Avatar Security

1. Team Alias 1.1 Security Teams alias numbers
1

1. Avatar Server

Global avatars with privacy protection.

avatar
avatar400×709 115 KB

Currently supported avatar generation types:

  1. Face
  2. Icon
  3. Word

Sample:

https://avatar.88.io/

Animated Avatars

Animated Avatars can be generated using Partition AI.

2

Avatar Caching

Beside Etag we can also have Cache-Control

  • Short Cache
    Cache-Control: public, max-age=15, stale-while-revalidate=45

  • Long Cache
    Cache-Control: public, max-age=1500, stale-while-revalidate=300

3

XMPP Avatar

Based on XEP-0054 (vcard-temp):

It calls get_vcard() and reads

  • vCard/PHOTO/TYPE
  • vCard/PHOTO/BINVAL

Note possible restriction:

  • Remote server blocks vCard-temp for privacy/anti-scraping.
  • Server requires presence subscription (you must be in each other’s roster) before vCards are accessible.
  • No s2s between domains, or s2s is restricted.
  • Rate limits or access controls.
  • Some servers prefer/only support XEP-0084 (PEP avatars) and don’t expose vCard photos reliably.