[jdev] Presence leak test suite
justin-keyword-jabber.093179 at affinix.com
Wed Jul 9 13:47:01 CDT 2008
On Wednesday 09 July 2008 09:33:32 Peter Saint-Andre wrote:
> Justin Karneges wrote:
> > On Wednesday 09 July 2008 07:55:58 Kevin Smith wrote:
> >> On Wed, Jul 9, 2008 at 3:46 PM, Peter Saint-Andre <stpeter at stpeter.im>
> > wrote:
> >>>>> you also test presence leaks using guessed well-known resources like
> >>>>> client names (Psi, Gajim, Miranda, QIP, Adium etc.) or places (Home,
> >>>>> Work, School etc.)? I think it could push client authors to use
> >>>>> random-generated resource names.
> >>>> I don't understand why this would be something we'd want to push for.
> >>> Because some people are paranoid?
> >> Paranoid people can use as random a resource as they want to - it
> >> doesn't mean the rest of us need to :)
> > And a random resource isn't necessary anyway, just good privacy control
> > on the server. (/me still wants a server that will bounce all iqs from
> > people who don't have his presence.)
> Including directed presence?
Yep, that's the idea. If I send someone directed presence then they'd be
temporarily authorized. In current practice, this would really only be used
with MUC rooms. However, I can imagine a future practice of sending directed
presence to unsubscribed contacts or sending directed presence when invisible
(fortunately these are edge cases, so there's a lot to be gained even without
clients handling them yet).
More information about the JDev