Open kousu opened 7 years ago
The "adding cheogram.com
as a contact can count as consenting to receiving messages from any JID hung off it" point is indeed an option on some servers. For example, ejabberd has an allow_transports
option now that does this:
https://github.com/processone/ejabberd/commit/dfd2045523f5c6814a460692ba902aa08dd62df8
However, this does require the user's server have it enabled. So we still need to proceed with the "go nag the riseup.net admins and every other admin on every other server" point in parallel.
With riseup.net, at least, having cheogram.com
on your roster does not authorize messages from user@cheogram.com
. So we'd need to get people to make code changes on their servers.
I think the only changes we can make fully on our side is sending a full subscription request before each message. Even using XEP-0321 means convincing server ops to install a new module.
Notable that ejabberd's definition of "transport" is just if the contact's server is in the roster. Which is probably a fine definition, tbh, despite almost totally sidestepping the spec in XEP-100.
They could also do disco to see if the identity has a category of gateway... but that seems like overkill for what the feature enables :)
Today we discovered that riseup.net is one of those servers where you can't receive messages from people not on your roster. Roster-locking ((is that the right name for this feature)) is a harsh but de facto effective anti-spam measure. Trouble is, this interacts super poorly with SMS, which has no concept of authenticated messages, and isn't meant to: the design was always to allow anyone to contact anyone.
For geeks self-hosting their own servers roster locking is a conscious choice, so for those users we can probably assume they are happy only receiving texts from "friends", but let's add a FAQ entry...somewhere...probably both on https://cheogram.com and on https://jmp.chat... reminding people about this snag.
But with a public server like riseup.net there is no way to expect users to understand why messages aren't coming through, and even if we explain I foresee this being basically a dead-end for most users: they need to manually add everyone who texts them? balderdash!
Here was my experience:
There's a warning on the JMP sign up page about this:
but that only covers one number, @ossguy's company number 416-993-8000. It also wasn't that obvious how to make use of this information, which is why I think you should make the Retry Button more prominent too.
I think it would be better if we could work around this issue on our end; there's gotta be lots of servers with roster-locking enabled, and silently failing JMP with them is the sort of thing that drives people into centralized servers.
I see some solutions:
cheogram.com
as a contact can count as consenting to receiving messages from any JID hung off it; addingcheogram.com
is a part of the signup process --- though it's buggy with Gajim. This depends on the receiving side agreeing though, and I'm not sure it's spec'd anywhere, so there's some research to be done here.cheogram.com
advertises itself as a gateway (however that's done, I don't fully understand XEP-100) and gateways on rosters get special dispensation from the firewall<presence type='probe'>
requests that happen when a client signs injmp-register
or other signup, send a big warning by every channel available to use with a link to a FAQ with super clear instructions.I dunno, maybe the sort of people who use riseup.net will appreciate the opaque wall against strangers texting them. Maybe this is all a moot point, except for educating users about the features.
Myself, I think
mod_remote_roster
is the best option. Both prosody and ejabberd have support (though I think prosody's support is buggy, but we can patch that) and it smells the nicest and politest protocol. I would still be worried about handling if someone explicitly removes a texting contact: are they doing it to block, or just to tidy up their roster? If the former, should we support them, or recommend they use blocking instead? What if their server doesn't havemod_blocklist
?Sending subscription requests before every message has better backwards compatibility support --- i.e. it works everywhere right now, forever --- but could get super noisy if a user wants to reject a contact. It could also provides a better experience in some ways: "+1<number> would like to message you. Do you accept?"
Related: https://gitlab.com/ossguy/jmp-register/issues/12