[standards-jig] Re:[2] Invisibility Support in Jabber

Tijl Houtbeckers thoutbeckers at splendo.com
Fri Aug 9 16:20:58 UTC 2002


Ben Schumacher <ben at blahr.com> wrote on 9-8-2002 18:09:37:
>
>I'm not sure the ICQ-way is the correct way to do this. This has 
>changed significantly as ICQ has matured over the years, but the 
>original protocol for ICQ actually still sent presence to a user with 
>a type of invisible. Apparently, if you had a non-standard client, you 
>could see who had you on their invisible list.
>

Well I'm not saying we should drop the Jabber protocol and go for the 
ICQ protocol (though temas seems to like SNAC ;).  I'm well aware of 
all the gaping holes in ICQ "security". They *still* don't have a real 
precense subscription model, I can just add anyone I want to my list. 
The "invisible" list was always flawed (maybe it still is?). However in 
my post I was talking about the invisible status and the "visible" list.
 The only security issue's there have been with that have been that you 
 could discover the online status through the webportal (eg. by sending 
 a web based chatrequest). I had myself written a tool to *cough* take 
 advantage of this feature wich got into pretty wide use (at least 
 here) till Mirabilis plugged the hole. 


>In addition, ICQ adopted this model because early versions of their
>protocol didn't have precious presence. If I came online, my presence 
>was basically available to anybody. That's bad. Jabber doesn't have 
>that problem.

ICQ still has that problem, if you say that this was their reason to 
support invisible mode I'm willing to believe you, but it that doesn't 
change the fact that the *concept* (not buggy implementation) of their 
invisible mode is better then MSN/AIM/Yahoo!(last time I looked) and 
Jabber. And that it also has some advantages over the model you 
propose, the persistancy of the "visible" list being just one. Ofcourse 
like I already mentioned: your approach has some advantages of it's own.
 

>This is still an issue of client design, but in one my later emails, I
>mentioned the idea of a presence bookmark. It would be possible in any
>client to have a 'default' presence bookmark, that would be sent out 
>when I logged in. This would give you the same behavior that ICQ has. 
>If you're just worried about the extra byte you'd be sending out, then 
>the obvious solution would be to have header support.

You can do that kind of bookmarks on the server with iq:private, but 
I'd still rather see that I can switch between clients and still keep 
my visible list. This won't break any clients that don't support 
invisiblity, since they won't go into invisible mode. If it were up to 
me visibility information could be stored in the roster just like 
subscriptions. eg: 

<item jid='foo at bar' name='foobar' subscription='both' 
visibility="visible"/> 

where it can can be "visible", "invisible" (if there is a need for a 
invisible list) or not there. I think this could be usefull for both 
your approach and the "ICQ approach". I can accept though that if 
enough people don't want it it won't happen. Perhaps then there should 
a standard way of dealing with iq:private to store this so different 
clients can share this information, as I think could be usefull for 
manny more things (like alerts for users etc.) 

As for headers, they're nice. In addition to that for the sake of 
simplicity I'd like the ability to put entire groups on or off the list 
with one packet (by specifying the groupname not everyone in it), just 
as I'd like to be able to send a message to an entire group with one 
simple packet, but that's something for another post :) 

>
>That's my stance, and I'm stickin' to it.
>
>bs.
>





More information about the Standards mailing list