And Jiří Zárevúcký spoke on 04/23/2009 11:02 AM, saying: > I don't think it's ridiculous. I guards against accidental leaking of > presence. > You can leak for example by requesting users client's version or > service discovery information. I can imagine very little ordinary > users realize it. > > You can still add some sort of checkbox saying "Don't ask again". > That's not against the rules IMO, as this way the user configures the > client to autopopulate trusted list with any contacts he interacts > with. It's all just implementation details. >
I think it's critical to distinguish user-generated traffic from client-generated outgoing stanzas. I agree with Will that, for the former, this is a really frustrating UI and I'd hate my client for doing it. For client-generated stanzas, it's still overly restrictive (again, I'd hate my client for *double prompting me* if I try to establish a voice call with someone while I'm invisible); IMHO, the XEP should say that clients only send responses to parties to whom the user has already revealed presence (or previously whitelisted) and respond to all other stanzas as if the server were responding on behalf of an offline resource. If I start messaging someone, my client should treat that as implicit authorization to respond to IQs from or send IQs to that client. ~Paul
