On Tue, 7 Oct 2008 14:50:35 +0100 Pedro Melo <[EMAIL PROTECTED]> wrote:
> Hi, > > On Oct 7, 2008, at 1:11 PM, Pavel Simerda wrote: > > > On Mon, 6 Oct 2008 16:50:54 +0100 > > Pedro Melo <[EMAIL PROTECTED]> wrote: > > > >> On Oct 6, 2008, at 3:52 PM, Peter Saint-Andre wrote: > >> > >>> While reviewing XEP-0186 just now, I noticed that when a resource > >>> goes invisible, its server must send presence of type unavailable > >>> from that resource. As far as I can see, when a contact's server > >>> receives unavailable presence from the user (and if the > >>> user+contact have a two-way presence subscription), it will stop > >>> sending presence updates to > >>> the user (if that was the last online resource for the user). This > >>> somewhat defeats the purpose of invisibility, no? > >> > >> Depends. It defeats the purpose of lurkers, who want to keep seeing > >> the others online without revealing their own presence. But if you > >> want to be online to talk to XMPP-based services but skip Instant > >> Messaging, I think its ok. > >> > >> I assume that if you are really interested on getting presence > >> updates from a particular contact, you would send him a directed > >> presence and become visible just for him. > >> > >> Anyway, in a federated network, I don't see a way to do better than > >> this. If we had a server-2-server protocol for "hey, i'm invisible > >> but keep sending those presences", you would be leaking the > >> presence anyway. > >> > >> I'm fine with this XEP as it stands. > >> > >> One nit: third security consideration, about last activity - > >> replying <service-unavailable /> is a information leak. The proper > >> reply would be to reply with the time of invisible request. > > > > This would also leak information :). If you don't want others to > > know you are online... you might also not want them to know you > > connected just five minutes ago. > > Huhs? Sorry, don't follow. > > last-activity will only reply to people already on your roster. > > When I move to invisible, I don't want people to know that I'm > invisible, so if someone in my rosters asks for last activity, the > response should be consistent with my make-believe offline mode: the > last-activity is the time of my "logout". But what if you want to be Invisible from the beginning of a connection. I don't know the detais of the two invisibility xeps but... it seems just logical that when I connect and start invisible, I don't want my subscribed friends to know when exactly I connected (and disappeared). Maybe I want them to think I was not online at all the whole day. > Giving a radically different response when you move from visible to > invisible is a clear signature of invisibility. > > Best regards, -- Pavel Šimerda Freelancer v oblasti počítačových sítí, komunikace a bezpečnosti Web: http://www.pavlix.net/ Jabber & Mail: pavlix(at)pavlix.net OpenID: pavlix.net
