Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL Previews enabled 'accidentally?' in encrypted room #21659

Closed
viasux opened this issue Apr 4, 2022 · 2 comments · Fixed by matrix-org/matrix-react-sdk#8227
Closed

URL Previews enabled 'accidentally?' in encrypted room #21659

viasux opened this issue Apr 4, 2022 · 2 comments · Fixed by matrix-org/matrix-react-sdk#8227
Labels
A-URL-Previews O-Occasional Affects or can be seen by some users regularly or most users rarely Privacy S-Minor Impairs non-critical functionality or suitable workarounds exist T-Defect X-Release-Blocker

Comments

@viasux
Copy link

viasux commented Apr 4, 2022

Steps to reproduce

idk how reproducible this is, but this is all I remember doing

  1. Create a new encrypted & private room on the matrix.org homeserver
  2. Paste a link which can preview
  3. See preview
  4. Close element
  5. Open element
  6. No preview?

Outcome

What did you expect?

I expected there to be no preview in an encrypted room. I assume that this is a bug because it was later re-disabled after reopening the website.

What happened instead?

I literally opened up my mostly unused matrix.org account, only to test this, as I thought "wait, matrix.org has url previews, isn't that a privacy concern if used in encrypted rooms?" This is why I have a before and after screenshot, because I sent it to my friend to ask it about the situation (and then closed the browser), and it told me that this was likely not intended behavior.

Before:
image
After:
image

Keep in mind, I didn't change any room settings after creation. I also am using librewolf and had to enable canvas data and persistent storage during the initial login to my account, idk how that would cause any issues, but it might give some info? idk.

Operating system

Windows 10

Browser information

Librewolf Version 98.0-1

URL for webapp

app.element.io

Application version

Element version: 1.10.8 Olm version: 3.2.8

Homeserver

matrix.org

Will you send logs?

Yes
@viasux viasux added the T-Defect label Apr 4, 2022
@goelesha
Copy link

goelesha commented Apr 4, 2022

@AverytheFurry Can you pls elaborate more. I tried the same steps which you mentioned in the description but after sending a link to my private room I didn't see any preview. I have attached a screenshot for your reference.
Screenshot 2022-04-04 at 1 38 43 PM

@germain-gg germain-gg added A-URL-Previews S-Minor Impairs non-critical functionality or suitable workarounds exist Privacy O-Occasional Affects or can be seen by some users regularly or most users rarely X-Regression X-Cannot-Reproduce labels Apr 4, 2022
@kittykat
Copy link
Contributor

kittykat commented Apr 4, 2022

I can recreate when creating room on

Element version: b1a60b25b4c8-react-13a51654e782-js-71b7521f4223
Olm version: 3.2.8

and viewing on

Element version: 1.10.8
Olm version: 3.2.8

@dbkr dbkr mentioned this issue Apr 4, 2022
Merged
kegsay added a commit to matrix-org/matrix-react-sdk that referenced this issue Apr 14, 2022
@kegsay
Merge tag 'v3.42.3' into kegan/sync-v3
4efc389 
* Release threads as a beta feature ([\#8081](#8081)). Fixes element-hq/element-web#21351.
* More video rooms design updates ([\#8222](#8222)).
* Update video rooms to new design specs ([\#8207](#8207)). Fixes element-hq/element-web#21515, element-hq/element-web#21516 element-hq/element-web#21519 and element-hq/element-web#21526.
* Live Location Sharing - left panel warning with error ([\#8201](#8201)).
* Live location sharing - Stop publishing location to beacons with consecutive errors ([\#8194](#8194)).
* Live location sharing: allow retry when stop sharing fails ([\#8193](#8193)).
* Allow voice messages to be scrubbed in the timeline ([\#8079](#8079)). Fixes element-hq/element-web#18713.
* Live location sharing - stop sharing to beacons in rooms you left ([\#8187](#8187)).
* Allow sending and thumbnailing AVIF images ([\#8172](#8172)).
* Live location sharing - handle geolocation errors ([\#8179](#8179)).
* Show voice room participants when not connected ([\#8136](#8136)). Fixes element-hq/element-web#21513.
* Add margins between labs sections ([\#8169](#8169)).
* Live location sharing - send geolocation beacon events - happy path ([\#8127](#8127)).
* Add support for Animated (A)PNG ([\#8158](#8158)). Fixes element-hq/element-web#12967.
* Don't form continuations from thread roots ([\#8166](#8166)). Fixes element-hq/element-web#20908.
* Improve handling of animated GIF and WEBP images ([\#8153](#8153)). Fixes element-hq/element-web#16193 and element-hq/element-web#6684.
* Wire up file preview for video files ([\#8140](#8140)). Fixes element-hq/element-web#21539.
* When showing thread, always auto-focus its composer ([\#8115](#8115)). Fixes element-hq/element-web#21438.
* Live location sharing - refresh beacon expiry in room ([\#8116](#8116)).
* Use styled mxids in member list v2 ([\#8110](#8110)). Fixes element-hq/element-web#14825. Contributed by @SimonBrandner.
* Delete groups (legacy communities system) ([\#8027](#8027)). Fixes element-hq/element-web#17532.
* Add a prototype of voice rooms in labs ([\#8084](#8084)). Fixes element-hq/element-web#3546.
* Fix editing `<ol>` tags with a non-1 start attribute ([\#8211](#8211)). Fixes element-hq/element-web#21625.
* Fix URL previews being enabled when room first created ([\#8227](#8227)). Fixes element-hq/element-web#21659.
* Don't use m.call for Jitsi video rooms ([\#8223](#8223)).
* Scale emoji with size of surrounding text ([\#8224](#8224)).
* Make "Jump to date" translatable ([\#8218](#8218)).
* Normalize call buttons ([\#8129](#8129)). Fixes element-hq/element-web#21493. Contributed by @luixxiul.
* Show room preview bar with maximised widgets ([\#8180](#8180)). Fixes element-hq/element-web#21542.
* Update more strings to not wrongly mention room when it is/could be a space ([\#7722](#7722)). Fixes element-hq/element-web#20243 and element-hq/element-web#20910.
* Fix issue with redacting via edit composer flow causing stuck editStates ([\#8184](#8184)).
* Fix some image/video scroll jumps ([\#8182](#8182)).
* Fix "react error on share dialog" ([\#8170](#8170)). Contributed by @yaya-usman.
* Fix disambiguated profile in threads in bubble layout ([\#8168](#8168)). Fixes element-hq/element-web#21570. Contributed by @SimonBrandner.
* Responsive BetaCard on Labs ([\#8154](#8154)). Fixes element-hq/element-web#21554. Contributed by @luixxiul.
* Display button as inline in room directory dialog ([\#8164](#8164)). Fixes element-hq/element-web#21567. Contributed by @luixxiul.
* Null guard TimelinePanel unmount edge ([\#8171](#8171)).
* Fix beta pill label breaking ([\#8162](#8162)). Fixes element-hq/element-web#21566. Contributed by @luixxiul.
* Strip relations when forwarding ([\#7929](#7929)). Fixes element-hq/element-web#19769, element-hq/element-web#18067 element-hq/element-web#21015 and element-hq/element-web#10924.
* Don't try (and fail) to show replies for redacted events ([\#8141](#8141)). Fixes element-hq/element-web#21435.
* Fix 3pid member info for space member list ([\#8128](#8128)). Fixes element-hq/element-web#21534.
* Set max-width to user context menu ([\#8089](#8089)). Fixes element-hq/element-web#21486. Contributed by @luixxiul.
* Fix issue with falsey hrefs being sent in events ([\#8113](#8113)). Fixes element-hq/element-web#21417.
* Make video sizing consistent with images ([\#8102](#8102)). Fixes element-hq/element-web#20072.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-URL-Previews O-Occasional Affects or can be seen by some users regularly or most users rarely Privacy S-Minor Impairs non-critical functionality or suitable workarounds exist T-Defect X-Release-Blocker
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix URL previews being enabled when room first created matrix-org/matrix-react-sdk
5 participants
@kittykat @novocaine @germain-gg @viasux @goelesha