[Standards] DEFERRED: XEP-0377 (Spam Reporting)

Mathieu Pasquet mathieui at mathieui.net
Sat May 23 20:39:32 UTC 2020


On 23.05.2020 20:08, Georg Lukas wrote:
>[snip]
>This is a very short and very slippery slope. I'm sure that you are
>aware of the coordinated attacks on centralized social networks where
>trolls mass-report accounts that they disagree with.
>
>It's okay to block a certain sender JID on your own account without any
>evidence, but I'm really hesitant to create an instrument that has even
>a small chance of feeding forged evidence to server administrators.
>Running a public server is hard enough already without having to
>investigate such anti-abuse abuse, and I'm pretty sure that the "paid
>xmpp DDoS" sellers will quickly adopt if you give them such a stick to
>wield.
>

I concur, although I will point out that attacks on centralized social
networks do not even need to falsify the contents of the incriminated
message. They only use mass reporting together with a bogus abuse
subject, and that is enough in itself to trigger an automated removal
(or suspension) of the reported content.

Here our intent is not to flag what is or what is not acceptable for
private exchanges, but rather to get evidence linked to the report,
to determine the best course of action (assuming the abuser is on
another server, for the most part). Having one or several stanzas
attached to the report, with the guarantee that they are unaltered,
is in my opinion one of the best way to gather that information.

Mathieu


More information about the Standards mailing list