mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-11-29 16:09:24 +01:00
blog: Matrix Community abuse protection model: Security By Obscurity
Resolves: #268
This commit is contained in:
parent
2ce37e4e55
commit
2ed10f4b53
@ -0,0 +1,148 @@
|
|||||||
|
---
|
||||||
|
layout: post
|
||||||
|
title: "Matrix abuse protectiction model for community maintainers: security by obscurity"
|
||||||
|
category: [english]
|
||||||
|
tags: [matrix]
|
||||||
|
---
|
||||||
|
|
||||||
|
*I am administrator or moderator in multiple communities in Matrix, the most sizable
|
||||||
|
being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir. And I am tired.*
|
||||||
|
|
||||||
|
If I was using Discord, I would make a guild, make roles within it and then
|
||||||
|
right click people and assign them roles and they would be able to manage all
|
||||||
|
channels those roles let them. Time estimate less than 15 minutes.
|
||||||
|
|
||||||
|
Sadly I am not using Discord, I am using Matrix. This means that while burnt out
|
||||||
|
it feels like no one has thought of the case where a community with more than
|
||||||
|
a couple of rooms wants to use Matrix.
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
I am tired, so excuse me for not involving complete documentation and just
|
||||||
|
smaller steps:
|
||||||
|
|
||||||
|
1. Use https://develop.element.io/ (or have a config.json allowing you to use
|
||||||
|
labs)
|
||||||
|
2. Create a space.
|
||||||
|
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`,
|
||||||
|
this should be a number at least `9`.
|
||||||
|
4. Clear cache and reload so the old space maybe disappears.
|
||||||
|
5. See also https://github.com/vector-im/element-web/issues/19208
|
||||||
|
6. Now that there is a space, right click it to create a new room under it and
|
||||||
|
select that it can only be joined by space members. You will hopefully end up
|
||||||
|
with room version 9 (the default at time of writing is 6 and has even worse
|
||||||
|
situation with abuse pretention).
|
||||||
|
7. Go to room settings and set the room to public join assuming it's supposed
|
||||||
|
to be public (14 of this worst case scenario are)
|
||||||
|
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how
|
||||||
|
to handle a private space (9 rooms in this case).
|
||||||
|
|
||||||
|
### Bus factor
|
||||||
|
|
||||||
|
As we are a serious organisation using Matrix here, even if we have no money
|
||||||
|
or people or homeserver or Mjolnir, what happens if you somehow become unable
|
||||||
|
to access your account or are asleep or something when you are needed? You add
|
||||||
|
more people with power and also register yourself on multiple homeservers, so
|
||||||
|
if your main account goes down, you have power somewhere else.
|
||||||
|
|
||||||
|
Let's say you have 20 rooms (you get it a bit more easy than I do), I think
|
||||||
|
you have three methods to promote your other accounts:
|
||||||
|
|
||||||
|
***WARNING: administrator status cannot be removed by others.***
|
||||||
|
|
||||||
|
* A. Using the graphical user interface, invite the other administrators to
|
||||||
|
the room and click the buttons to make them administrators. I am too tired
|
||||||
|
to check how to do this, but it's a graphical user interface, good luck!
|
||||||
|
Remember you will do this twenty times, once for every room/administrator.
|
||||||
|
* B. You can type `/invite @user:example.org` and then `/op @user:example.org 100`
|
||||||
|
and copy-paste it all the time!
|
||||||
|
* C. My favourite, you can have a pre-formatted power-level event in json in
|
||||||
|
a git repository from which you can copy-paste it to all rooms, first `/devtools`,
|
||||||
|
then "room state", "m.room.power_levels", "edit" and you can paste your new
|
||||||
|
administrators there and press "send"! This is the only mass option you have,
|
||||||
|
and you will have to do this once every twenty rooms.
|
||||||
|
|
||||||
|
Remember you will have to do this every time you add a new moderator (or they
|
||||||
|
will be unable to act in the room when they are needed)!
|
||||||
|
|
||||||
|
We also have a matterbridge (which has it's own configuration for every room, but
|
||||||
|
offtopic here) which has administrator / power level 100 in every room, so if
|
||||||
|
I am not available the administrator team can login as it and take care of
|
||||||
|
the situation.
|
||||||
|
|
||||||
|
## Abuse finds you!
|
||||||
|
|
||||||
|
Congratulations, if abuse has found you, the security through obscurity model
|
||||||
|
has failed and now you get to deal with it! That is very simple, you just check
|
||||||
|
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all twenty
|
||||||
|
rooms.
|
||||||
|
|
||||||
|
Did you find out that you have a lot of abuse from a single server and Matrix
|
||||||
|
doesn't support wildcards in bans? No problem, [Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
|
||||||
|
you simply use `/devtools` and ban the entire server by sending a completely new event
|
||||||
|
`m.room.server_acl`, luckily you are a professional `/devtools` user at this point
|
||||||
|
so having to do this 20 times is nothing to you.
|
||||||
|
|
||||||
|
### Icing on the cake
|
||||||
|
|
||||||
|
Could this get any better? Yes, the abuse could happen when you are sleeping
|
||||||
|
or otherwise out of the picture, so your fellow ICT team member (who has no interest
|
||||||
|
in touching this mess with a long stick) has to step in for you and resolve the issue.
|
||||||
|
|
||||||
|
It's a stress situation for them, will the ICT team be able to find the shared
|
||||||
|
password for the Matrix administrator account you hopefully have and speedlearn
|
||||||
|
to be a `/devtools` professional or able to handle even easier forms of spamming
|
||||||
|
or flooding without you present? My money is on the spammer. Good luck, high-five
|
||||||
|
for the next team meeting where you wonder what happened, how to prevent it from
|
||||||
|
happening again and will you even support Matrix in the future?
|
||||||
|
|
||||||
|
I hope someone thanked you for ever having your organization there, I know
|
||||||
|
that I have only gotten complaints about matterbridge looking ugly and not
|
||||||
|
using matrix-appservice-irc, \<redacted-for-similar-trouble\>, matrix-whatever-discord,
|
||||||
|
etc.
|
||||||
|
|
||||||
|
## Mikaela, are you ok, has this happened to you?
|
||||||
|
|
||||||
|
Thank you for asking, I am not ok, I have a burnout and xmas is poor time for me
|
||||||
|
in general, and this whole issue is ridiculous, someone could have thought of
|
||||||
|
it since 2014, everything I am saying is public knowledge, but no one cares.
|
||||||
|
|
||||||
|
It's whoever is running Matrix without hosting their own homeserver and Mjölnir
|
||||||
|
(which brings all reasonable management for organizations) who is at fault (me).
|
||||||
|
I wonder how much would a Mjolnir help if abuse was sophiscated enough to DDoS
|
||||||
|
it off the internet before beginning.
|
||||||
|
|
||||||
|
## What is this community with 23 rooms and two spaces?
|
||||||
|
|
||||||
|
It's [Pirate Party of Finland](https://piraattipuolue.fi/en). I cannot say
|
||||||
|
whether it's us or Matrix that is obscure enough to have avoided the nightmare I
|
||||||
|
painted in this blog post, but as I am the only administrator at Matrix, I
|
||||||
|
have locked it down so the rest of the ICT team can continue not touching Matrix
|
||||||
|
or practicing `/devtools` first without a stressful situation.
|
||||||
|
|
||||||
|
[Our main space](matrix:r/space.piraatit.fi:matrix.org?action=join) requires
|
||||||
|
knocking before it can be joined. Don't ask me what Matrix clients support
|
||||||
|
knocking, it's part of [Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
|
||||||
|
don't even ask me what Matrix servers support it.
|
||||||
|
|
||||||
|
Our public rooms within that space require being a member of that space.
|
||||||
|
|
||||||
|
Our more sensitive rooms that desire working peace from spammers are in a
|
||||||
|
subspace, which again require belonging to it, and which requires knocking too.
|
||||||
|
We have similar system in place at Discord where we just grant people a role
|
||||||
|
once they have talked a bit and shown themselves to not be malicious and this
|
||||||
|
is the best <s>we</s> I can do at Matrix.
|
||||||
|
|
||||||
|
The above looks a bit weird as I was going to put the actual json events
|
||||||
|
there, but I am too tired to bother with that.
|
||||||
|
|
||||||
|
## Afterword
|
||||||
|
|
||||||
|
If I am wrong at anything I said, please contact me instantly either in [my discussion channels](/discuss),
|
||||||
|
[the GitHub issue for this post](https://github.com/Mikaela/mikaela.github.io/issues/268)
|
||||||
|
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my email actively though)
|
||||||
|
as if I am wrong and there is a reasonable Discord-style interface for this
|
||||||
|
without additional money, you are improving my life greatly as I am not just
|
||||||
|
going to stop using Matrix.
|
||||||
|
|
||||||
|
* Obligatory changelog link: TODO: add one here once it actually exists
|
Loading…
Reference in New Issue
Block a user