-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
We need to actually censor redactions from the DB (SYN-284) #1287
Comments
Jira watchers: @erikjohnston @ara4n |
Links exported from Jira: is duplicated by SYN-493 |
My first question is: what is the point of the current redactions system? The current implementation of it seems to be trying to do two separate things. Originally, the intent was that redactions should be used to remove content that server admins wouldn't want on their server, e.g. illegal content. In this scenario it's important that admins can cause redacted content to be deleted. The idea was to have an admin API that allowed you to look at the redacted event before deciding whether or not to delete it. However, people can now redact their own events, which is used as a crude "retraction" mechanism. In my opinion these shouldn't be auto deleted (and also shouldn't be flagged to server admins lest they look at the retracted content). For example, if someone sends a bunch of abusive messages into Matrix HQ and later retracts them, moderators still need to be able to see what those messages were when people complain so that they can take the appropriate action. On a more practical level, whether we delete content or not is not something we can enforce on a server. Certainly the first thing I would do would be to disable it on my server, and I'm fairly sure I would not be in the minority in doing that. Why? Because its infuriating to have messages disappear while I'm reading/responding simply because the author decided to or accidentally redacted their event, which has happened several times now. Given this, I'm not entirely sure what the purpose or need of having redacted events auto deleted from any server really is. My opinion on this mess is: we should have separate redact and retract mechanisms and implement the admin API for dealing with redactions, but never delete retractions from the DB (we could possibly have a separate flag for asking server admins to redact the event). |
Is this the issue behind matrix-org/matrix-appservice-irc#473 or should I open a new one? |
Are there any news on this or how does GDPR affect this and referenced issues? I started thinking about this/them more, because of mautrix/telegram#248 and t2bot/t2bot.io#15. |
From the duplicate #3211 (comment):
GDPR has been in force for months. Is anyone from Matrix.org following this issue? I seem to have asked previously asked about this nine days ago. |
This is kind of an important issue AFAICT because redactions are the only way to signal non-consent to processing of data. Imagine the following:
|
I'm not so sure this is actually true, assume for a second that my homeserver serves only users outside of the EU, but is in the room, I would have no reason to comply with GDPR. |
the right soln here imo is to provide a server admin specific setting for how long to keep redactions before GCing them. it could probably default to 0 other than for server admins who need an audit trail of the abuse on their platform. |
To be clear, 0 means immediate deletion correct? |
FYI there's a temporary fix which people can implement on their own homeserver in order to:
https://github.com/xwiki-labs/synapse_scripts/blob/master/synapse_janitor.sql On a synapse which I used to administer, this is setup in a crontab which brings the server down once per week, runs these, and then re-launches it. |
Is this going to be covered by Brendan's PR? #5815 |
I just checked the code and it looks like a no. |
Fixed by #5934 |
We don't seem to remove redacted event contents from the DB when they are redacted. This kinda defeats the point; we should.
(Imported from https://matrix.org/jira/browse/SYN-284)
(Reported by @ara4n)
The text was updated successfully, but these errors were encountered: