[jdev] Presence leak test suite
snakeru at gmail.com
Wed Jul 9 11:45:11 CDT 2008
On Wednesday 09 July 2008 20:33:32 Peter Saint-Andre wrote:
> Justin Karneges wrote:
> > On Wednesday 09 July 2008 07:55:58 Kevin Smith wrote:
> >> On Wed, Jul 9, 2008 at 3:46 PM, Peter Saint-Andre <stpeter at stpeter.im>
> > wrote:
> >>>>> you also test presence leaks using guessed well-known resources like
> >>>>> client names (Psi, Gajim, Miranda, QIP, Adium etc.) or places (Home,
> >>>>> Work, School etc.)? I think it could push client authors to use
> >>>>> random-generated resource names.
> >>>> I don't understand why this would be something we'd want to push for.
> >>> Because some people are paranoid?
> >> Paranoid people can use as random a resource as they want to - it
> >> doesn't mean the rest of us need to :)
> > And a random resource isn't necessary anyway, just good privacy control
> > on the server. (/me still wants a server that will bounce all iqs from
> > people who don't have his presence.)
> Including directed presence?
Why does it matter? Either someone got my presence or he didn't.
So he either can query my client for something or he can't.
If I am not mistaken - server remembers all presences that it sent to peers so
when client disconnects - server automatically send offline presences
everywhere it needs to. That of cource includes directed presences.
More information about the JDev