This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Self-destructing/disappearing messages #82
Comments
|
These features should be as obnoxious to use as possible, because over-use will be amazingly annoying and encourage the development of homeservers and clients that completely ignore them. |
|
Annoying for who? I can't think of a possible reason to make the feature hard to use. Some people want full conversation history, some want only the last X minutes/hours/days/weeks/months. Or they just want certain conversations (rooms) to have this option. Some do it for privacy, others to keep their homeserver tidy with no maintenance. As for implementation, I'd follow Signal and have a configurable self-destruct timer in room settings with a timer icon under each message. |
|
Thing is that you cannot ever rely on a feature like that to do anything since it would be incredibly easy to change your server to not care about the setting, and the more they're used the more likely it's going to be for there to be a popular client/server fork that doesn't follow it, because most other people doesn't want random messages just disappearing out of the blue. So if you rely on something like this for privacy, you're bound to get bitten in the ass from the false sense of security. If anything what would be more useful is to use encrypted rooms and for clients to have a button for destroying the keys it has for a room, and then both parties could destroy the keys to read old messages that way. |
|
An idea: allow Synapse home servers to set an option whether to delete redacted/self-destructed messages or not and visibly show information about this in every user's info. |
|
Implement self-destructing message at first we can via bot with admin rights, that will delete (redact) all messages older than specific time. And if this will be popular - implement in Matrix client interface. And additional server option for homeserver owners in Synapse 'Remove deleted (redacted) message from homeserver database' with warning 'Acts only on current homeserver database, deleted messages may kept on other homeservers with disabled this option'. |
|
It can't be done in a matrix client, because what if your client is offline then your messages wouldn't be removed. Bot would be fine as that'd be online all the time |
|
Here is issue about Matrix room history purge bot turt2live/matrix-wishlist#81 |
Depends on when you want to destroy the messages. For example telegram deletes them after a user had read the message. So this would be more of an "destroy x time after read". This behaviour could also not be implemented in a bot, because the bot would need to redact device/user specific messages. |
|
I'm afraid, disappearing messages in Matrix would be quite a bit more complicated or less user friendly then in Signal. Signal deletes messages only locally on the phones while Matrix redaction works on the server. Thus the Signal behaviour of Delete message on A's phone x minutes after A has read it won't work. We could only do Delete message in the root x minutes after everyone has read it. And even that breaks completely, if there is an inactive user in the room or any user has disabled Read notifications. So we would probably need not one, but two timers to be set. One for every user has read the message and one (longer) fallback, where the message gets deleted no matter who has read it. |
|
there's a proposal for this now at matrix-org/matrix-spec-proposals#1763 |
|
New proposal is matrix-org/matrix-spec-proposals#2228 |
|
and an other one here, merged into develop : matrix-org/synapse#6409 |
|
that's not a proposal, that's the implementation ;P |
|
even better then 😃 |
|
So it released in Synapse 1.7.0rc1, now waiting implementation in Riot UI? |
|
This is an (important) special case of #364. |
|
Please can not swap otherwise to matrix! But really want to! :( |
|
A lot of activists in Belarus protests started using Element for encrypted chat communication. We are using it both from mobile and desktop versions. Due to the high risk of detention and high interest of the police in communication channels (they are forcing people to unlock their phones up to torture cases) people ask for cleaning up the message archives to avoid any leak of sensitive data to the regime.
Self-destructing messages are highly important for automation of cleaning the history and making sure that no extra data left behind. As i understood this is already implemented in Synapse here and just needs implementation for the UI. By implementing this you are helping to fight the dictatorship :) |
|
I would love to see this happen. The important use cases are as @snicky-panda described. A more trivial use-case is mine: I run a server through Element Matrix Services for friends and friends-of-friends and everyone on that server is in agreement that nobody needs to keep copies of their messages older than a month or two. We definitely don't need anyone to see copies of our messages from a year ago. It's one thing to allow the individual user to set a destruction time on individual messages or conversations, but it would be great if I could set a default destruction time for all messages on the server. |
|
That is a thing synapse supports. Talk to your EMS support contact about setting up retention periods. @mattcoxonline |
Synapse supports this well, and deletes well on server side. But Element on client side - do the local cache of messages, and show them long time, even after they deleted from server! And this is really confusing for users! Clearing caches manually every day is help, but too annoying. Is it hard to implement, at least, matching ttl for locally cached messages on rooms, having message retention states, to auto-delete them from devices too? |
|
That's because synapse does not whatsoever tell Element it has deleted anything. |
|
As I understand from previous discuss, the position of Synapse side is that Element (and other Matrix clients) must follow the |
|
The issue is if you configure the setting in homeserver.yaml then the state event won't be set. |
|
I created this issue in hopes that they will create a standard for self destructing messages within Matrix with many options. I hope this can be developed and released for Matrix and then the clients such as Element can implement it. |
|
Considering how this is partially implemented in a way that is invisible to most of users, I opened element-hq/element-web#18630 worrying about the abuse potential for e.g. gaslighting. The solution I would like to see is something like in Telegram, where when a group has disappearing messages enabled, there is an indicator next to the text input bar:
|
|
That would go nicely with the broader proposal. |
Strongly disagree with this view. I use disappearing messages for 97% of all my IM conversations. Signal has it and Telegram E2E has it. Session has it. Molly has it. Heck, even WhatsApp and SnapChat have it !!! For Matrix I use this workaround: https://github.com/commonism/matrix-archive-sso/tree/redact I very, very, very rarely need any messages that are older than a week or so. Keeping them is just not worth the risk. Let's help people with their data hygiene. A few inputs, so we can skip one or two iterations:
|
|
Yes indeed - the lifetimes proposal seems to give just what you ask, and more. Maybe close this issue and continue there? |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
kittykat
added
A-Timeline
T-Feature
|
I hope Element and Matrix blogs/social media/marketing constantly discussing interoperability, WhatsApp and Telegram, means this feature is going to move forwards as from these three only Matrix/Element has no stable way of automatically removing messages. Currently I can simply enable that in either Telegram or WhatsApp and I have no idea whether the current bridges support that and the only similar feature here is |
|
I'd really like to see this, but on a per-message basis. I'd really like if users could set a TTL on individual messages and/or media on a per-message basis. (Namely for attachments, though!) The main reason is to reduce storage burden/cost on the homeserver. For example, 99% of files I've attached to messages are only needed for that short exchange. I'd love if I could indicate to the homeserver that there is no need to hold on to it once it's been downloaded or after x period of time. On the side, I also do like the idea of deleting sensitive things from other servers, even if it's already encrypted. If it's not needed, it doesn't have to be there. A use-case could be, I attach my CV to a friend. Instead of depending on the homeserver's configuration for media lifetime, I can just say "TTL 7 Days" and the attachment will no longer be accessible after 7 days of sending the message. One noteworthy concern was that users may send malicious messages or illegal attachments and get around moderation thanks to the TTL. In this case, metadata or the message itself could be retained if the message is reported before the TTL elapses. A crappy UI mock up could look like this, in the attachment modal. (Note, I'm not a designer… clearly.)
Ideally, I'd like to see the options include:
Mockup HTML<div id="background">
<div id="attachment">
<div id="top">
<h1>Upload files</h1>
<span>x</span>
</div>
<span>FILE abstract-algebra-theory-and-applications.pdf (1.55 MB)</span>
<hr>
<div id="ttl">
<div id="ttl-section">
<div id="checkbox"></div>
<span>Time-To-Live</span>
</div>
<div id="select">
<input type="radio">1 Day</input>
<input type="radio">7 Days</input>
<input type="radio">31 Days</input>
<input type="radio">Other</input>
</div>
</div>
<div id="custom">
<input type="number"/> <span id="label">Day(s)</span>
</div>
<div id="buttons">
<div id="upload-button">Upload</div>
</div>
</div>
</div>body {
background-color: black;
}
#attachment {
background-color: #15191e;
color: white;
font-family: sans-serif;
border-radius: .5em;
padding: 1em;
width: 512px;
}
#top {
display: flex;
justify-content: space-between;
align-items: center;
}
#buttons {
margin-top: 1em;
display: flex;
justify-content: flex-end;
}
#upload-button {
background-color: #0dbd8b;
border-radius: .5em;
padding: .5em;
}
#ttl-section {
display: flex;
align-items: center;
}
#checkbox {
margin-right: .5em;
height: 1em;
width: 1em;
border: solid #EEEEEE;
border-radius: .2em;
}
hr {
margin: 2em 1em;
}
#ttl {
display: flex;
justify-content: space-between;
}
#custom {
display: flex;
justify-content: flex-end;
margin-top: .5em;
}
#label {
padding-left: .5em;
} |
|
You might like the more comprehensive proposal #364 . |
|
What's the current status of this? |
Unfortunately it didn't make it onto the priority list for this year. I believe this issue needs product team's input before it can be addressed/ Moving to discussions as the topic will need a development issue when it is scheduled. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
This is obviously not a foolproof security measure because clients can be modified to not redact previously sent messages for example, but a recent thread has given some examples on why this is a useful feature nonetheless.
https://whispersystems.org/blog/disappearing-messages/
https://whispersystems.discoursehosting.net/t/automatically-disappearing-messages/473/18
https://whispersystems.discoursehosting.net/t/automatically-disappearing-messages/473/10
https://www.reddit.com/r/crypto/comments/5706th/disappearing_messages_for_signal/d8ojhg2/
The text was updated successfully, but these errors were encountered: