As an exploit demonstration, this is at least noteworthy, maybe even interesting. Actually using it is a bit rude though; people set themselves invisible because they want privacy.
You could say the invisible people are rude. I've had people who always set themselves to be invisible, but will still talk to you and ask you for stuff. But since they are invisible you can't initiate.
Yes, that's the whole point of being invisible. If your friends are misusing a technical feature in a manner you consider rude, perhaps you should try talking to them about it.
What if you discovered a technique to make a phone ring when the ringer is disabled or perhaps even when the phone is switched off? Using it outside of an emergency would obviously be quite rude.
How about instead of insisting they use the tool correctly, you learn about what it means that they're misusing it.
This is a VERY common thing. It means that people tend to not want certain people initiating conversations with them, but they have no problem doing so when they need something.
It's a tool, it doesn't have a correct use case. Just common and uncommon.
With Gtalk you actually can initiate. Gmail just says they are offline and will get it when they come back online. If they really are offline it essentially turns into an email.
Yes, but those people usually annoy you with questions from nowhere. But if you need them, you can't tell if they are online. A lot of people are really abusing this feature this way.
My method is to remove people who are offline most of the time, so that they don't get to see my online status in return. I think that online status should be mutual, if I can't see them, they shouldn't be able to see me.
Agreed... interesting exploit but actually having it used on me when I chose to be invisible would be a very good reason to just remove someone from my friends list entirely.
A quick-and-dirty way to check if any given person is invisible is to just click on their name and send a message.
If they appear offline, but you don't see a response message that says "<username> is offline and can't receive messages right now.", then they're invisible.
(Only checked this in the desktop Google Talk client and the Gmail chat version)
This also works in Skype. They do a good job of cloaking calls, but chat sessions have the same 'leak' in that you get an error if they are actually offline but not if they are just invisible.
I don't think that's right about calls- I regularly call people I know are invisible on Skype and it rings. If they are offline, it says so (almost) immediately, with no ringing.
Python to English translation: you'll still get presence information about the invisible person when you log in, just the presence status will be 'unavailable' (aka. offline).
This will have false-positives for people that genuinely have logged off (which gives the same <presence type='unavailable'/> stanza).
Another way to potentially check whether someone's online or not is to send a caps discovery request (ie. ask their client what XMPP extensions it support). If it replies, they're obviously online (haven't tested this, some clients may in fact be shrewd enough to ignore such requests when set to invisible).
Maybe it's just me, but I'm not getting any presence information from invisible users (was signed in as invisible from Gmail from another account) when I log in.
Another fail safe method arises to due a logical reason:
1. Off the record (OTR) chats are not recorded.
2. There is message delivery notification in GTalk.
Putting these together: if you chat OTR with X and later, if you send a message to X (who is invisible) and you get a red error "X did not receive your message", then X is offline. For a normal offline contact, it would have been delivered as an offline message, but since the conversation is OTR, it cannot be recorded and hence you get a notification. :-)
On the other hand, if X is online, you don't get the red message.
As far as I can see, the script will print out a contact in both of these cases:
1) Contact goes from Online to Invisible
2) Contact goes from Online to Offline by signing off
This effectively means that the script gives you no more information than what you get from the contact list. You can't know if someone went offline or went invisible.
Note that if you read that first link, you will see that you used to not only be able to see the "go invisible" event, you were also able to simply scan your entire buddy list for invisible users. Google fixed this 'vulnerability,' but for one reason or another left the ability to see the becomes-invisible event.
