matrix: consider the matrix-public-archive behaviour, back off on distruct

Resolves: #337
This commit is contained in:
Aminda Suomalainen 2023-07-05 09:54:09 +03:00
parent a5f5ade136
commit e3f2a4c5c3
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q

View File

@ -142,20 +142,7 @@ They are related to bringing Matrix to other protocols or vice versa.
The public/world-readable history visibility option means exactly what it says, The public/world-readable history visibility option means exactly what it says,
public even without joining the room. These rooms are accessible to tools public even without joining the room. These rooms are accessible to tools
such as [Matrix Static](https://view.matrix.org/) and its successor [Matrix Public Archive](https://github.com/matrix-org/matrix-public-archive) such as [Matrix Static](https://view.matrix.org/) and its successor [Matrix Public Archive](https://github.com/matrix-org/matrix-public-archive)
(aka `@archive:matrix.org`) and thus their history is visible in search engines. If this isn't what you (aka `@archive:matrix.org`) and thus their history is visible in search engines.
want, set history visibility to one of the members only options (since
selecting this option, since being invited or since join).
Additionally [Matrix Foundation considers members-only history as public and will show it to anyone through archive.matrix.org](https://github.com/matrix-org/matrix-public-archive/blob/main/docs/faq.md#why-does-the-archive-user-join-rooms-instead-of-browsing-them-as-a-guest). Thus if you have a semi-public room on Matrix, you should follow these steps:
- Set your room history visibility to "since user joined the room" or at least
"since the user was invited".
- Set the room join rule to `knock` or `invite` -only. If you really need to,
you may also use `restricted` or `knock_restricted`, but be careful to not
allow access from public rooms (although this will still protect you from
matrix-public-archive).
- Consider enabling end-to-end-encryption while it's generally not adviced for
public rooms.
Note that as the option name hints, the history visibility option will not Note that as the option name hints, the history visibility option will not
apply to previous messages. Thus if you first make room public and then apply to previous messages. Thus if you first make room public and then
@ -173,9 +160,12 @@ and related issues.
It depends. It depends.
You can try [Matrix Public Archive](https://github.com/matrix-org/matrix-public-archive/), e.g. for Matrix HQ [archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org) You can try [Matrix Public Archive](https://github.com/matrix-org/matrix-public-archive/), e.g. for Matrix HQ [archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org)
or [matrix-archive.evulid.cc/r/matrix:matrix.org](https://matrix-archive.evulid.cc/r/matrix:matrix.org)
omitting the leading `#`. omitting the leading `#`.
_If you too consider that undesirable, you can [join us at matrix-org/matrix-public-archive#47 requesting the ability to opt-out](https://github.com/matrix-org/matrix-public-archive/issues/47) and ban `@archive:matrix.org` from your rooms in hopes that it will be enough._ \_Until 2023-06-27 [Matrix Foundation considered members-only rooms as public](https://matrix.org/blog/2023/07/what-happened-with-the-archive#a-note-on-shared-history-visibility)
so some outdated or patched archive instances may still reveal information.
[Method to opt-out is still not in sight.](https://github.com/matrix-org/matrix-public-archive/issues/47)
Alternatively if the room in question has an alias, you can try poking the room directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org): [https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org), you get the room ID and list of homeservers in it and if you see a single user (or otherwise not so popular homeserver), you can make educated guesses on who may be in the room. Note that this particular link requires `matrix.org` to be in the room and aware of the alias. Alternatively if the room in question has an alias, you can try poking the room directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org): [https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org), you get the room ID and list of homeservers in it and if you see a single user (or otherwise not so popular homeserver), you can make educated guesses on who may be in the room. Note that this particular link requires `matrix.org` to be in the room and aware of the alias.
@ -602,9 +592,14 @@ Matrix has a place in my heart, just as IRC and XMPP and while none of the three
get resolved and the fighting between them to end and I am tired of the "stop having fun" or "you are worse person for still using deprecated IRC" get resolved and the fighting between them to end and I am tired of the "stop having fun" or "you are worse person for still using deprecated IRC"
or "I wish IRC/XMPP just died already as it's so old" or whatever attitude I see amongst certain Matrix user/enthustiastic groups. or "I wish IRC/XMPP just died already as it's so old" or whatever attitude I see amongst certain Matrix user/enthustiastic groups.
However I admit having increasingly difficult time believing that either _Matrix However I admit sometimes having difficult time believing that either _Matrix
Foundation_ or _New Vector trading as Element_ has their users best interests Foundation_ or _New Vector trading as Element_ has their users best interests
in heart. in heart. On my worse days, I especially hardwordedly criticse [media never being removed](https://github.com/matrix-org/synapse/issues/1263#issuecomment-1120225193)
or [fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles](https://github.com/matrix-org/synapse/issues/5677#issuecomment-894831845)
and especially [lack of self-destructing messages (that is nowadays a discussion rather than an issue)](https://github.com/vector-im/element-meta/discussions/682)
considering even [DeltaChat (also known as an email client](https://delta.chat)
manages to implement it without control over the underlying protocol and even
less guarantees!
--- ---