[standards-jig] Re: Invisibility Support in Jabber
thoutbeckers at splendo.com
Fri Aug 9 16:20:58 UTC 2002
Ben Schumacher <ben at blahr.com> wrote on 9-8-2002 18:09:37:
>I'm not sure the ICQ-way is the correct way to do this. This has
>changed significantly as ICQ has matured over the years, but the
>original protocol for ICQ actually still sent presence to a user with
>a type of invisible. Apparently, if you had a non-standard client, you
>could see who had you on their invisible list.
Well I'm not saying we should drop the Jabber protocol and go for the
ICQ protocol (though temas seems to like SNAC ;). I'm well aware of
all the gaping holes in ICQ "security". They *still* don't have a real
precense subscription model, I can just add anyone I want to my list.
The "invisible" list was always flawed (maybe it still is?). However in
my post I was talking about the invisible status and the "visible" list.
The only security issue's there have been with that have been that you
could discover the online status through the webportal (eg. by sending
a web based chatrequest). I had myself written a tool to *cough* take
advantage of this feature wich got into pretty wide use (at least
here) till Mirabilis plugged the hole.
>In addition, ICQ adopted this model because early versions of their
>protocol didn't have precious presence. If I came online, my presence
>was basically available to anybody. That's bad. Jabber doesn't have
ICQ still has that problem, if you say that this was their reason to
support invisible mode I'm willing to believe you, but it that doesn't
change the fact that the *concept* (not buggy implementation) of their
invisible mode is better then MSN/AIM/Yahoo!(last time I looked) and
Jabber. And that it also has some advantages over the model you
propose, the persistancy of the "visible" list being just one. Ofcourse
like I already mentioned: your approach has some advantages of it's own.
>This is still an issue of client design, but in one my later emails, I
>mentioned the idea of a presence bookmark. It would be possible in any
>client to have a 'default' presence bookmark, that would be sent out
>when I logged in. This would give you the same behavior that ICQ has.
>If you're just worried about the extra byte you'd be sending out, then
>the obvious solution would be to have header support.
You can do that kind of bookmarks on the server with iq:private, but
I'd still rather see that I can switch between clients and still keep
my visible list. This won't break any clients that don't support
invisiblity, since they won't go into invisible mode. If it were up to
me visibility information could be stored in the roster just like
<item jid='foo at bar' name='foobar' subscription='both'
where it can can be "visible", "invisible" (if there is a need for a
invisible list) or not there. I think this could be usefull for both
your approach and the "ICQ approach". I can accept though that if
enough people don't want it it won't happen. Perhaps then there should
a standard way of dealing with iq:private to store this so different
clients can share this information, as I think could be usefull for
manny more things (like alerts for users etc.)
As for headers, they're nice. In addition to that for the sake of
simplicity I'd like the ability to put entire groups on or off the list
with one packet (by specifying the groupname not everyone in it), just
as I'd like to be able to send a message to an entire group with one
simple packet, but that's something for another post :)
>That's my stance, and I'm stickin' to it.
More information about the Standards