[jitsi-users] Who's ringing my doorbell?


#1

I keep getting a request from someone on Jit.Si to authenticate with
him/her. I have no idea who is requesting this authentication. Is the
Jit.Si XMPP server open to search? If so is this the right way to go?
I would think that our anonymity would be the rule rather than the
exception.

- --
John Perry


#2

+1 I think if there isn't such option already, it would be nice if any
such request should feature below a "[ ] I don't know this person (IP
address), block this address from further requests".

So the user can continue his Jitsi usage and not be bothered anymore.

Just my $0.02, thinking aloud.
FC

···

On Fri, Jul 12, 2013 at 4:22 PM, John Perry <lists@jpunix.net> wrote:

Is the
Jit.Si XMPP server open to search? If so is this the right way to go?
I would think that our anonymity would be the rule rather than the
exception.


#3

Same just happened to me:
jackmp@jit.si
tester54321@jit.si
testerwset45@jit.si

···

Am 12.07.2013 22:22, schrieb John Perry:

I keep getting a request from someone on Jit.Si to authenticate
with him/her. I have no idea who is requesting this authentication.
Is the Jit.Si XMPP server open to search? If so is this the right
way to go? I would think that our anonymity would be the rule
rather than the exception.

_______________________________________________ users mailing list
users@jitsi.org Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

- --
Yannik V�lker


#4

I did the research. Jit.Si has the search module installed. Although
Jitsi itself does not support it, clients like Pidgin and others
support the "search" feature. This allows anyone with the proper
client to attach to Jit.Si and type in a "*" as the search phrase and
see all of the users that have accounts on the Jit.Si server. My
recommendation would be to disable/un-install this module. I have done
so on my own server at chat.jpunix.net

- --
John Perry - WX5JP
http://www.jpunix.net

···

On 7/12/2013 4:41 PM, Yannik V�lker wrote:

Same just happened to me: jackmp@jit.si tester54321@jit.si
testerwset45@jit.si

Am 12.07.2013 22:22, schrieb John Perry:

I keep getting a request from someone on Jit.Si to authenticate
with him/her. I have no idea who is requesting this
authentication. Is the Jit.Si XMPP server open to search? If so
is this the right way to go? I would think that our anonymity
would be the rule rather than the exception.


#5

Hmm ... we don't have this plugin installed there so searching users
should be impossible. Could it be that these are either legitimate
users, or they learned your address from elsewhere, or they simply
randomly fell on it?

Emil

···

On Fri, Jul 12, 2013 at 10:45 PM, Fernando Cassia <fcassia@gmail.com> wrote:

On Fri, Jul 12, 2013 at 4:22 PM, John Perry <lists@jpunix.net> wrote:

Is the
Jit.Si XMPP server open to search? If so is this the right way to go?
I would think that our anonymity would be the rule rather than the
exception.

+1 I think if there isn't such option already, it would be nice if any
such request should feature below a "[ ] I don't know this person (IP
address), block this address from further requests".

So the user can continue his Jitsi usage and not be bothered anymore.

Just my $0.02, thinking aloud.
FC

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31


#6

Your messages are all appearing twice on this mailinglist, you might
want to check your setup @jpunix.net

- --
Yannik V�lker

···

Am 13.07.2013 00:49, schrieb John Perry:

On 7/12/2013 4:41 PM, Yannik V�lker wrote:

Same just happened to me: jackmp@jit.si tester54321@jit.si
testerwset45@jit.si

Am 12.07.2013 22:22, schrieb John Perry:

I keep getting a request from someone on Jit.Si to authenticate
with him/her. I have no idea who is requesting this
authentication. Is the Jit.Si XMPP server open to search? If
so is this the right way to go? I would think that our
anonymity would be the rule rather than the exception.

I did the research. Jit.Si has the search module installed.
Although Jitsi itself does not support it, clients like Pidgin and
others support the "search" feature. This allows anyone with the
proper client to attach to Jit.Si and type in a "*" as the search
phrase and see all of the users that have accounts on the Jit.Si
server. My recommendation would be to disable/un-install this
module. I have done so on my own server at chat.jpunix.net


#7

Hmm... My username is not easily guessable on purpose. I signed up about
a week ago so it's not like I've been there forever. Also at least one
other account has been issued an authentication request over several
non-trivial usernames. If you would like to contact me off-list I have
the username of the individual issuing the requests.

···

On 7/12/2013 6:21 PM, Emil Ivov wrote:

Hmm ... we don't have this plugin installed there so searching users
should be impossible. Could it be that these are either legitimate
users, or they learned your address from elsewhere, or they simply
randomly fell on it?

--
John Perry - WX5JP
http://www.jpunix.net