-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC2261: Allow m.room.aliases
events to be redacted by room admins
#2261
Changes from all commits
0c79802
09955b4
3b19511
bc4e287
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# MSC2261: Allow `m.room.aliases` events to be redacted by room admins | ||
|
||
Currently, the content of `m.room.aliases` events are protected from redaction | ||
by the [redaction algorithm](https://matrix.org/docs/spec/client_server/r0.5.0#redactions). | ||
|
||
This opens it as an abuse vector where users can add spam or offensive aliases | ||
to the room state, which room adminstrators cannot remove. | ||
|
||
## Proposal | ||
|
||
`content.aliases` should no longer be preserved when an `m.room.aliases` event | ||
is redacted. | ||
|
||
This will require a new room version, since changes to the redaction algorithm | ||
also change the way that event hashes (and hence event IDs) are calculated. | ||
|
||
TODO: should the room directory be updated to match the new room state, where | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This feels like it makes sense (and I think Dendrite's public rooms component possibly already does this by listening for events from the room server), although it opens the question of whether the public room directory really needs to gratuitously return aliases unless it is obvious that an alias matches the given |
||
possible? It kinda makes sense when the redaction is used to undo an accidental | ||
addition, but in general it might not be a great plan, particularly if we are | ||
switching to a world in which `m.room.aliases` is very much advisory. Also, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wonder if it's better if room admins could allow aliases in a room to be advertised, instead of the current situation. Basically, what if we provide a means for a room admin to explicitly approve a given alias to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This feels pretty sci-fi, tbh. How would the room admin find out about new aliases that it might be appropriate to add to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. By a (probably, but not necessarily, the same) room event that's sent to the room but only admins (=people who can send |
||
bear in mind that redacting the removal of an alias would mean re-adding the | ||
alias. | ||
|
||
## Potential issues | ||
|
||
* This could increase the number of cases in which `m.room.aliases` events | ||
differ from reality (see https://github.com/matrix-org/matrix-doc/issues/2262). | ||
|
||
* Redacting an `m.room.aliases` event adding an abusive alias will remove not | ||
only the abusive alias from the room state, but also all other aliases that | ||
are in the same state_key (i.e. other aliases from the same server). | ||
|
||
This could be mitigated by replacing `m.room.aliases` events with granular | ||
`m.room.alias` events (https://github.com/matrix-org/matrix-doc/issues/2259). | ||
|
||
## See also | ||
|
||
* [MSC2176](https://github.com/matrix-org/matrix-doc/pull/2176), which | ||
proposes other changes to the redaction rules. | ||
* [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260), which | ||
suggests changes to the auth rules for `m.room.aliases` events. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The other alias MSC also requires a room version bump, and removes all meaning from
m.room.aliases
. Do we instead just use that and drop this MSC?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, possibly.