-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix violation of privacy #2963
base: master
Are you sure you want to change the base?
Fix violation of privacy #2963
Conversation
+1, especially from the viewpoint of upstream disabling this by default for user safety. |
Setting up a Matrix server and making it federated.. Creating public rooms.. Allowing any Matrix server to join said rooms directly, without any access control.. Publishing these rooms to the "Room Directory".. And then complaining about the very minor part that "other Matrix servers can find my public rooms" seems like a minor problem. Matrix is a federated network. You have many ways to keep your rooms private:
You're deciding to ignore all these options and are making your rooms fully public and federateable.. Then you're complaining that other Matrix servers can discover your rooms. It doesn't make any sense to have Matrix be a federated network, but not-quite-federating. I don't think it's a violation of privacy to expose the list of public rooms for servers that are fully federating and that allow said rooms to be freely joined by anyone. You have all of the above options, including changing playbook defaults which are well-announced in the CHANGELOG and in the Matrix room for the playbook. Next, people may complain that this playbook turns on Federation by default and may wish that we change There seems to be a vocal minority of possibly 3 users (out of thousands) who are complaining about this. You have options and are free to exercise them. I don't see a reason why we should all collectively continue to cripple Matrix federation and room discovery because a few users are unhappy with these defaults. The playbook, as all installation tools (and software distributions) is opinionated in various ways. While, this playbook tends to stick to upstream defaults in most cases, this is not a guarantee. Just like various Linux distributions are free to package (and patch and adjust) software as they see fit, so do we. If this is to be compared to a Linux distribution, it would probably be closest to Arch Linux in that:
|
Important point, I'd expect this to be as secure and safe as the default. :D |
I agree, with @spantaleev insofar as making a publicly joinable room non-discoverable, while still allowing everyone that knows the room handle to join, is pretty much worthless from a security perspective, maybe even contributes to make a security concern less visible. What I'm personally missing is a middle ground between
as in 'open for your organization, invite-only via federation'. My solution is a private space for my organization where new server users are auto-joined, and a bunch of rooms that are discoverable and joinable for everyone inside that space. However, such a server-wide default space needs to be hard-coded by the server admin. The Element UI could certainly present the options in a more fine-grained manner by adding an Access Option and renaming one:
Any idea whether this requires a spec change, or would just be a feature request to Element? Any thoughts on my idea? |
This is a UX issue for Synapse+Element. An current solution is to make "public-for-only-my-server" rooms would be to make them joinable by members of a space and then make that space an auto-join room for new users. |
This PR is stale because it has not been provided with required information or its conflicts have not been fixed over a year. Remove stale label or this will be closed in 30 days. To exempt the PR from being marked as stale again due to inactivity, add "confirmed" label. |
This is not only not really obvious to newcomers imho but also is a horrible default. It not only violates the privacy but also can easily leak information to the public.
Also it seems like a bad idea to change defaults as a middleman for a repo that itself wants to be used as a generalized server deployment tool.