On Tue, 7 Oct 2008 17:58:59 +0100 Pedro Melo <[EMAIL PROTECTED]> wrote:
> Hi, > > On Oct 7, 2008, at 5:45 PM, Pavel Simerda wrote: > > On Tue, 7 Oct 2008 14:50:35 +0100 > > Pedro Melo <[EMAIL PROTECTED]> wrote: > > > >> On Oct 7, 2008, at 1:11 PM, Pavel Simerda wrote: > >> > >>> On Mon, 6 Oct 2008 16:50:54 +0100 > >>> Pedro Melo <[EMAIL PROTECTED]> wrote: > >>> > >>>> On Oct 6, 2008, at 3:52 PM, Peter Saint-Andre wrote: > >>>> > >>>>> While reviewing XEP-0186 just now, I noticed that when a > >>>>> resource goes invisible, its server must send presence of type > >>>>> unavailable from that resource. As far as I can see, when a > >>>>> contact's server receives unavailable presence from the user > >>>>> (and if the user+contact have a two-way presence subscription), > >>>>> it will stop sending presence updates to > >>>>> the user (if that was the last online resource for the user). > >>>>> This somewhat defeats the purpose of invisibility, no? > >>>> > >>>> Depends. It defeats the purpose of lurkers, who want to keep > >>>> seeing the others online without revealing their own presence. > >>>> But if you want to be online to talk to XMPP-based services but > >>>> skip Instant Messaging, I think its ok. > >>>> > >>>> I assume that if you are really interested on getting presence > >>>> updates from a particular contact, you would send him a directed > >>>> presence and become visible just for him. > >>>> > >>>> Anyway, in a federated network, I don't see a way to do better > >>>> than this. If we had a server-2-server protocol for "hey, i'm > >>>> invisible but keep sending those presences", you would be > >>>> leaking the presence anyway. > >>>> > >>>> I'm fine with this XEP as it stands. > >>>> > >>>> One nit: third security consideration, about last activity - > >>>> replying <service-unavailable /> is a information leak. The > >>>> proper reply would be to reply with the time of invisible > >>>> request. > >>> > >>> This would also leak information :). If you don't want others to > >>> know you are online... you might also not want them to know you > >>> connected just five minutes ago. > >> > >> Huhs? Sorry, don't follow. > >> > >> last-activity will only reply to people already on your roster. > >> > >> When I move to invisible, I don't want people to know that I'm > >> invisible, so if someone in my rosters asks for last activity, the > >> response should be consistent with my make-believe offline mode: > >> the last-activity is the time of my "logout". > > > > But what if you want to be Invisible from the beginning of a > > connection. > > I don't know the detais of the two invisibility xeps but... it seems > > just logical that when I connect and start invisible, I don't want > > my subscribed friends to know when exactly I connected (and > > disappeared). Maybe I want them to think I was not online at all > > the whole day. > > I guess you don't send your initial presence then. > > First send the invisible IQ, and then set you presence. > > Best regards, I'm sorry, it was not a question, it was a reply to yours. You suggested: "The proper reply would be to reply with the time of request." But this breaks the case I have just described and leaks information that you were connected at some specific time. Pavel -- Pavel Šimerda Freelancer v oblasti počítačových sítí, komunikace a bezpečnosti Web: http://www.pavlix.net/ Jabber & Mail: pavlix(at)pavlix.net OpenID: pavlix.net
