Forgot your password?
typodupeerror
Google Communications Spam News

Google Begins Blocking Third-Party Jabber Invites 92

Posted by Soulskill
from the you-don't-want-to-talk-to-those-people-anyway dept.
New submitter kxra writes "Do you have a federated jabber instant messaging account that never gets responses from Google accounts anymore? Or do you have a Gmail account that a friend has been unable to invite from their 3rd party Jabber account? The Free Software Foundation reports, 'Google users can still send subscription requests to contacts whose accounts are hosted elsewhere. But they cannot accept incoming requests. This change is akin to Google no longer accepting incoming e-mail for @gmail.com addresses from non-Google domains.' This sounds like something Facebook would try in order to gain even tighter control over the network, but they never even federated their Jabber service to begin with. According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem."
This discussion has been archived. No new comments can be posted.

Google Begins Blocking Third-Party Jabber Invites

Comments Filter:
  • No Subject (Score:1, Insightful)

    by Anonymous Coward

    This is great because I keep receiving spam invites on one of my GMail accounts.

    • Re:No Subject (Score:5, Insightful)

      by asavage (548758) on Friday March 15, 2013 @04:53PM (#43186183)
      Yeah this is good news. I had to disable google talk invitation notifications on my phone as I was getting spam notifications daily.
      • by Anonymous Coward

        Google is doing this as a lazy way to handle a spam problem.

        I'll be happy to learn a non lazy way to stop spam from domains you don't control. I'm not an expert in XMPP, but this sounds much like graylisting from SMTP: if your server has a high spam ratio, I will throttle you until the ratio drops. As long as Google has implemented per domain limits, and still accepts requests from non-spammy domains, it looks legit.

      • I've not had a spam problem with Gtalk or my SIP account with a Google Talk gateway. This means that I can't pick up my VOIP phone anymore and speed dial a Gtalk user.

        This has very little impact as there are very few who have Gtalk and not Skype. I can call and be called with the Skype gateway instead.

        Instructions:

        To call from ippi to Skype, dial "skype_username@skype.ippi.com" then start the call

        I guess calling Gtalk users may be broken now.

        Instructions:

        To call from ippi to Gtalk, dial "google_username@g

    • Re: (Score:2, Troll)

      by beelsebob (529313)

      Haha, the great and mighty google who can do no wrong strikes an enormous blow against a standardised protocol, and against open communication, and slashdot's response is "this is great".

      Fucking hypocrites.

  • Just wait... (Score:4, Insightful)

    by daitengu (172781) * on Friday March 15, 2013 @04:39PM (#43186031) Homepage Journal

    Countdown to those with bad reading comprehension wondering why the story isn't about Google not accepting e-mail from non-@gmail.com accounts.

    • Re:Just wait... (Score:5, Insightful)

      by Hatta (162192) on Friday March 15, 2013 @05:05PM (#43186301) Journal

      What's the significant difference? Isn't refusing jabber messages from non-google account just as bad, and bad for the same reasons, as refusing email from non-google accounts?

      • by hawguy (1600213)

        What's the significant difference? Isn't refusing jabber messages from non-google account just as bad, and bad for the same reasons, as refusing email from non-google accounts?

        The significant difference between blocking email and blocking jabber requests is that when you find that your jabber request is blocked, you can ask the person on the Google side to send you a request from their end, and from then on you can communicate with them.

        It's kind of like if Google silently blocked external emails and the most reliable way to make sure your message got through would be to ask the recipient to add you to their address book. Oh wait, they already do that.

        • Re:Just wait... (Score:5, Insightful)

          by Hatta (162192) on Friday March 15, 2013 @05:40PM (#43186573) Journal

          The significant difference between blocking email and blocking jabber requests is that when you find that your jabber request is blocked, you can ask the person on the Google side to send you a request from their end, and from then on you can communicate with them.

          What happens if everyone implements this policy of denying all foreign requests?

          • by kasperd (592156)

            What happens if everyone implements this policy of denying all foreign requests?

            If it is done in a sensible way, you will still be able to communicate, as long as both parties invite each other.

            • by Hatta (162192)

              This still requires some sort of coordination before the fact through a secondary communication channel. Can you imagine if the post office and phone company worked that way? There has to be a better solution.

              • Multiplayer on Nintendo video game consoles already works this way: nobody can communicate unless players have exchanged friend codes out of band. In fact, some games such as Animal Crossing series don't allow play with strangers at all.
              • by bragr (1612015) *
                Getting someone's mailing address, email address, or jabber address requires a secondary communication channel anyway. When is the last time you emailed someone to find out what their email address what?
              • by hawguy (1600213)

                This still requires some sort of coordination before the fact through a secondary communication channel. Can you imagine if the post office and phone company worked that way? There has to be a better solution.

                I'm imagining the phone company working that way, and it sounds like a good way to get rid of the unsolicited telemarketing calls. If the only callers that can reach me are ones that I've shared my phone number with through some other communication channel, then I wouldn't get any unsolicitied telemarketing calls.

                Worse than the telemarkers...apparently the guy that used to have my number had some problems with paying bills, I still get calls from creditors looking for him. I've had this number for 2 years n

                • I was getting 8-10 recruiter calls a day at my old cell number about 2 years ago, I dropped it, and got a new number... feel sorry for the guy that got my old #
              • by AvitarX (172628)

                Google treats chat that way now though. When they started circles, they stopped auto adding, and limited chat to people in your circles I believe (i forget the specifics, but it got stricter).

              • by kasperd (592156)

                This still requires some sort of coordination before the fact through a secondary communication channel.

                That's still better than not being able to communicate at all. Most of the time you only want to chat with people who you have exchanged emails with beforehand anyway.

      • What's the significant difference? Isn't refusing jabber messages from non-google account just as bad, and bad for the same reasons, as refusing email from non-google accounts?

        It might be, if XMPP's level adoption and central role in online interaction were equivalent to email's. As its not, it might arguably be bad for the same reason (if you don't view the central role of email as part of the reason that it would be bad to do it for email), but its certainly not just as bad.

    • by rickb928 (945187)

      My Google email account gets incoming email from non-@gmail.com accounts all the damned time. What the hell is the problem? Am I not supposed to get emaI from the rest of the Internet or something? am I missign something? Am I alone in here? IS ANYBODY LISTENING? DOES ANYONE CARE?

      How the hell do I contact Google and get this fixed? None of the phone numbers work, and no one answers their email! Seriously!

    • That's in fact how my mind construed it for a moment.
      Why?

      Because the other day I put a filter on my non-gmail domain mailbox
      to send a copy from that mailbox to my gmail account, esp. so I
      could read the mail from my tablet, while being away.

      Then, for some mails coming in, I read those on the gmail account
      from the desktop PC (to see if the filter was working).

      Now, I noticed that having read them on the PC, the copies for some
      reason never arrived in my gmail mailbox on my tablet, or I should
      say, were totally u

  • by Meditato (1613545) on Friday March 15, 2013 @04:39PM (#43186035)

    1. Banning ad-blocker apps from the Google Play App store

    2. Banning jabber invites

    3. Killing Google Reader

    They're too big to need to play nice with anyone.

    • by recoiledsnake (879048) on Friday March 15, 2013 @04:44PM (#43186095)

      You forgot them killing the open standard CalDAV support and replacing with their proprietary Calendar API.

      http://www.zdnet.com/google-do-what-you-want-with-reader-but-dont-kill-caldav-7000012628/ [zdnet.com]

      • If you make a case to them that Calendar API doesnt meet your needs, they will give you a whitelisted account which has access to it.

        Apparently too depreciating services and APs is evil. Of course, that would include basically every software maintainer out there...

        • by sdsucks (1161899)

          LOL, thanks. Was waiting for that.

          Weren't you just harping on last month about how great Google is great at supporting open standards? Or was that another member of the "Righteous Google Defense Club"?

          • Im part of the "lets stop the slashdot knee-jerk mindless bashing" club. Google gets flak for doing things that they do better than all of their competitors, its absurd.

            I see complaints about google privacy, while they are the ONLY major search provider doing SSL by default, and they quickly switched to RC4 in response to a CBC vulnerability.
            I see complaints about their gmail in-email scanning, when all of their competitors currently or very recently did the same. At least google lets you opt out.
            I see co

            • by sdsucks (1161899)

              Waaaah panty boy.

              I'm not on any high horse - as I've said repeatedly, I stopped using Google services about a year ago now.

              Are you sure you're not paid for this? You must have spent hours today defending their dickish move.

            • by Richy_T (111409)

              Quite often those services *were* being offered by non-Google companies until Google bought them up.

              I'm sad for what they did to deja-news

    • Re: (Score:1, Flamebait)

      Google is a marketing company. That they've gotten the traditionally anti-marketing geek contingent on side just means they are a very good marketing company.

    • by LordLimecat (1103839) on Friday March 15, 2013 @05:18PM (#43186397)

      Apparently, its evil to decide that its no longer worth providing a free service that youve provided for years, and giving your users several months to take an export of their data.

      Likewise, apparently its evil to stop allowing users to host apps which undermine your core businesses on your freely provided marketplace.

      Of course, given that you never offered a free RSS reader or marketplace to begin with, wouldnt that make you more evil than Google?

    • by lemur3 (997863)

      "How much evil must we do in order to do good? We have certain ideals, certain responsibilities. Recognize that at times you will have to engage in evil, but minimize it."

      -ROBERT S. McNAMARA

      http://www.errolmorris.com/film/fow_transcript.html [errolmorris.com]

      • by russotto (537200)

        "How much evil must we do in order to do good? We have certain ideals, certain responsibilities. Recognize that at times you will have to engage in evil, but minimize it."

        -ROBERT S. McNAMARA

        Architect of the US involvement in Vietnam. Who next, Dick Cheney?

  • by DragonWriter (970822) on Friday March 15, 2013 @04:48PM (#43186133)

    According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem.

    Nothing in that conversation says that Google is doing this (not actually blocking all foreign invites, but sharply limiting the number from each foreign domain) as a lazy way to handle a spam problem; that conversation points to an extremely large spam invite problem, and discusses potentially needing to do it if the operators of the federated domains from which the spam is originating cannot address the problem. It also addresses some of the steps taken by operators of those domains to address the problem (as of the most recent message I can find, it also seems like those methods have not yet been dealt with the problem.)

    It very much sounds like the goal is to deal with the problem with the other service operators, but to take immediate steps to stem the flow of spam until an acceptable resolution is attained. The author of TFS may think this is "lazy", but it is not accurate to attribute that description to the email thread.

    • by Anonymous Coward on Friday March 15, 2013 @04:59PM (#43186259)

      Posting AC for obvious reasons.

      I run the helpdesk for a medium-sized email service (~350,000 users) that also provides federated XMPP service. We've had users complaining for several days that they while they can IM users at Google Talk, they can't request presence notifications (e.g. requesting to see if a buddy is online, away, etc.). They're able to chat with Google Talk users but can't see if they're online or not, which is a major issue. We've been really annoyed as we thought it was an issue on our end and assumed that Google knew what it was doing when it came to operating large-scale XMPP service.

      It's wasted a lot of our admin time and resulted in frustrated users.

      It's one thing to do a temporary ban of servers that are emitting gobs of spam or spammy invites, but it's a different thing to start blocking basic XMPP functions like requesting authorization for presence notifications. It's even more of an entirely different thing to block auth requests from the entire internet.

    • by dacarr (562277)
      What you said, DragonWriter. I have my doubts that this is a lazy way out - more a way of stopping it until a better answer is found.
    • by johnsu01 (759478) on Friday March 15, 2013 @05:15PM (#43186377) Homepage
      I know it says rate-limiting, but from our logs, the accepted rate appears to be 0. We don't have that many users; certainly not enough to trigger a rate limit in the scope of the kind of rate they would be worried about. And while we did not say "lazy" in the original article, but rather expressed our sympathies for having to grapple with the spam problem, this is not an acceptable solution. As other commenters are pointing out, this is essentially shifting the burden to much smaller entities, who now have to respond to their users' complaints. If Google would publicly describe the problem, and the scope of it, and publicly explain what they are *actually* doing, then the rest of us could help find a solution. Right now, this definitely looks like "easiest way out for us, broader principle of federation and workloads of other entities be damned."
      • And while we did not say "lazy" in the original article, but rather expressed our sympathies for having to grapple with the spam problem, this is not an acceptable solution.

        I don't disagree with you that (presuming this is a solution rather than an interim damage control measure) that its not an acceptable solution. My issue was with the summary attributing the summary author's editorializing to the mailing list thread discussing the problem, rather than taking ownership of the editorializing (or, better,

    • by Anonymous Coward

      According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem.

      Nothing in that conversation says that Google is doing this (not actually blocking all foreign invites, but sharply limiting the number from each foreign domain) as a lazy way to handle a spam problem; that conversation points to an extremely large spam invite problem, and discusses potentially needing to do it if the operators of the federated domains from which the spam is originating cannot address the problem. It also addresses some of the steps taken by operators of those domains to address the problem (as of the most recent message I can find, it also seems like those methods have not yet been dealt with the problem.)

      You're mistaken. Please read this thread:

      http://mail.jabber.org/pipermail/operators/2013-March/001608.html [jabber.org]

      • You're mistaken.

        No, I'm not.

        Please read this thread:

        http://mail.jabber.org/pipermail/operators/2013-March/001608.html [jabber.org] [jabber.org]

        I did. It, as I said before, doesn't say what TFS characterize it as saying (that its a lazy way of preventing spam). It does say its about preventing spam, and it does say that the current implementation is a part of a rapidly-evolving strategy. It also says that (from one side) its bad because some details of the way it has been implemented are not RFC-compliant, and (from the

  • CAPTCHA (Score:5, Interesting)

    by ensignyu (417022) on Friday March 15, 2013 @05:02PM (#43186289)

    Maybe instead of silently dropping invitation requests, Google should send a rejection notice (regardless of whether the target Gmail account exists, to prevent probing) with a link to a CAPTCHA; completing the captcha would allow retrying the request.

    Given their track record, I'd be surprised if Google bothers to implement this kind of non-lazy approach to re-enable interoperability, though.

    • Re:CAPTCHA (Score:5, Insightful)

      by ensignyu (417022) on Friday March 15, 2013 @05:36PM (#43186541)

      Just to be clear, I'm sure the engineers at Google are trying to do what they can do deal with the spam problem, as quickly as they can.

      I'm just feeling cynical about Google's motives and actions after what they've done with Google Reader, CalDAV, etc. Yeah, they're a for-profit corporation, but it's disappointing how they seem to be moving away from open standards.

      At this point, it seems like they're looking around and saying: "Hey, we have a proprietary solution, and an open solution, but it costs extra to maintain both. If we shut down the open solution, we save money and get extra lock-in too. It's win-win! -- for us, at least."

      So I'm slightly worried that when a situation like this comes up, the managers at Google (or managers' managers, or wherever the directive is coming down from) are just going to say "do the minimum amount of work and get back to that other project we have you working on", where implementing solution that's good for the users is not a priority.

    • Interestingly, that's exactly the policy implemented by one of my former university against email spam coming from a few large and very spammy IP blocks.
      (I think these IP blocks were somewhere in China).
      Very few users were actually communicating with them. But we got massive amount of spam coming from them.

      The solution was to black list this IP range. But any rejected user got an answer asking a few very simple step (I don't remember if captcha was involved at all) to add his/her emitting address to a white

Last yeer I kudn't spel Engineer. Now I are won.

Working...