[Standards] DEFERRED: XEP-0377 (Spam Reporting)

Georg Lukas georg at op-co.de
Sat May 23 18:08:56 UTC 2020


* Sam Whited <sam at samwhited.com> [2020-05-23 15:40]:
> On Sat, May 23, 2020, at 06:24, Mathieu Pasquet wrote:
> > Sorry for the necromancer update, but would it not make sense to allow
> > stanza-id elements as children to the <spam/> and <abuse/> elements?

Yeah, that's actually what also came to my mind as an easy and
straight-forward way to significantly improve the usefulness of 0377 for
server admins.

> I think that including a stanza-id is probably "good enough", but I'm
> also a little worried about the fact that you would then only be able to
> report recent messages, which feels like it would be unexpected and
> could make training a spam filter less easy.

I'm not sure when you would come into a situation where you don't report
a spam message in a timely manner but let it sit there for multiple
weeks.

> I'm now wondering if it makes sense to forward the entire original
> message and just trust that it's not all that easy to abuse [...]

This is a very short and very slippery slope. I'm sure that you are
aware of the coordinated attacks on centralized social networks where
trolls mass-report accounts that they disagree with.

It's okay to block a certain sender JID on your own account without any
evidence, but I'm really hesitant to create an instrument that has even
a small chance of feeding forged evidence to server administrators.
Running a public server is hard enough already without having to
investigate such anti-abuse abuse, and I'm pretty sure that the "paid
xmpp DDoS" sellers will quickly adopt if you give them such a stick to
wield.


Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20200523/a72afbcd/attachment.sig>


More information about the Standards mailing list