|
I'm one of the authors of the Prosody XMPP server, and a member of the XMPP software foundation. Prosody operators have been reporting this for more than a week now. Google users have apparently been flooded with subscription requests from spammers, and the flooding suddenly became massive. The problem is, there are a large number of jabber servers out there which have open account registration without captchas. Most jabber server software doesn't come with a captcha module included by default, and of course, most admins don't bother changing defaults, even while running a public server with open registration. Unlike some other comments here, I don't think Google has any malicious intent in this. This seems like a stop-gap measure, while they figure out and implement a proper solution. As to the proper solution, the XMPP community is largely moving towards having captchas, or other forms of verification, and there are a number of proposed standards. The thing to understand here is that the XMPP community has historically not had a spam problem. Due to the nature of the protocol, spoofing wasn't possible from the start, and there were no large lists of JIDs for spammers to abuse, so things worked out fine for a decade despite a lack of captchas. The good news is that the XSF was already preemptively working on the spam problem, and the speed with which XMPP specs (XEPs) get defined, implemented and deployed in servers and clients is far faster than any other large scale open protocol that I'm aware of. |