[Standards] Expected behavior when blocking all unknown JIDs

Florian Schmaus flo at geekplace.eu
Sun Jan 15 12:10:06 UTC 2017


On 13.01.2017 20:36, Kim Alvefur wrote:
> Hey,
> 
> First, I think we're better off if we think of blocking strangers by
> default as a privacy protection measure, instead of a SPAM prevention
> measure.

Exactly, as far as I see it, there are three scenarios:

* SPAM
  - An entity sends you messages in order to sell you something
* Privacy
  - An entity sends you unwanted messages (harassment, stalking, …)
  - An entity receives sensitive data from you (usually presence)
* Attack
  - A malicious entity is able to make you consume resources (battery,
data volume, …)

I strongly agree with Kim that blocking should be seen as primary
measure for privacy protection, not SPAM prevention.

That said, I do believe that the three scenarios need to interact with
each other by using common protocol mechanisms.

I think it's possible to deal with message SPAM without restricting the
sender by their presence subscription status of the receiver. I do not
want to live in a world where users have to be subscribed to my presence
in order to send me messages. After all, XMPP is a communications
protocol, and that approach limits communication. I really wonder why
this does come up once in a while.

Presence SPAM is a hard problem right now. I don't found a good solution
yet. It only become clear to me that users receiving presence
subscription requests should be presented with a third option in the UI,
besides 'accept' and 'reject', there should also be "ignore, report and
block spammer". Maybe presence pre-approving could be helpful here.

- Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 610 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170115/6f2af7e8/attachment.sig>


More information about the Standards mailing list