Slashdot Mirror
Google Begins Blocking Third-Party Jabber Invites
New submitter kxra writes "Do you have a federated jabber instant messaging account that never gets responses from Google accounts anymore? Or do you have a Gmail account that a friend has been unable to invite from their 3rd party Jabber account? The Free Software Foundation reports, 'Google users can still send subscription requests to contacts whose accounts are hosted elsewhere. But they cannot accept incoming requests. This change is akin to Google no longer accepting incoming e-mail for @gmail.com addresses from non-Google domains.' This sounds like something Facebook would try in order to gain even tighter control over the network, but they never even federated their Jabber service to begin with. According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem."
This is great because I keep receiving spam invites on one of my GMail accounts.
Countdown to those with bad reading comprehension wondering why the story isn't about Google not accepting e-mail from non-@gmail.com accounts.
1. Banning ad-blocker apps from the Google Play App store
2. Banning jabber invites
3. Killing Google Reader
They're too big to need to play nice with anyone.
Yes this does break the infrastructure of Jabber. In the long run, no this is not a good solution. However, what percent of gchat functionality comes from third party jabber networks and how much spam was originating from that vector?
I knew an admin who ran a small town's municipal network and website who out of the blue began to be attacked. While nothing was compromised, he changed the routing to blackhole anything from the Eastern European country most of it was originating from. A week or so later he unblocked the range and the attack had passed. This fundamentally broke how those systems interacted with the Internet, but in the scope of the services provided and the qualities of the attack it was a measured solution.
It's a metaphor and Google is in a different boat, but it does not take long to tarnish a brand as "gets spam" and probably a diminishing number of people federate out to Google. In general, I'd put away the pitchforks for now and see how they address the spam problem going forward.
Nothing in that conversation says that Google is doing this (not actually blocking all foreign invites, but sharply limiting the number from each foreign domain) as a lazy way to handle a spam problem; that conversation points to an extremely large spam invite problem, and discusses potentially needing to do it if the operators of the federated domains from which the spam is originating cannot address the problem. It also addresses some of the steps taken by operators of those domains to address the problem (as of the most recent message I can find, it also seems like those methods have not yet been dealt with the problem.)
It very much sounds like the goal is to deal with the problem with the other service operators, but to take immediate steps to stem the flow of spam until an acceptable resolution is attained. The author of TFS may think this is "lazy", but it is not accurate to attribute that description to the email thread.
I own Google stock. The eviler Google gets, the richer I get.
You, too, can profit from Google's evil.
Maybe instead of silently dropping invitation requests, Google should send a rejection notice (regardless of whether the target Gmail account exists, to prevent probing) with a link to a CAPTCHA; completing the captcha would allow retrying the request.
Given their track record, I'd be surprised if Google bothers to implement this kind of non-lazy approach to re-enable interoperability, though.
That doesn't help if they're blocking invites from the entire internet, rather than just from spammy servers or users.
And what if you wish to speak with someone who uses Google's XMPP service?
Give me Classic Slashdot or give me death!
Finding "spammy users" has always been the chief problem with every fight against spam.
Actually, running your server is a step toward solving that, but not the whole solution. The other parts of the solution are [a] getting people to use your server rather than Google's, and [b] solving the spam problem that Google is addressing by some other, more federation-friendly, means.
Sorry, but I have a full time job already. Don't need another one. :)
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
Perhaps there needs to be a mechanism for a server to reject the request, in such a way as to say: "too many untrusted/unauthenticated connection attempts. Try your request later." Until then, oh well. Spammers ruin it for everyone.
Multiplayer on Nintendo video game consoles already works this way: nobody can communicate unless players have exchanged friend codes out of band. In fact, some games such as Animal Crossing series don't allow play with strangers at all.
Google is becoming..
A better way would be to disable notifications on the client, but show a long list of spamny requests on demand. Not as good as having no spam, but it's the best way to go on an open system.
And what if you wish to speak with someone who uses Google's XMPP service?
The same thing that happens if you want to email someone who's email provider is blocking all incoming emails - you tell them their service provider is being a dick and that they need to change to one of the many other service providers out there who aren't being almighty bellends....
http://blog.nexusuk.org
Running an XMPP server doesn't take much effort. I've been running an eJabberd server for about 6 years and was running jabberd 1 before then. The original jabberd took a reasonable amount of configuration effort, but ejabberd (especially if you use mnesia) requires almost none: just install it, tell it your domain, and either enable in-band registration or manually add users. That's basically it. Pull in any security updates as they appear (your operating system's package manager should handle this) and you're good. It's no harder than running a mail server.
I am TheRaven on Soylent News
comes great(er) responsibility. So yes, Google does have much more responsibility to maintain what they have created than joe poster on slashdot. Infinitely more.
I rarely (read basically never) sign up for or use any "free" or even paid services, precisely because the effort I put into integrating them into my life is not worth the hassles when these services are (inevitably) changed, removed, "upgraded" or otherwise rendered useless or too difficult to deal with for any perceived benefit.
There is too much more to do in life - read, watch movies, take courses, cook, take walks, spend time IRL with family and friends.
Email and webpages, perhaps with comments sections, are plenty. Everything else is just corps. trying to suck up my time and monetize me.
I am OK with it.
Get a real gmail account.
Interestingly, that's exactly the policy implemented by one of my former university against email spam coming from a few large and very spammy IP blocks.
(I think these IP blocks were somewhere in China).
Very few users were actually communicating with them. But we got massive amount of spam coming from them.
The solution was to black list this IP range. But any rejected user got an answer asking a few very simple step (I don't remember if captcha was involved at all) to add his/her emitting address to a whitelist.
The solution worked: the few user communicating from within this range were still able to communicate, while at the same time the spam was drastically reduced.
So google might try doing the same with federated XMPP invite:
- if only one side (= the foreign) has sent a request to the other
- and the invite comes from a spammy source
- first ask a captcha before forwarding the invite to the users' client.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]