Hi,
Please engage with your ideas!
Background:
A trend on Skype over the last year has been our customers have been receiving both random invitations (usually sex, bitcoin, or some other scam) and been made a part of conversations that they did not join with any action or expressed interest. Most of these were bitcoin with what it looks like were sent to a lot of accounts. It is not trivial to delete these conversations as there were sometimes 100’s received by my skype users. And yes, Skype is departing the scene so that is why this post is being made. Individuals had the option under Privacy to include or not their profile in the lookup/search results, this was set to NOT include which makes it a mystery even more how this happened.
I see that I can test whether there is an account names with no effort using the name server api.
So there does not seem to be protection from running a program to generate and test for account names with the api, perhaps there are query limits and timing that can help?
Once an account username has been discovered, an invitation and message can be sent. This is normal for most, but the customer/client machines we are concerned about will be unattended (auto answer set to on), so while there should be no attacks possible through these vectors, rarely is that the actual case. If thousands of invitations are received, does this impact the operation of Jami, are there any cracks in the armor of good programming? While our use case is unattended, perhaps there are those who would prefer to not have to cleanup regular unwanted invitations and messages?
It appears to me that there is no security layer to apply to restricting the lookup of my Jami username (configured by my Jami client). Is this correct?
If there were, essentially the name server would have to see a bit set and a Jami account credential of some sort (perhaps a key) would relay the query to my Jami for approval to release. This of course could be detected by timing analysis if no provisions are made in the name server handling. And this possibly would complicate DHT for call/ringing.
I have two ideas since modification of the name server api and DHT are not likely:
(1) Is it possible to have a client side switch to discard non-whitelisted invititations/messages on my machine? I dont want any communications outside of my trusted contacts. I assume that if any invitation is ignored for more than the DHT hold time, it will be dropped. The originator may still hold data but I dont think we are concerned with the offender.
(2) How to whitelist/setup my contacts? Is it possible that if we have client side discard switch that once contacts are sync’d nothing else is needed?
Currently Jami relevant contact settings are in two locations
a. right clicking on the contact in the left pane
“Leave Conversation”
“Block Contact”
b. clicking on Contact Details - Settings
“Mute Conversation”
“Leave Conversation”
“Conversation Type”
Looking in the docs.jami.net
We will find “Banned Contacts”
I am not clear on existing implemented functionality as follows:
What are the actions/effects both my client side and the other conversation participant(s) of muting and leaving a conversation?
e.g. if I have notifications turned off, then muting has no effect? Messages will still appear and be stored on my client?
e.g. If I leave a conversation does this delete both the message store and the conversation item in client gui left pane?
If I block a contact, is this the same as a banned contact?
What are the actions/effects both my client side and the now blocked contact?
e.g. Do I see the blocked contact in my client gui left pane?