[JDEV] Kid-safe messaging: [was buddy icons]

Jens Alfke jens at mac.com
Wed Apr 11 11:45:49 CDT 2001


On Wednesday, April 11, 2001, at 09:02 AM, Thomas Parslow (PatRat) wrote:

>> why do you think it will become an issue if the user itself is careful
>> enough? It definitely isn't easy to guess the account names on Jabber, 
>> as it
>> is the case with ICQ.
> But that relies on every user knowing what they're doing ;)

Precisely, which brings us back to the subject of this thread. I guess 
the conclusion here is that clients should either default to blocking 
messages from non-buddies, or should when first run ask the user if s/he 
wants to accept messages from non-buddies, with the default answer being 
"no".

> Also, many users wish to be listed in online directories so that
> people can find them.

This is a wider issue. Blocking all non-buddies is pretty severe. It 
might be enough to also accept messages from people who have you on 
their buddy list, since you presumably approved their doing so. The 
loophole I can see here is that you could end up getting spammed with 
subscription requests like "The user hotbabe at sexxx.com wants to add you 
to their buddy list. Do you approve this?"

One big vague architectural solution is to establish some kind of "web 
of trust" where transitive buddyhood (foo at bar.com is unknown to me but 
is on one of my buddy's buddy lists) is used as a heuristic to guess 
that someone is legit and therefore not block their messages. The 
problem is how to trawl through the directed graph of buddy lists 
without privacy concerns coming up, since I don't necessarily want all 
my buddies knowing who else is on my buddy list.

Here's a quick thought: Allow each user to keep a private server-side 
list that rates other users positively or negatively. Other users can 
then send special messages to your server to query for your rating of a 
single other user. By sending such a query to your whole buddy list, you 
can compute an aggregate ranking that gives you an idea of whether or 
not to trust or block some unknown user. Should be quite simple to 
implement...

—Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 2380 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20010411/a73d6f2a/attachment-0002.bin>


More information about the JDev mailing list