No possible to block a spammer (#358)
Andrzej Wójcik (Tigase) opened 3 years ago

For some chats, for many of the actually, when I click on the chat sender, option to block the user does not show up.

As you can see, I get lots of spam and at the moment XMPP is simply unusable to me because of spam or rather not having a good way to deal with spam. To make it usable again I would like to have a few more options to deal with spam on iOS:

  1. Ability to block any user. Right now the block option does not show for some users.
  2. Ability to block entire domain. As you can probably see on the screenshot, most of spammers send me messages from the same domain. That is probably bigger thing to do as we should probably apply this block on the server level rather then a user level. However, for the start, blocking a domain on a user level would be sufficient.
  3. I am getting hundreds of notifications with subscription requests, When I open a client I see a message something like "You have 100 notifications". I click on it and I see subscription request. I deny it and that's it. I only handled 1 of the 100 request. Next time I open client, the same happens.So, it would be a good option to see a list of all subscription requests and handle them.
  4. Bulk handling of spam chats and subscription requests. When I open a client and I have 100s new chats from spammers I would like to be able to close them all toghether, ideally marking them as spam and blocked. Recently Bartosz implemented useful feature in OfficalTea client. Long press allows you to select all open chats. Then you can deselect some of them and close all selected. This is very useful. Add to this possibly to block / mark as spammer all would be great. Add to this a list of subscriptions and deny all/block all.
Andrzej Wójcik (Tigase) commented 3 years ago

I think I see the cause of the issue. Siskin tries to fetch VCard to present it to you when you are opening this window and until it gets the response it presents a "limited" view with a limited set of actions. I'll try to address that in the next beta build. This would be problematic. Within XMPP people try to drop requirements or support for privacy lists as they are complicated. For sure we could use it to block domains on the server-side, but this could interact with the simple blocking command which does not support domain-level blocking (blocked domains would not be visible in the UI). 3 & 4. Bulk handling is problematic. It requires a lot of boilerplate code to display waiting presence requests (those are only displayed as notifications). It would be easier to add bulk handling to conversations (as we already have a list of them).

Right now, I wonder if a simpler for this would work. Instead of dealing with presence subscription requests and opened conversations, I could add an item in the long-press menu on the opened conversations named "Block all from this domain". It would be displayed for any conversation in which the participant is not on your roster. The result of tapping this item, would be blocking all jids from the same domain on which you pressed for which conversations are opened and people are not in your roster. Additionally, I would drop presence subscription notifications from them.

Here is how it would work:

  1. Long-tap on any conversation with a person not on your list
  2. Select the option "Mark all conversations from this domain as spam"
  3. Client would search for all opened conversations with users of this domain (which are not "in the roster").
  4. Client would block then using simple command blocking (all those jids - not the domain itself).
  5. Client would drop all presence subscription requests for blocked jids.

I think that this would fairy simplify blocking those users and getting rid of the spam. What do you think?

I was also thinking about a way to report spammers from the UI to the server, so that we could gather a list of spammers in the Tigase database and then decide, ie. to block the whole domain using ad-hoc.

Andrzej Wójcik (Tigase) commented 3 years ago

Comment from @wojtek

I'm not sure that it would be the best way - one could simply get frustrated and use option "block all from domain" and it would also block a valid contact that we had conversation earlier.

What's more - I think there is something wrong if Artur is getting so much spam subscriptions - I don't remember last time I got spam or sub request so maybe it would require tweaking to tigase-spam? Adding option to report spam to tigase-spam would be helpful. Possibly not generating application notification for sub requests (only for messages) would help here (then sub requests would be displayed below the list without drawing to much attention)?

Bulk action on contact list would also be helpful.

I've clarified with Wojtek, that I've suggested to block only JIDs which opened chats with you and they are NOT in your roster. With that, this solution while not good seems reasonable.

Andrzej Wójcik (Tigase) commented 3 years ago

@kobit In the meantime, I've notified administrators and the company hosting domain default.rs about this server sending spam.

According to https://github.com/JabberSPAM/blacklist/issues/7, this server was taken down in 2019 due to the same issue.

Andrzej Wójcik (Tigase) commented 3 years ago

@kobit We also do have https://github.com/tigase/tigase-server/blob/master/src/main/groovy/tigase/admin/UserDomainFilter.groovy, so we could just ban default.rs from connecting to tigase.org

Artur Hefczyc commented 3 years ago

OK, I responded on 1dev to this. It is tempting for me to just block default.rs, 0day.la, 0nl1ne.at but then we would loose opportunity to implement good and automated or semi-automated ways to handle spam. Let's not block them for now.

Andrzej Wójcik (Tigase) commented 2 years ago

@kobit I think this was implemented recently already (blocking whole domains). Do we need anything else? or can we close this task?

Artur Hefczyc commented 2 years ago

Right now, I am NOT getting ANY spam anymore. I guess this is thanks to domains blocking. Whatever reason, I can use my XMPP accounts again and I can get online. So, as for me, we do not need to do anything else and the task can be closed.

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Issue Votes (0)
Watchers (0)
Reference
tigase/_clients/siskin-im#358
Please wait...
Page is in error, reload to recover