[Bug 40249] Privacy options
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Aug 26 11:09:59 CEST 2011
https://bugs.freedesktop.org/show_bug.cgi?id=40249
--- Comment #1 from Will Thompson <will.thompson at collabora.co.uk> 2011-08-26 02:09:58 PDT ---
1. Disable sending <gone/>
Following <http://xmpp.org/extensions/xep-0085.html#table-1>, we could modify
our implementation of chat state notifications to send <gone/> after a timeout,
rather than when the user closes the Telepathy channel. This would prevent the
information leak. (I actually don't think the other client should necessarily
show this information to the user, but whatever.) Disabling <gone/> while still
sending other notifications violates a SHOULD by my reading of
<http://xmpp.org/extensions/xep-0085.html#table-2>.
I think we should do one of two things here:
• Never send <gone/> (violating a SHOULD, and making it harder for clients to
do resource (un)locking as per <http://xmpp.org/extensions/xep-0296.html>);
• Send <gone/> after a time-out.
2. Disable typing notifications.
<http://xmpp.org/extensions/xep-0085.html#table-2> and
<http://xmpp.org/extensions/xep-0085.html#security> both indeed say that a
client MUST provide an option to disable sending typing information. This
doesn't really have to be a Gabble option—the chat UI can just not call any
methods on the ChatState interface. Making it a CM option would mean you'd have
to go implement this in every CM and then set the option on every single
account when the user changes it.
To keep this preference consistent across chat UIs (in Gnome we have two,
Empathy and the Shell), it could potentially be stored by MC—but equally it
could be stored in GSettings.
3. Disable exposing operating system and client name information.
So there are a number of ways an XMPP client gives away its identity:
• XEP-0092 Software Version <http://xmpp.org/extensions/xep-0092.html>. We only
report the name (Telepathy Gabble) and version (0.15.5), not OS information.
Thus we comply with the MUST in
<http://xmpp.org/extensions/xep-0092.html#security>.
• <identity/> elements in disco replies
<http://xmpp.org/extensions/xep-0115.html#howitworks>. Our disco replies
contain the software name (Telepathy Gabble), version (0.15.5) and client type
(phone or pc).
• Caps node name, as included in presence pushes
<http://xmpp.org/extensions/xep-0115.html#howitworks>. In our case, this is
"http://telepathy.freedesktop.org/caps".
• Telepathy-specific namespaces in our caps replies (e.g.
http://telepathy.freedesktop.org/xmpp/tubes), and more generally the unique set
of caps that Gabble advertises.
So given that we don't send OS information, and we can't realistically avoid
sending enough information to let people we've allowed onto our roster identify
that we're using Gabble, I don't think there's much to do here.
4. Other things from reading the KDE bug and the screenshot.
DecloakAutomatically is “let people (specifically, other Gabble users) who
aren't on our contact list call us”.
A useful privacy list-related feature to add would be “let people who aren't on
our contact list IM us”. Right now, that's left up to the server. I don't think
there's a bug for this. There's a draft D-Bus API for this at
<http://telepathy.freedesktop.org/spec/Connection_Interface_Communication_Policy.html>
but I don't think it's implemented anywhere.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list