×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Begins Blocking Third-Party Jabber Invites

Soulskill posted about a year ago | from the you-don't-want-to-talk-to-those-people-anyway dept.

Google 92

New submitter kxra writes "Do you have a federated jabber instant messaging account that never gets responses from Google accounts anymore? Or do you have a Gmail account that a friend has been unable to invite from their 3rd party Jabber account? The Free Software Foundation reports, 'Google users can still send subscription requests to contacts whose accounts are hosted elsewhere. But they cannot accept incoming requests. This change is akin to Google no longer accepting incoming e-mail for @gmail.com addresses from non-Google domains.' This sounds like something Facebook would try in order to gain even tighter control over the network, but they never even federated their Jabber service to begin with. According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

92 comments

No Subject (1, Insightful)

Anonymous Coward | about a year ago | (#43186007)

This is great because I keep receiving spam invites on one of my GMail accounts.

Re:No Subject (1)

sagematt (1251956) | about a year ago | (#43186071)

Amen to this. The spam invites are getting increasingly annoying. I'm also ok with this development because it's not like Google is advertising their GTalk service as Jabber in the first place. You could always open a Jabber account somewhere else if you still want to communicate with other users running third-party Jabber accounts.

Re:No Subject (4, Insightful)

asavage (548758) | about a year ago | (#43186183)

Yeah this is good news. I had to disable google talk invitation notifications on my phone as I was getting spam notifications daily.

Re:No Subject (1)

Anonymous Coward | about a year ago | (#43186321)

Google is doing this as a lazy way to handle a spam problem.

I'll be happy to learn a non lazy way to stop spam from domains you don't control. I'm not an expert in XMPP, but this sounds much like graylisting from SMTP: if your server has a high spam ratio, I will throttle you until the ratio drops. As long as Google has implemented per domain limits, and still accepts requests from non-spammy domains, it looks legit.

Re:No Subject (1)

Technician (215283) | about a year ago | (#43188497)

I've not had a spam problem with Gtalk or my SIP account with a Google Talk gateway. This means that I can't pick up my VOIP phone anymore and speed dial a Gtalk user.

This has very little impact as there are very few who have Gtalk and not Skype. I can call and be called with the Skype gateway instead.

Instructions:

To call from ippi to Skype, dial "skype_username@skype.ippi.com" then start the call

I guess calling Gtalk users may be broken now.

Instructions:

To call from ippi to Gtalk, dial "google_username@gtalk.ippi.com" then start the call

Re:No Subject (1, Troll)

beelsebob (529313) | about a year ago | (#43186945)

Haha, the great and mighty google who can do no wrong strikes an enormous blow against a standardised protocol, and against open communication, and slashdot's response is "this is great".

Fucking hypocrites.

Re:No Subject (0)

Anonymous Coward | about a year ago | (#43187573)

try preparation H, it helps the butthurt

Re:No Subject (0)

Anonymous Coward | about a year ago | (#43195909)

As long as it stops the spam invites, I don't give a shit if it blocks off the 10 people with legit, non-Google Jabber accounts.

Re:No Subject (0)

Anonymous Coward | about a year ago | (#43195895)

Yep, me too. Despite the negative spin thrown into the highly biased and myopic summary, this is a fantastic change. I don't care about non Google Jabber and neither do most people. This change allows Google to handle any kind of abuse.

Re:No Subject (1)

Anonymous Coward | about a year ago | (#43201915)

"And neither do most people" - And this is based on what statistically valid research?

Let me put it another way: Those who know enough about computers to know that Google chat is based on Jabber, will care. Those who don't, won't, but they should. Having 30 different chat systems is obviously annoying and inefficient. We have *one* email system, where people have different domains but they work between each other - and this works very well in most ways. Jabber allows a similar system. In fact, I use this because, f.e. some of my customers have chat servers and my company has their own - but they can talk in-between, and to Gmail chat too!

And, Slashdot is supposed to be a place for "news for nerds", which means by definition: "The kind of people who care about Jabber".

Just wait... (3, Insightful)

daitengu (172781) | about a year ago | (#43186031)

Countdown to those with bad reading comprehension wondering why the story isn't about Google not accepting e-mail from non-@gmail.com accounts.

Re:Just wait... (4, Insightful)

Hatta (162192) | about a year ago | (#43186301)

What's the significant difference? Isn't refusing jabber messages from non-google account just as bad, and bad for the same reasons, as refusing email from non-google accounts?

Re:Just wait... (0)

hawguy (1600213) | about a year ago | (#43186407)

What's the significant difference? Isn't refusing jabber messages from non-google account just as bad, and bad for the same reasons, as refusing email from non-google accounts?

The significant difference between blocking email and blocking jabber requests is that when you find that your jabber request is blocked, you can ask the person on the Google side to send you a request from their end, and from then on you can communicate with them.

It's kind of like if Google silently blocked external emails and the most reliable way to make sure your message got through would be to ask the recipient to add you to their address book. Oh wait, they already do that.

Re:Just wait... (4, Insightful)

Hatta (162192) | about a year ago | (#43186573)

The significant difference between blocking email and blocking jabber requests is that when you find that your jabber request is blocked, you can ask the person on the Google side to send you a request from their end, and from then on you can communicate with them.

What happens if everyone implements this policy of denying all foreign requests?

Re:Just wait... (1)

kasperd (592156) | about a year ago | (#43186625)

What happens if everyone implements this policy of denying all foreign requests?

If it is done in a sensible way, you will still be able to communicate, as long as both parties invite each other.

Re:Just wait... (1)

Hatta (162192) | about a year ago | (#43186713)

This still requires some sort of coordination before the fact through a secondary communication channel. Can you imagine if the post office and phone company worked that way? There has to be a better solution.

Friend codes (1)

tepples (727027) | about a year ago | (#43186769)

Multiplayer on Nintendo video game consoles already works this way: nobody can communicate unless players have exchanged friend codes out of band. In fact, some games such as Animal Crossing series don't allow play with strangers at all.

Re:Friend codes (0)

Anonymous Coward | about a year ago | (#43187151)

And EVERYONE loves nintendo's online services; I think they were universally seen as the best of the last generation

Re:Friend codes (0)

Anonymous Coward | about a year ago | (#43260119)

Multiplayer had worked that way. with nintendo network you don't do that anymore, you can friend anyone using your network id they rolled it out with the Wii U. I have a bunch of friends from playing AC3 multiplayer on there

Re:Just wait... (1)

bragr (1612015) | about a year ago | (#43186931)

Getting someone's mailing address, email address, or jabber address requires a secondary communication channel anyway. When is the last time you emailed someone to find out what their email address what?

Re:Just wait... (1)

hawguy (1600213) | about a year ago | (#43186951)

This still requires some sort of coordination before the fact through a secondary communication channel. Can you imagine if the post office and phone company worked that way? There has to be a better solution.

I'm imagining the phone company working that way, and it sounds like a good way to get rid of the unsolicited telemarketing calls. If the only callers that can reach me are ones that I've shared my phone number with through some other communication channel, then I wouldn't get any unsolicitied telemarketing calls.

Worse than the telemarkers...apparently the guy that used to have my number had some problems with paying bills, I still get calls from creditors looking for him. I've had this number for 2 years now, maybe he's still giving it out.

It might make it harder for some people to reach me, but I turn my phone off at night due to too many early morning calls and often silence and ignore the phone when it rings, so it's already harder for some people to reach me, even people that I want to reach me.

Re:Just wait... (1)

aztracker1 (702135) | about a year ago | (#43188387)

I was getting 8-10 recruiter calls a day at my old cell number about 2 years ago, I dropped it, and got a new number... feel sorry for the guy that got my old #

Re:Just wait... (0)

Anonymous Coward | about a year ago | (#43188493)

In my experience, debt collection agencies are just ass-backwards about updating their records. I've had to tell the *same* collection agency multiple times that person XYZ doesn't live here, and that they should stop calling.

I suspect that they're trying to see if I'm lying to them or something, and continue to try again a few times just in case.

Re:Just wait... (1)

AvitarX (172628) | about a year ago | (#43188405)

Google treats chat that way now though. When they started circles, they stopped auto adding, and limited chat to people in your circles I believe (i forget the specifics, but it got stricter).

Re:Just wait... (1)

kasperd (592156) | about a year ago | (#43189579)

This still requires some sort of coordination before the fact through a secondary communication channel.

That's still better than not being able to communicate at all. Most of the time you only want to chat with people who you have exchanged emails with beforehand anyway.

Re:Just wait... (0)

Anonymous Coward | about a year ago | (#43190485)

Then they'll have to start remembering either blocked or sent requests. If the other side initiates another request (despite not receiving the initial one), it should be allowed to go through.

Re:Just wait... (1)

DragonWriter (970822) | about a year ago | (#43187217)

What's the significant difference? Isn't refusing jabber messages from non-google account just as bad, and bad for the same reasons, as refusing email from non-google accounts?

It might be, if XMPP's level adoption and central role in online interaction were equivalent to email's. As its not, it might arguably be bad for the same reason (if you don't view the central role of email as part of the reason that it would be bad to do it for email), but its certainly not just as bad.

Re:Just wait... (0)

Anonymous Coward | about a year ago | (#43186379)

You mean the day I stop using gmail? I have 5 other email accounts...

Re:Just wait... (0)

rickb928 (945187) | about a year ago | (#43186433)

My Google email account gets incoming email from non-@gmail.com accounts all the damned time. What the hell is the problem? Am I not supposed to get emaI from the rest of the Internet or something? am I missign something? Am I alone in here? IS ANYBODY LISTENING? DOES ANYONE CARE?

How the hell do I contact Google and get this fixed? None of the phone numbers work, and no one answers their email! Seriously!

Re:Just wait... (0)

Anonymous Coward | about a year ago | (#43186771)

That's because everyone filters gmail as spam.

Re:Just wait... (0)

Anonymous Coward | about a year ago | (#43186815)

Well since the story is about jabber and xmpp stuff you probably should just go read the summary again until you understand it...

Re:Just wait... (0)

Anonymous Coward | about a year ago | (#43187305)

woosh.flac

Re:Just wait... (1)

Mister Liberty (769145) | about a year ago | (#43186989)

That's in fact how my mind construed it for a moment.
Why?

Because the other day I put a filter on my non-gmail domain mailbox
to send a copy from that mailbox to my gmail account, esp. so I
could read the mail from my tablet, while being away.

Then, for some mails coming in, I read those on the gmail account
from the desktop PC (to see if the filter was working).

Now, I noticed that having read them on the PC, the copies for some
reason never arrived in my gmail mailbox on my tablet, or I should
say, were totally unavailable and absent there, not in trash either.

Which leads me to this question:
Does gmail discard messages that were already read from a
different connection (assuming the tablet service has some slack
compared to the desktop PC delivery)?

Re:Just wait... (0)

Anonymous Coward | about a year ago | (#43187197)

If you're using POP to access your mailbox, some desktop clients are configured to delete the messages from the server after you read them. Check the settings for your email client, and also check the settings at gmail.com which has some different options for handling how emails are deleted for IMAP/POP.

Google has been quite evil this week (5, Interesting)

Meditato (1613545) | about a year ago | (#43186035)

1. Banning ad-blocker apps from the Google Play App store

2. Banning jabber invites

3. Killing Google Reader

They're too big to need to play nice with anyone.

Re:Google has been quite evil this week (5, Informative)

recoiledsnake (879048) | about a year ago | (#43186095)

You forgot them killing the open standard CalDAV support and replacing with their proprietary Calendar API.

http://www.zdnet.com/google-do-what-you-want-with-reader-but-dont-kill-caldav-7000012628/ [zdnet.com]

Re:Google has been quite evil this week (1)

LordLimecat (1103839) | about a year ago | (#43186413)

If you make a case to them that Calendar API doesnt meet your needs, they will give you a whitelisted account which has access to it.

Apparently too depreciating services and APs is evil. Of course, that would include basically every software maintainer out there...

Re:Google has been quite evil this week (0)

sdsucks (1161899) | about a year ago | (#43186633)

LOL, thanks. Was waiting for that.

Weren't you just harping on last month about how great Google is great at supporting open standards? Or was that another member of the "Righteous Google Defense Club"?

Re:Google has been quite evil this week (0)

LordLimecat (1103839) | about a year ago | (#43186853)

Im part of the "lets stop the slashdot knee-jerk mindless bashing" club. Google gets flak for doing things that they do better than all of their competitors, its absurd.

I see complaints about google privacy, while they are the ONLY major search provider doing SSL by default, and they quickly switched to RC4 in response to a CBC vulnerability.
I see complaints about their gmail in-email scanning, when all of their competitors currently or very recently did the same. At least google lets you opt out.
I see complaints about them stopping offering services that none of their competitors ever offered (yahoo does have a pretty decent RSS reader IIRC), because how dare they try to be fiscally responsible and discontinue unprofitable and unpopular services.

Get off your high horse, Google has no obligation to you beyond what you have paid for, and I know for a fact that that does not include Google Reader or anything on the Play market because neither of those services are paid.

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43186923)

Hurr durr lets defend an ad network. They must have the general publics best wishes in mind!

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43187019)

Switching to RC4 was totally irresponsible. Hailing them for that...

Re:Google has been quite evil this week (1)

LordLimecat (1103839) | about a year ago | (#43187091)

AES-CBC has a number of known vulnerabilities, and in certain circumstances RC4 can be more secure (in the sense that theres fewer known real-world attacks on it).

My understanding is that It is considered worrying because it is quite fast and that leads to concern that there may be flaws in it or easy cracks, but so far its held up OK.

Certainly after a number of recent attacks, the recommendation was to switch to RC4.

Re:Google has been quite evil this week (1)

Bert64 (520050) | about a year ago | (#43189325)

RC4 also has known weaknesses, there was a story just this week:
http://yro.slashdot.org/story/13/03/14/1839239/cryptographers-break-commonly-used-rc4-cipher [slashdot.org]

Re:Google has been quite evil this week (1)

LordLimecat (1103839) | about a year ago | (#43191555)

Right, but as this occurred AFTER google switched to RC4 all those months ago, its silly to claim it was bad security to do so; and seeing as this vulnerability relies on the exact same message being sent with the same key ~a billion times, its fairly minor to work around.

Re:Google has been quite evil this week (0)

sdsucks (1161899) | about a year ago | (#43188625)

Waaaah panty boy.

I'm not on any high horse - as I've said repeatedly, I stopped using Google services about a year ago now.

Are you sure you're not paid for this? You must have spent hours today defending their dickish move.

Re:Google has been quite evil this week (1)

Richy_T (111409) | about a year ago | (#43192273)

Quite often those services *were* being offered by non-Google companies until Google bought them up.

I'm sad for what they did to deja-news

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43188253)

Damn Microsoft shills. You are everywhere.

Re:Google has been quite evil this week (1)

sdsucks (1161899) | about a year ago | (#43188645)

Son, I'm a shill for myself and that's about it.

Does it shock you that I don't pledge allegiance to any large corporation?

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43188653)

I've been a loyal fan of Google for some time now, but it has been going to hell in a handbasket for a few years now, since upper management changed. They slowly have been destroying their own foundations and I think not too long from now, if there isn't a change in management, Google will slip away.

I've looked to Google as a sane counterbalance to all the problems with Apple and Microsoft, but it seems like at least since Larry Page took over, it's been all downhill. Why, really, should I support Google any more than Apple or Microsoft if they're supporting open standards even less than the other two?

This is maddening, to be honest. I hate Apple, but I'm worried I'll be driven to it as the best of a bad lot. Google needs to change its management, and fast.

Help, Samsung?

Re:Google has been quite evil this week (-1)

Anonymous Coward | about a year ago | (#43186221)

When google started, the internet was still a "nerdy place", with the majority of people using google being nerds themselves, and using obscure (in relation to the general population) services like "RSS Readers".

That's not the case anymore. The internet truly does involve everyone now. As the user base expands to the general consumer, the importance of pleasing the nerds shrinks.

If you're a business, you follow the money. That is your life blood. That's all that's important.

Re:Google has been quite evil this week (0, Flamebait)

Intrepid imaginaut (1970940) | about a year ago | (#43186255)

Google is a marketing company. That they've gotten the traditionally anti-marketing geek contingent on side just means they are a very good marketing company.

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43186919)

A terrible marketing company.

Them killing all of these things just shows how terrible Google have actually become in recent years.
Waaah, we can't monetize iGoogle. Yes, can't monetize it indeed, no space anywhere for ads or anything. [minus.com]
Waaah, we can't monetize Reader, you know I can't even be bothered taking a picture of it.
They are just flat-out terrible now. It is embarrassing.

They also can't even advertise their own damn products.
Ask any single person you know if they know what Orkut is. Or many of their other smaller services. They are smaller for a reason, they don't advertise the damn things.
Putting stuff behind "more..." is not a good way to advertise things. At all.
So many of the things in Google Labs were useful as hell and would have been helpful for SO MANY PEOPLE, but they never advertised the damn things so they died, and then Google Labs died, and then things that were in trial outside of Labs died, then still fairly popular things were killed because they are stupid.

I'm soon for moving all my crap away from them. At this rate they will kill them selves as a public entity.
Absolute embarrassment now. What the actual hell happened to them? Where did all those bright minds go? HELL, where did the even remotely smart people go? Surely Google isn't now employed by complete generic morons who get spat out of college every semester?
I'm sort of glad I never bothered sending an application in to them. Even if I was accepted and was still there for years.

Evil makes money (0, Flamebait)

Anonymous Coward | about a year ago | (#43186269)

I own Google stock. The eviler Google gets, the richer I get.

You, too, can profit from Google's evil.

Re:Evil makes money (1)

TheRaven64 (641858) | about a year ago | (#43190099)

Google stock is down 7.24 on yesterday and down 24.3 since two weeks ago, so how's that working out for you?

Re:Google has been quite evil this week (5, Insightful)

LordLimecat (1103839) | about a year ago | (#43186397)

Apparently, its evil to decide that its no longer worth providing a free service that youve provided for years, and giving your users several months to take an export of their data.

Likewise, apparently its evil to stop allowing users to host apps which undermine your core businesses on your freely provided marketplace.

Of course, given that you never offered a free RSS reader or marketplace to begin with, wouldnt that make you more evil than Google?

Re:Google has been quite evil this week (-1, Troll)

sdsucks (1161899) | about a year ago | (#43186697)

1) You do realize that many many people and organizations PAY for Google services, right?
2) People have organized their lives, businesses and information based on Googles products - which they pay for. Dropping those services is a hassle.
3) Weren't you harping on here recently about how Google is great for supporting open standards? Why are they dropping this IETF standard then? (CalDAV)
4) Your final argument is absurd.

Do you get paid to be a member of the "Righteous Google Defense Club"? Or do you volunteer to be a blind idiot?

Once again, I am glad I dropped Google services awhile ago.

Re:Google has been quite evil this week (4, Insightful)

LordLimecat (1103839) | about a year ago | (#43186831)

1) As they dont pay for Google Reader or Play market, thats irrelevant.
2) So once someone offers a free service, you demand that they offer it forever? Sounds reasonable.
3) Yes, I was remarking on how you can go to www.dataliberation.org in the next several MONTHS and get your data out. Have you ever tried getting your data out of AOL or Hotmail or someone else's systems? It tends to be a royal PITA. Never with Google, they always have at LEAST a CSV export.

But if you want to be both a beggar AND a chooser, dont let me stop you.

Re:Google has been quite evil this week (1)

aztracker1 (702135) | about a year ago | (#43188449)

They never gave an option to pay for Reader... now migrated to NewsBlur (paid account, and since they stopped the free account signup (temporarily), it's actually usable... I'm really afraid that Google Voice will be next, without a paid option there.. I'd pay $25-50/year for google voice. I'm paying $24/year for newsblur. Without iGoogle, and Reader, I have very little reason to use google at all... My homepage is google for iGoogle... I was considering changing my homepage to Reader, since that is about 1/4 of what I use on iGoogle... now that that is gone.. well.. may as well move on for search too.

Re:Google has been quite evil this week (-1, Flamebait)

sdsucks (1161899) | about a year ago | (#43188593)

Ummm. So if I pay for Google Apps for a domain I am a beggar and a whiner?

Your a little bitch, basically - go fuck yourself with a 2x4.

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43190215)

Was Google Reader included in the terms of your contract for that Google Apps? No? I thought so.

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43201945)

Look I really love Google and all... but they decided one day to kill the files feature on Google groups. By the time I remembered to go in do download the files, they were gone. My fault for not being faster? Maybe, but they could have like preserved them for the maintainer of the group, converted them to Google Docs, or... something.

Re:Google has been quite evil this week (-1, Flamebait)

nazsco (695026) | about a year ago | (#43189307)

Yes it is. If it were Microsoft you'd be shouting "bait and switch" but since it's Google, you ddrop your pants..

Re:Google has been quite evil this week (1)

LordLimecat (1103839) | about a year ago | (#43191587)

Not really; I used Live Mesh for a few months till they discontinued it and while i was certainly disappointed (as there is no comparable solution out there), I dont blame Microsoft for having provided that service.

Likewise I use Microsoft's antivirus, and if they choose to discontinue that too, I think it would be foolish but im not going to get "angry" at them as if they owed it to me. They owe me the things I pay for, and when they fail to deliver on THOSE, then I get annoyed.

WIth great(er) power ... (0)

Anonymous Coward | about a year ago | (#43191405)

comes great(er) responsibility. So yes, Google does have much more responsibility to maintain what they have created than joe poster on slashdot. Infinitely more.

I rarely (read basically never) sign up for or use any "free" or even paid services, precisely because the effort I put into integrating them into my life is not worth the hassles when these services are (inevitably) changed, removed, "upgraded" or otherwise rendered useless or too difficult to deal with for any perceived benefit.

There is too much more to do in life - read, watch movies, take courses, cook, take walks, spend time IRL with family and friends.

Email and webpages, perhaps with comments sections, are plenty. Everything else is just corps. trying to suck up my time and monetize me.

Re:Google has been quite evil this week (1)

lemur3 (997863) | about a year ago | (#43186531)

"How much evil must we do in order to do good? We have certain ideals, certain responsibilities. Recognize that at times you will have to engage in evil, but minimize it."

-ROBERT S. McNAMARA

http://www.errolmorris.com/film/fow_transcript.html [errolmorris.com]

Re:Google has been quite evil this week (1)

russotto (537200) | about a year ago | (#43188483)

"How much evil must we do in order to do good? We have certain ideals, certain responsibilities. Recognize that at times you will have to engage in evil, but minimize it."

-ROBERT S. McNAMARA

Architect of the US involvement in Vietnam. Who next, Dick Cheney?

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43188053)

They are apparently not just killing Google Reader either, they are declaring war on RSS itself [techcrunch.com] it seems.

Are they making a move towards turning their services and established userbase, into a giant walled garden, like Apple/Microsoft?

Re:Google has been quite evil this week (0)

Anonymous Coward | about a year ago | (#43189557)

What do you expect from a company that falsely goes around saying they are all about your internet freedoms, only to grab you by the throat and pin you down.

There a bulls**t company and no better then the idiots at Apple, or MS, there Analdroid "open source"? Is no where close to "open source". I should be able to do what I want to the OS, and yet they make sure I can't, or anyone else for that matter.

The should just team up with the government, oh wait they are, since the government also gives you the illusion, you have any freedoms...

Not as terrible as you might think. (0)

Anonymous Coward | about a year ago | (#43186079)

Yes this does break the infrastructure of Jabber. In the long run, no this is not a good solution. However, what percent of gchat functionality comes from third party jabber networks and how much spam was originating from that vector?

I knew an admin who ran a small town's municipal network and website who out of the blue began to be attacked. While nothing was compromised, he changed the routing to blackhole anything from the Eastern European country most of it was originating from. A week or so later he unblocked the range and the attack had passed. This fundamentally broke how those systems interacted with the Internet, but in the scope of the services provided and the qualities of the attack it was a measured solution.

It's a metaphor and Google is in a different boat, but it does not take long to tarnish a brand as "gets spam" and probably a diminishing number of people federate out to Google. In general, I'd put away the pitchforks for now and see how they address the spam problem going forward.

Re:Not as terrible as you might think. (1)

andymadigan (792996) | about a year ago | (#43200689)

What percentage of e-mail sent to you is spam?

Percentages aren't useful when talking about spam.

TFS last sentence untrue (5, Insightful)

DragonWriter (970822) | about a year ago | (#43186133)

According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem.

Nothing in that conversation says that Google is doing this (not actually blocking all foreign invites, but sharply limiting the number from each foreign domain) as a lazy way to handle a spam problem; that conversation points to an extremely large spam invite problem, and discusses potentially needing to do it if the operators of the federated domains from which the spam is originating cannot address the problem. It also addresses some of the steps taken by operators of those domains to address the problem (as of the most recent message I can find, it also seems like those methods have not yet been dealt with the problem.)

It very much sounds like the goal is to deal with the problem with the other service operators, but to take immediate steps to stem the flow of spam until an acceptable resolution is attained. The author of TFS may think this is "lazy", but it is not accurate to attribute that description to the email thread.

Re:TFS last sentence untrue (5, Interesting)

Anonymous Coward | about a year ago | (#43186259)

Posting AC for obvious reasons.

I run the helpdesk for a medium-sized email service (~350,000 users) that also provides federated XMPP service. We've had users complaining for several days that they while they can IM users at Google Talk, they can't request presence notifications (e.g. requesting to see if a buddy is online, away, etc.). They're able to chat with Google Talk users but can't see if they're online or not, which is a major issue. We've been really annoyed as we thought it was an issue on our end and assumed that Google knew what it was doing when it came to operating large-scale XMPP service.

It's wasted a lot of our admin time and resulted in frustrated users.

It's one thing to do a temporary ban of servers that are emitting gobs of spam or spammy invites, but it's a different thing to start blocking basic XMPP functions like requesting authorization for presence notifications. It's even more of an entirely different thing to block auth requests from the entire internet.

Re:TFS last sentence untrue (0)

dacarr (562277) | about a year ago | (#43186349)

What you said, DragonWriter. I have my doubts that this is a lazy way out - more a way of stopping it until a better answer is found.

Re:TFS last sentence untrue (5, Informative)

johnsu01 (759478) | about a year ago | (#43186377)

I know it says rate-limiting, but from our logs, the accepted rate appears to be 0. We don't have that many users; certainly not enough to trigger a rate limit in the scope of the kind of rate they would be worried about. And while we did not say "lazy" in the original article, but rather expressed our sympathies for having to grapple with the spam problem, this is not an acceptable solution. As other commenters are pointing out, this is essentially shifting the burden to much smaller entities, who now have to respond to their users' complaints. If Google would publicly describe the problem, and the scope of it, and publicly explain what they are *actually* doing, then the rest of us could help find a solution. Right now, this definitely looks like "easiest way out for us, broader principle of federation and workloads of other entities be damned."

Re:TFS last sentence untrue (1)

DragonWriter (970822) | about a year ago | (#43186439)

And while we did not say "lazy" in the original article, but rather expressed our sympathies for having to grapple with the spam problem, this is not an acceptable solution.

I don't disagree with you that (presuming this is a solution rather than an interim damage control measure) that its not an acceptable solution. My issue was with the summary attributing the summary author's editorializing to the mailing list thread discussing the problem, rather than taking ownership of the editorializing (or, better, leaving the editorializing out entirely and letting readers form their own conclusions.)

Maybe a better solution exists (0)

Anonymous Coward | about a year ago | (#43186725)

Perhaps there needs to be a mechanism for a server to reject the request, in such a way as to say: "too many untrusted/unauthenticated connection attempts. Try your request later." Until then, oh well. Spammers ruin it for everyone.

Re:TFS last sentence untrue (1)

Anonymous Coward | about a year ago | (#43186483)

According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem.

Nothing in that conversation says that Google is doing this (not actually blocking all foreign invites, but sharply limiting the number from each foreign domain) as a lazy way to handle a spam problem; that conversation points to an extremely large spam invite problem, and discusses potentially needing to do it if the operators of the federated domains from which the spam is originating cannot address the problem. It also addresses some of the steps taken by operators of those domains to address the problem (as of the most recent message I can find, it also seems like those methods have not yet been dealt with the problem.)

You're mistaken. Please read this thread:

http://mail.jabber.org/pipermail/operators/2013-March/001608.html [jabber.org]

Re:TFS last sentence untrue (1)

DragonWriter (970822) | about a year ago | (#43187269)

You're mistaken.

No, I'm not.

Please read this thread:

http://mail.jabber.org/pipermail/operators/2013-March/001608.html [jabber.org] [jabber.org]

I did. It, as I said before, doesn't say what TFS characterize it as saying (that its a lazy way of preventing spam). It does say its about preventing spam, and it does say that the current implementation is a part of a rapidly-evolving strategy. It also says that (from one side) its bad because some details of the way it has been implemented are not RFC-compliant, and (from the other) that the non-RFC-compliant elements are going to be addressed in the very near term.

Just Run Your Own XMPP Server (-1)

skavoovie5 (1018244) | about a year ago | (#43186137)

Just run your own XMPP server and be done with it. Problem solved. Better security and trust this way anyway.

Re:Just Run Your Own XMPP Server (0)

Anonymous Coward | about a year ago | (#43186291)

That doesn't help if they're blocking invites from the entire internet, rather than just from spammy servers or users.

Re:Just Run Your Own XMPP Server (1)

DragonWriter (970822) | about a year ago | (#43186457)

That doesn't help if they're blocking invites from the entire internet, rather than just from spammy servers or users.

Actually, running your server is a step toward solving that, but not the whole solution. The other parts of the solution are [a] getting people to use your server rather than Google's, and [b] solving the spam problem that Google is addressing by some other, more federation-friendly, means.

Re:Just Run Your Own XMPP Server (2)

Hatta (162192) | about a year ago | (#43186323)

And what if you wish to speak with someone who uses Google's XMPP service?

Re:Just Run Your Own XMPP Server (1)

FireFury03 (653718) | about a year ago | (#43189359)

And what if you wish to speak with someone who uses Google's XMPP service?

The same thing that happens if you want to email someone who's email provider is blocking all incoming emails - you tell them their service provider is being a dick and that they need to change to one of the many other service providers out there who aren't being almighty bellends....

Re:Just Run Your Own XMPP Server (1)

mccrew (62494) | about a year ago | (#43186569)

Sorry, but I have a full time job already. Don't need another one. :)

Re:Just Run Your Own XMPP Server (1)

TheRaven64 (641858) | about a year ago | (#43190125)

Running an XMPP server doesn't take much effort. I've been running an eJabberd server for about 6 years and was running jabberd 1 before then. The original jabberd took a reasonable amount of configuration effort, but ejabberd (especially if you use mnesia) requires almost none: just install it, tell it your domain, and either enable in-band registration or manually add users. That's basically it. Pull in any security updates as they appear (your operating system's package manager should handle this) and you're good. It's no harder than running a mail server.

CAPTCHA (5, Interesting)

ensignyu (417022) | about a year ago | (#43186289)

Maybe instead of silently dropping invitation requests, Google should send a rejection notice (regardless of whether the target Gmail account exists, to prevent probing) with a link to a CAPTCHA; completing the captcha would allow retrying the request.

Given their track record, I'd be surprised if Google bothers to implement this kind of non-lazy approach to re-enable interoperability, though.

Re:CAPTCHA (5, Insightful)

ensignyu (417022) | about a year ago | (#43186541)

Just to be clear, I'm sure the engineers at Google are trying to do what they can do deal with the spam problem, as quickly as they can.

I'm just feeling cynical about Google's motives and actions after what they've done with Google Reader, CalDAV, etc. Yeah, they're a for-profit corporation, but it's disappointing how they seem to be moving away from open standards.

At this point, it seems like they're looking around and saying: "Hey, we have a proprietary solution, and an open solution, but it costs extra to maintain both. If we shut down the open solution, we save money and get extra lock-in too. It's win-win! -- for us, at least."

So I'm slightly worried that when a situation like this comes up, the managers at Google (or managers' managers, or wherever the directive is coming down from) are just going to say "do the minimum amount of work and get back to that other project we have you working on", where implementing solution that's good for the users is not a priority.

Email CAPTCHA (1)

DrYak (748999) | about a year ago | (#43226763)

Interestingly, that's exactly the policy implemented by one of my former university against email spam coming from a few large and very spammy IP blocks.
(I think these IP blocks were somewhere in China).
Very few users were actually communicating with them. But we got massive amount of spam coming from them.

The solution was to black list this IP range. But any rejected user got an answer asking a few very simple step (I don't remember if captcha was involved at all) to add his/her emitting address to a whitelist.

The solution worked: the few user communicating from within this range were still able to communicate, while at the same time the spam was drastically reduced.

So google might try doing the same with federated XMPP invite:
- if only one side (= the foreign) has sent a request to the other
- and the invite comes from a spammy source
- first ask a captcha before forwarding the invite to the users' client.

An Isolationist (0)

Anonymous Coward | about a year ago | (#43187003)

Google is becoming..

Change the client (0)

Anonymous Coward | about a year ago | (#43187729)

A better way would be to disable notifications on the client, but show a long list of spamny requests on demand. Not as good as having no spam, but it's the best way to go on an open system.

Long as I dont get spam (0)

Anonymous Coward | about a year ago | (#43191933)

I am OK with it.
Get a real gmail account.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...