Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Room history visibility is not explicit enough #1807

Open
thibaultamartin opened this issue Jun 28, 2023 · 4 comments
Open

Room history visibility is not explicit enough #1807

thibaultamartin opened this issue Jun 28, 2023 · 4 comments

Comments

@thibaultamartin
Copy link

Your use case

In the context of taking down the Matrix Public Archive, we found out a few issues related to room history visibility:

  • As an administrator, when setting the room history visibility, the most permissive options is labelled as "Anyone". It doesn't seem to make it obvious enough for people that this means the room can be publicly browsed by bots
  • As an administrator, I might have become admin of a room that was previously set to world_readable by the former admin. When the Matrix Public Archive came to existence, I didn't know my room was so open and I got surprised to find its content on the public archive.
  • When I join a room, its visibility status is not super obvious, especially for the world_readable ones. According to the spec world_readable means "Whether the room may be viewed by guest users without joining". The only indication that the room is public is a tiny globe on the room avatar, and hovering it says "This room is public".

What would you like to do?

We would like to increase the awareness that:

  • in world_readable rooms messages are publicly available, so people can either go on with the current settings or change it to something that better suit their needs
  • "Anyone" in the history visibility settings means "anyone including people who are not on Matrix, and who didn't join the room"

Why would you like to do it?

We want to better manage expectations in terms of privacy, make sure people don't feel Matrix is leaking information, and make them feel in control of their conversations.

How would you like to achieve it?

By making room visibility (and its consequences) more obvious whether I'm administering a room or joining a room.

Have you considered any alternatives?

We are already banning the archive from any room bridged to major IRC networks

Additional context

This is a pre-requisite to putting archive.matrix.org back online

@t3chguy t3chguy transferred this issue from element-hq/element-web Jun 28, 2023
@t3chguy
Copy link
Member

t3chguy commented Jun 28, 2023

"Anyone" in the history visibility settings means "anyone including people who are not on Matrix, and who didn't join the room"

This isn't always the case. We can't vary the text between publicly federating deployments and non-federating ones (the spec doesn't allow the client to know)

@reivilibre
Copy link

reivilibre commented Jun 28, 2023

"Anyone" in the history visibility settings means "anyone including people who are not on Matrix, and who didn't join the room"

This isn't always the case. We can't vary the text between publicly federating deployments and non-federating ones (the spec doesn't allow the client to know)

It's not even just a case of non-federating deployments; you could have guest access enabled on a non-federated deployment for example. Perhaps it would be worth adding some 'client configuration' (or similar) to allow the label text to be relaxed by the server admin (i.e. expose this information somehow), if we think changing the default wording would be too alarming/misleading for these deployments (which are likely to be less common in the wider community(?)).

@alphapapa
Copy link

@wojtekLs I don't understand what the fuss is about. Rooms whose permissions are set to allow messages to be publicly viewable should be assumed to be just that. Having a nice Web frontend to ease browsing the history of public rooms and allow them to be indexed by search engines is a good thing. If you don't want your messages publicly viewable, you shouldn't talk in public rooms. Lacking the archive frontend, any client could trivially retrieve the same room history and search it locally, or make it available publicly under another service.

The notion that public IRC channels should be presumed to be unlogged seems naive. Anyone in the channel could be logging messages and could publish them anytime, anywhere, and anonymously, so no one would even know who did it, and that's always been the case, long before Matrix was a thing.

Its simply betrayal of MF's core values. Done from inside, by insiders.

That seems like an absurd thing to say.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants