Re: [Standards] invisibility

Tue, 07 Oct 2008 06:50:43 -0700 

Hi,

On Oct 7, 2008, at 1:11 PM, Pavel Simerda wrote:


On Mon, 6 Oct 2008 16:50:54 +0100
Pedro Melo <[EMAIL PROTECTED]> wrote:


On Oct 6, 2008, at 3:52 PM, Peter Saint-Andre wrote:


While reviewing XEP-0186 just now, I noticed that when a resource
goes invisible, its server must send presence of type unavailable
from that resource. As far as I can see, when a contact's server
receives unavailable presence from the user (and if the
user+contact have a two-way presence subscription), it will stop
sending presence updates to
the user (if that was the last online resource for the user). This
somewhat defeats the purpose of invisibility, no?


Depends. It defeats the purpose of lurkers, who want to keep seeing
the others online without revealing their own presence. But if you
want to be online to talk to XMPP-based services but skip Instant
Messaging, I think its ok.

I assume that if you are really interested on getting presence
updates from a particular contact, you would send him a directed
presence and become visible just for him.

Anyway, in a federated network, I don't see a way to do better than
this. If we had a server-2-server protocol for "hey, i'm invisible
but keep sending those presences", you would be leaking the presence
anyway.

I'm fine with this XEP as it stands.

One nit: third security consideration, about last activity -
replying <service-unavailable /> is a information leak. The proper
reply would be to reply with the time of invisible request.


This would also leak information :). If you don't want others to know
you are online... you might also not want them to know you connected
just five minutes ago.


Huhs? Sorry, don't follow.

last-activity will only reply to people already on your roster.
When I move to invisible, I don't want people to know that I'm invisible, so if someone in my rosters asks for last activity, the response should be consistent with my make-believe offline mode: the last-activity is the time of my "logout".
Giving a radically different response when you move from visible to invisible is a clear signature of invisibility. 

Best regards,
--
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: [EMAIL PROTECTED]
Use XMPP!

Reply via email to