Conversations: Some kind of auto-discover for contacts

automatically connected to all their friends

read as: address book harvesting

through their phone numbers.

read as: antithetical to privacy

similar experience,

see also: ENUM or e.164

add them automatically to the roster.

No. I use multiple JID. This would be extremely undesirable.

see if they also work for XMPP

see also: DNS SRV

as also SIP

..

Please implement none of this.

No. I use multiple JID. This would be extremely undesirable.

Why? This way Converstions will not detect any JID's you don't want to share with someone. If you give me one of your JID's I assume that I'm also allowed to use it. If I can enter it manually to chat so why shouldn't Conversations just doing it for me? Same in case of a email address. I only have your email address because you gave it to me so I assume that it is OK that I use it for whatever is possible (send you an email and also chat with you if it is a JID as well). It's all just about automatically doing stuff I could also do manually. It's all about UX to make Conversations used by as much people as possible.

Is there a way to only share your contact information with someone who also has one's contact info as well?

For example, Alice uploads her hashed/encrypted phone number and her address book to a central instance. This server itself cannot decrypt anything. But if Alice has Bob's contact information in her address book, and Bob has Alice's info as well, both get the necessary contact information to connect to each other via Conversations.

This contact info could be a phone number, the JID or something else. Each user could define which contact info they provide to server to allow others to match with it. For example, Alice could define that everybody who has her phone number and who she also has in her address book also gets her JID to contact her. Bob for instance is a bit more reserved and only provides his JID as an identifier.

Does this make sense? I'm no crypto expert or programmer, so please forgive my abstract thinking.

That app is called Signal IIRC ;)

Also #1978

Also #1978

Ah yes, @h-2's idea is awesome and he already laid out a clever way. I'm sad that Daniel isn't interested in pushing this forward in Conversations but I hope that this may become an XEP.

It is important to note that Conversations already asks for permission to sychronize with contacts to match your XMPP roster with your contacts to show their full names and avatars. They only do this locally, without uploading them to the server you're using.

Perhaps this service could be used in a creative way to achieve some of what you're trying to do: https://jmp.chat/

@schiessle Hey Björn, I already laid out some thoughts on this here #1978 , but I couldn't convince Daniel :neutral_face:

@mxmehl @h-2 It just needs someone to start such a service. As I pointed out in the other thread this is completely orthogonal to Conversations. In theory you could do this as a whole separate app that lists all the contacts it was able to find and then launches into Conversations (or any other XMPP app for that matter) by invoking a VIEW xmpp uri intent.
I don't see why this needs 'my approval'. Just start working on this yourself if you believe this is a good idea. Don't wait for others to do that.
This is a centralized service anyway so IMHO it doesn't even have to have a XEP to specificy the protocol. It doesn't even have to be XMPP.

Edit: By the way this phone number lookup has nothing to do with what OP suggested. Because OPs proposal is just read only and would just crawl the android address book for information we already have that doesn't involve sending information to a central server. I would appreciate if people interested in doing a central phone number to JID lookup service would discuss this in the appropriate issue.

I am actually working to build this kind of functionality into the cheogram.com service. Already there is a (poorly documented) way to verify phone number + JID associations, and then you query them by doing a vcard-temp query to @cheogram.com over XMPP. Just need some nice UI/plugins to make it more magical :)

happy to see this lively discussion. I just want to remind you, that my original idea was not a centralized server. My idea was to use locally the information which are already there, existing contact in my address book which have a email address (which we could check for xmpp capabilities) or even already a xmpp address. For me it is so obvious to show them directly in my roster, why should I have to add them manually again, if I added them already to my address book?

@mxmehl : Signal's report on their method is informative. In short, there's a series of crypto techniques called PIR (Private Information Retrieval) which enable autodiscovery without simply giving everyone the entire database, but it's hard to scale and Signal has made some hard trade-offs in their implementation. There's been push back from the world at large, notably jwz, which admittedly is partially because jwz misunderstood the algorithm, but demonstrates the concern people have about this sort of thing and that we need to be really really careful about what is provided to whom and when.

Similarly, @singpolyma, I've already talked to you personally, but for the record I am against an automatic bi- or even uni- directional public phonebook. How I want whom to contact me is important to me, and, I think, to anyone who is privacy-conscious, and I want it to be a very explicit choice. If I post my JID or my phone number on Facebook or Github or a personal site, that's one thing, but I am against automating that sort of discovery.

@schiessle: I am in favour of making XMPP onboarding easier, but I am against your idea because:

1. in practice, if you use your Android Contacts app to start chats, as you would with SMSes or phone calls and as you could but might not do with Signal, WhatsApp or whatever else, then Conversations already adds unknown users to your roster; you need only go through the roster-add UI once, the first time you tap them from there. With @singpolyma's Cheogram service, I am constantly using this feature with JIDs like [email protected], and the flow is very smooth. The trick, again, though, is that you have to do it from Android Contacts, not from inside of Conversations.
2. XMPP doesn't even require people to be on each others' rosters to message each other in the first place: rosters are an old an well established feature, but they aren't a part of XMPP core (I believe?). Having someone's contact information in my private contacts database is very different for me than adding someone as a friend (/buddy/roster item/followee/etc), which has a lot of social meaning attached to it. On top of triggering UI on both sides (possibly annoying!) it triggers human-layer protocol: there's all kinds of embarrassing situations your feature might accidentally enable. For example, I have people in my contact database who are acquaintances, old coworkers, or the like: those ones I definitely don't want to be probed and definitely not added for XMPP unless I explicitly try to contact them that way.
3. Even WhatsApp has been criticized for the tradeoffs they made to make on-boarding easy.

It would be nice if we could ask a server "hey does this JID exist?" and list those who do, but without triggering the actual roster add, I doubt XMPP supports that, due to spam concerns.

Thanks for sparking the debate. I would like to get this right and hear all perspectives. Thank you for listening to mine.

@kousu

1. This situation is exactly what @schiessle wanted to improve by this issue. You shouldn't hopelessly browse your Android's contacts app to find people who are active xmpp users. You want those contacts to automatically load from there to Conversations.
2. Thanks for your interesting point! I agree that you normally wouldn't like to send "xmpp friendship" requests automatically to all contacts in your device. But the solution to this problem is not difficult; Let me update OP's idea based on your (excellent) point:

The idea:

Let Conversations regularly check the users address book for XMPP addresses and show them to you in the interface (maybe in a special place in the roster) so that you know they exist and can add them to your contact list if you want.

1. As far as I can see, your link is about how much information you can get by knowing someones handle (phone number, email address, JID, etc.) and has nothing to do with such local contact exchange between Android Contacts and Conversations app.

So, what do you think about my updated version of OP's feature request?

Let Conversations regularly check the users address book for XMPP addresses and add them automatically to the roster.

This is now partially implemented by https://github.com/siacs/Conversations/commit/2febbe1b8d6c0b06696600e29c25ccd6ae6da285 :

show jids from address book in Start Conversation screen if only one account is used

I wonder about why there's the mention of the limitation "if only once account is used", what sense that would make and why in practice that limitation isn't there. When I'm online with two accounts in Conversations and go to the "Start Conversation" screen I still see all the contacts that I have in my Android adressbook marked with a blue colored label "Adress Book".

@STPKITT And with what account are you talking with them?

Also #2552

@licaon-kter Since my second, third, ... account are setup in Conversations just for testing purposes it's only my first account that has those contacts on his rooster that are also in my Android address book.

@STPKITT Right, so how does Conversations know that?

@licaon-kter I don't get that question. Conversations knows what?

@STPKITT which account can talk with which addressbook contact

@licaon-kter ??? Any account can talk to any addressbook contact.

I have now introduced Quicksy which is my attempt at providing phone number lookup for in the Jabber world.
Here are are the slides for me introducing this new spin of. And here are recordings of the German talk I gave.