentioned before is that the Reporting protocol itself
> > > will be open to abuse. Someone could configure bots to 
> > generate lots
> > > of false reports in order to give an entity a bad reputation.
> > > (Administrators may not have time to examine the content of the 
> > > alleged SPIM, and their only copy of the offending stanza 
> > may be the
> > > one in the SPIM report.) So perhaps SPIM Reporting will
> > need to make
> > > use of Bot Challenges too! (It's a nasty world our cosy
> > community is
> > > walking into.)
> > 
> > Maybe in that case the server would only allow the reporting
> > of messages 
> > that the user had actually received, if any are made up (i.e. 
> > havent been 
> > sent to that user) or altered they should be dropped.
> 
> Yes. But I was concerned about the server storage issues.
> 
> Could the server store all stanzas for a few hours after 
> delivery? Enough time to allow Aunt Tillie to return to her 
> computer (she was at lunch), and to read through her messages 
> before hitting the big red SPIM-report button?
> 
> I guess the server would only need to store a hash of every 
> delivered stanza.
> 
> - Ian
> 
> 




More information about the Standards-JIG mailing list