From 0c79802bb3e2e8cd82496e5028aedb4e49fc63dd Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Thu, 29 Aug 2019 15:43:07 +0100 Subject: [PATCH 1/3] MSC2261: Allow `m.room.aliases` events to be redacted by room admins --- proposals/2261-fix-alias-redaction.md | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 proposals/2261-fix-alias-redaction.md diff --git a/proposals/2261-fix-alias-redaction.md b/proposals/2261-fix-alias-redaction.md new file mode 100644 index 00000000000..9051cbf68c5 --- /dev/null +++ b/proposals/2261-fix-alias-redaction.md @@ -0,0 +1,32 @@ +# MSC2261: Allow `m.room.aliases` events to be redacted by room admins + +Currently, the content of `m.room.aliases` events are protected from redaction +by the [redaction algorithm](https://matrix.org/docs/spec/client_server/r0.5.0#redactions). + +This opens it as an abuse vector where users can add spam or offensive aliases +to the room state, which room adminstrators cannot remove. + +## Proposal + +`content.aliases` should no longer be preserved when an `m.room.aliases` event +is redacted. + +This will require a new room version, since changes to the redaction algorithm +also change the way that event hashes (and hence event IDs) are calculated. + +TODO: should the room directory be updated to match the new room state, where +possible? It kinda makes sense when the redaction is used to undo an accidental +addition, but in general it might not be a great plan. Also, bear in mind that +redacting the removal of an alias would mean re-adding the alias. + +## Potential issues + +This could increase the number of cases in which `m.room.aliases` events +differ from reality. + +## See also + + * [MSC2176](https://github.com/matrix-org/matrix-doc/pull/2176), which +proposes other changes to the redaction rules. + * [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260), which +suggests changes to the auth rules for `m.room.aliases` events. From 09955b4c217c469d1d4d865ab4943954d6e82384 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Thu, 29 Aug 2019 16:00:07 +0100 Subject: [PATCH 2/3] some wording tweaks --- proposals/2261-fix-alias-redaction.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/proposals/2261-fix-alias-redaction.md b/proposals/2261-fix-alias-redaction.md index 9051cbf68c5..5ffc634d541 100644 --- a/proposals/2261-fix-alias-redaction.md +++ b/proposals/2261-fix-alias-redaction.md @@ -16,13 +16,15 @@ also change the way that event hashes (and hence event IDs) are calculated. TODO: should the room directory be updated to match the new room state, where possible? It kinda makes sense when the redaction is used to undo an accidental -addition, but in general it might not be a great plan. Also, bear in mind that -redacting the removal of an alias would mean re-adding the alias. +addition, but in general it might not be a great plan, particularly if we are +switching to a world in which `m.room.aliases` is very much advisory. Also, +bear in mind that redacting the removal of an alias would mean re-adding the +alias. ## Potential issues This could increase the number of cases in which `m.room.aliases` events -differ from reality. +differ from reality (see https://github.com/matrix-org/matrix-doc/issues/2262). ## See also From bc4e287667573db66793039d3e1caae96c577845 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Wed, 8 Jan 2020 17:32:42 +0000 Subject: [PATCH 3/3] add a note about redaction affecting all aliases --- proposals/2261-fix-alias-redaction.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/proposals/2261-fix-alias-redaction.md b/proposals/2261-fix-alias-redaction.md index 5ffc634d541..4dcfc1e8e5e 100644 --- a/proposals/2261-fix-alias-redaction.md +++ b/proposals/2261-fix-alias-redaction.md @@ -23,8 +23,15 @@ alias. ## Potential issues -This could increase the number of cases in which `m.room.aliases` events -differ from reality (see https://github.com/matrix-org/matrix-doc/issues/2262). +* This could increase the number of cases in which `m.room.aliases` events + differ from reality (see https://github.com/matrix-org/matrix-doc/issues/2262). + +* Redacting an `m.room.aliases` event adding an abusive alias will remove not + only the abusive alias from the room state, but also all other aliases that + are in the same state_key (i.e. other aliases from the same server). + + This could be mitigated by replacing `m.room.aliases` events with granular + `m.room.alias` events (https://github.com/matrix-org/matrix-doc/issues/2259). ## See also