[Standards-JIG] privacy2 anti-SPIM proto-JEP

Sander Devrieze s.devrieze at pandora.be
Tue Sep 6 17:55:00 UTC 2005

Op woensdag 31 augustus 2005 05:57, schreef Ian Paterson:
> > For one is that we're bothering the user with a problem
> > of the system, the (sending) users has to do more effort
> > so we can detriment spammers.
> People are only bothered, at most, the very first time they send a
> message to a correspondent. I expect this will be much less than once
> per day for Aunt Tillie (most people).

Indeed, and bots are bothered much more as they don't know the good answer. 
The trick is to bother them much, much, much more than humans so that humans 
will be happy to answer the bot challenge as it will save everyone from spim. 
You can compare it with a human buying *one* cheap stamp (the oportunity cost 
of answering the simple question/CAPTCH/whatever), and a spim bot paying 
*much* stamps (so much that the opportunity cost will be unprofitable for 
spimmers using bots) :-)

> > I don't have the idea that we need to design and implement
> > an anti-SPIM system in 2 weeks time to please Google.
> We're not doing this for Google. If we don't put a good standard in
> place soon then, as you pointed out, Google will probably invent
> something themselves (or worse, opt for a closed federation).

I think the most important reason for a good anti-spim solution is that it 
might make the business world starting to see XMPP as more important than 
VOIP, SMTP, integration,... In short that they start deploying it because it 
is the only real protocol that is secure, open, and 200% spim-proof. ;-)

> IMHO the collective experience of the JSF community paying attention to
> the wider issues is likely to produce better protocols. We need to
> encourage the talented engineers at Google, Apple et al to join in. :)

Why limiting to these companies? ;-) IMO *everyone* hating spim should be able 
to help with a protocol that can entirely destroy the spam/spim mafia :-)

> Individuals will be in complete control. If this will be as intrusive as
> you fear, then it would be considered anti-social to require bot
> challenges, and the clients will default to switching bot challenges
> off. In fact, since SPIM is not a real problem on the XMPP network
> today, I sincerely hope clients disable bot challenges by default (i.e.
> don't add them to their privacy lists). Perhaps for a while at least,
> the mere existence of 'bot challenge' implementations will act as a
> deterrent to SPIMers, and we won't need to actually use them?

Yes, I also think that as long as there is no spim problem that people will 
bother to add a bot challenge to their privacy list. A big advantage of 
having these JEPs and implementations of this JEP, even when there is not yet 
a spimming problem, is that it will discourage the spim/spam mafia to even 
invest in bots that can't handle the bot challenge JEP. They might have a 
small success, but after a few days nearly everyone will probably have a Bot 
challenge on his privacy list. Result: the bot will be useless and the 
spim/spam mafia had invested in a black hole bot that didn't gained (much) 


Mvg, Sander Devrieze.

xmpp:sander at devrieze.dyndns.org ( http://jabber.tk/ )

More information about the Standards mailing list