[jdev] Presence leak test suite

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Wed Jul 9 13:47:01 CDT 2008

On Wednesday 09 July 2008 09:33:32 Peter Saint-Andre wrote:
> Justin Karneges wrote:
> > On Wednesday 09 July 2008 07:55:58 Kevin Smith wrote:
> >> On Wed, Jul 9, 2008 at 3:46 PM, Peter Saint-Andre <stpeter at stpeter.im>
> >
> > wrote:
> >>>>> you also test presence leaks using guessed well-known resources like
> >>>>> client names (Psi, Gajim, Miranda, QIP, Adium etc.) or places (Home,
> >>>>> Work, School etc.)? I think it could push client authors to use
> >>>>> random-generated resource names.
> >>>>
> >>>> I don't understand why this would be something we'd want to push for.
> >>>
> >>> Because some people are paranoid?
> >>
> >> Paranoid people can use as random a resource as they want to - it
> >> doesn't mean the rest of us need to :)
> >
> > And a random resource isn't necessary anyway, just good privacy control
> > on the server.  (/me still wants a server that will bounce all iqs from
> > people who don't have his presence.)
> Including directed presence?

Yep, that's the idea.  If I send someone directed presence then they'd be 
temporarily authorized.  In current practice, this would really only be used 
with MUC rooms.  However, I can imagine a future practice of sending directed 
presence to unsubscribed contacts or sending directed presence when invisible 
(fortunately these are edge cases, so there's a lot to be gained even without 
clients handling them yet).


More information about the JDev mailing list