Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to add additional metadata to invites #2339

Closed
ptman opened this issue Nov 2, 2019 · 5 comments
Closed

Ability to add additional metadata to invites #2339

ptman opened this issue Nov 2, 2019 · 5 comments
Labels
client-server Client-Server API improvement A suggestion for a relatively simple improvement to the protocol

Comments

@ptman
Copy link
Contributor

ptman commented Nov 2, 2019

Would it make sense to add an optional short message or some other metadata to invites? That could make invites easier to evaluate. As in, do I want to accept this invite or is it likely invite spam? Wasn't there talk of adding reasons to kicks and bans? This would mirror that in a way.

@ara4n
Copy link
Member

ara4n commented Nov 2, 2019

we deliberately didn’t add further metadata to invites in order to avoid the spam vector. however, this turns out to be a pain for invites between trusted users/servers, so we’re looking to define a way of doing it for that scenario which doesn’t result in abuse in the general public network.

@turt2live turt2live added client-server Client-Server API improvement A suggestion for a relatively simple improvement to the protocol labels Nov 2, 2019
@erikjohnston
Copy link
Member

erikjohnston commented Nov 26, 2019

MSC2367 allows adding reasons to invites, amongst other things.

@ptman
Copy link
Contributor Author

ptman commented Jan 16, 2020

Apparently this was implemented in spec and synapse. How about client support?

@madduck
Copy link

madduck commented Feb 13, 2020

we deliberately didn’t add further metadata to invites in order to avoid the spam vector. however, this turns out to be a pain for invites between trusted users/servers, so we’re looking to define a way of doing it for that scenario which doesn’t result in abuse in the general public network.

I've been thinking about this, and while I see the "spam vector", I also think that it's a false flag that we're waving here, because the status quo doesn't really prevent spam (I'll expand in a sec), but it inconvenience legitimate users.

Let me explain by way of an example, in which one morning I open Riot, and I find two invitations, one by Alice (@alice:mycompany.com), and one by Bob (@bob123:matrix.org).

Of course I'll accept Alice's, then wait a few seconds while the room synchronises, before I finally see what Alice is trying to talk about. During those seconds, the perception in my head manifests that Alice didn't really have a very "responsive" experience reaching out to me, as she was typing into a room to which I'd been invited, but where I wasn't actually present. There's lots more to be said about this, including the fact that Alice can't re-invite me, or inquire about why I haven't seen a message.

This experience is by design, because we wouldn't want spammers to be able to send us unsolicited dick pics, or whatever it is that they do.

However, consider what exactly happens when you see that invitation by Bob: you have absolutely nothing to go by to decide whether Bob is a spammer, or a legitimate attempt to contact you, e.g. by a former school friend. We don't spam-filter email based on the From header either.

Fact is that you will accept the invitation, wait a few seconds, and then see the spam anyway. At this point it's too late, except you've now created a room that you have to leave, and forget. This gives the spammer a lot more information than if you just were silently able to ignore the request.

I'd like to propose that the experience actually become more like what happens when you surf to the URL of a public room: you can browse the timeline, and there's a button asking you to join the room. In the case of a direct chat, the invitation should also show you the whole timeline (optionally with images disabled…), and ask you whether to "join", "ignore", or "block".

How about it?

PS: please let me know if you'd prefer that I split this off into a separate issue.

@richvdh richvdh changed the title Invitation metadata Ability to add additional metadata to invites Jan 18, 2021
@richvdh
Copy link
Member

richvdh commented Sep 10, 2021

seems like this has been fixed by #2795.

@richvdh richvdh closed this as completed Sep 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client-server Client-Server API improvement A suggestion for a relatively simple improvement to the protocol
Projects
None yet
Development

No branches or pull requests

6 participants