2009/4/23 Will Thompson <[email protected]>: > Hi, > > I was just glancing over XEP-0186, and I noticed the following section: > >> 3.1.2 Client Handling > >> While the client is in invisible mode, the client: > >> * MUST maintain a temporary list of entities with which communication is >> allowed, and prompt the user before adding any entity to that "communicants >> list" for this invisibility session; the list MAY be auto-populated with >> trusted entities if so configured by the user. > >> * MUST prompt the user before sending any outbound traffic (message, >> presence, or IQ stanza) to a contact even if the user generated such >> traffic; upon receiving authorization from the user, the client SHOULD add >> the authorized entity to the communicants list for this invisibility session. > > This UI seems ridiculous to me: if my client did this, it would really > annoy me. If I'm invisible but want to message a contact, that's my > choice. My client shouldn't get in the way (unless I want it to, which I > don't). Unfortunately, per the XEP a client that behaves how I want > rather than as above is buggy. > > Perhaps this section could be removed, or rephrased as one possible UI? > XEPs mandating particular UI behaviour seems like a bad idea in general, > especially when the mandated behaviour is undesirable. :) > > Regards, > -- > Will > >
I don't think it's ridiculous. I guards against accidental leaking of presence. You can leak for example by requesting users client's version or service discovery information. I can imagine very little ordinary users realize it. You can still add some sort of checkbox saying "Don't ask again". That's not against the rules IMO, as this way the user configures the client to autopopulate trusted list with any contacts he interacts with. It's all just implementation details.
