[Standards-JIG] privacy2 anti-SPIM proto-JEP

Tomasz Sterna tomasz.sterna at gmail.com
Mon Aug 29 21:47:16 UTC 2005

2005/8/29, Bart van Bragt <jabber at vanbragt.com>:
> > As soon as they message your bot for help (and add it to corespondents
> > list) or add it to roster, they poke a hole in the spimfilter and
> > allow messages from your bot. :-)
> Which is why I said:
> "Asking users to manually add my bot to their privacy (white)list
> doesn't sound very appealing to me."

And I was saying about sending messages and adding users to roster.
This isn't rocket science - it's a standard way of using an IM client
and every user is doing it every day.

Editing privacy or white list isn't a usual course of run and I would
also strongly avoid it.

Instead of putting a webpage with a "Enter your JID" form, one puts a
page "Just send 'subscribe' message to bot at myser.ver"

My feeling is that's even lower learning curve for average user.
I've met a lot "What is a JID???" people, but none that does not know
how to add a new buddy to contact list and send him "Hi."

> I'd rather have that then designing something quickly and ending up with
> a network that's a lot pleasant than it used to be.

That's the neverending battle of making things "good enough" or "correct".
GNU/HURD didn't make out of lab yet and we are using GNU/Linux on
production sites in the very moment.

> Another thought that came to mind. memberbot at jabber.org contacts me, my
> server (vanbragt.com) knows jabber.org (they have been in kindergarten
> together) and asks if memberbot is a good net citizen.

The problem here is that you need to trust the sender's server.
And the SPIMmer server will gladly lie to you that his bots are good
net citizens.

We are back to the whitelist problem.

What I don't like with the centrally managed solution is that:
- it needs manpower to maintain it
  if we really are inclined to conquer the world the burden will be so
much, that the service will be paid, thus reducing the openess of XMPP
network and splitting it to "even and evener" servers (isn't that the
closed federation of commercial servers we're trying to avoid?)
  there also is a project of making an XMPP router a central point of
message exchange for every desktop PC
- it needs manpower to maintain it at the server
  lists appear and vanish, change addreses, are abused etc.

I have a strong feeling we do not really need these all.


More information about the Standards mailing list