mikaela.github.io/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md

196 lines
9.5 KiB
Markdown

---
layout: post
title:
"Matrix abuse protection model for community maintainers: security by
obscurity"
category: [english]
tags: [matrix]
lang: en
robots: noai
redirect_from: /mcasbo.html
---
_I am administrator or moderator in multiple communities in Matrix, the most
sizable being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir.
And I am tired._
If I was using Discord, I would make a guild, make roles within it and then
right click people and assign them roles and they would be able to manage all
channels those roles let them. Time estimate less than 15 minutes.
Sadly I am not using Discord, I am using Matrix. This means that while burnt out
it feels like no one has thought of the case where a community with more than a
couple of rooms wants to use Matrix.
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
<em lang="fi">Automaattinen sisällysluettelo</em> / <em lang="en">Automatically generated Table of Contents</em>
- [Setup](#setup)
- [Bus factor](#bus-factor)
- [Abuse finds you!](#abuse-finds-you)
- [Icing on the cake](#icing-on-the-cake)
- [Aminda, are you ok, has this happened to you?](#aminda-are-you-ok-has-this-happened-to-you)
- [What is this community with 23 rooms and two spaces?](#what-is-this-community-with-23-rooms-and-two-spaces)
- [Afterword](#afterword)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
<!-- prettier-ignore-end -->
<!-- editorconfig-checker-enable -->
## Setup
I am tired, so excuse me for not involving complete documentation and just
smaller steps:
1. Use https://develop.element.io/ (or have a config.json allowing you to use
labs)
2. Create a space.
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`. 2.
**_WARNING_** You should check
[the Matrix spec](https://spec.matrix.org/latest/rooms/) for the latest
stable room version. Or maybe the
[unstable spec](https://spec.matrix.org/unstable/rooms/)? Or maybe you should
just
[search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? 3.
**_WARNING! Always before executing `/upgraderoom` check that everyone in
your room has a recent Matrix server that supports your target room version,
otherwise you may lock some of your users out._** For example
`/invite @version:maunium.net` and once it joins, say
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers
that don't support room version {{site.matrixLatestRoomVersion}} yet.
4. Clear cache and reload so the old space maybe disappears.
5. See also
[Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208)
6. Now that there is a space, right click it to create a new room under it and
select that it can only be joined by space members. You will hopefully end up
with room version 9 (the default at time of writing is 6 and has even worse
situation with abuse pretention).
7. Go to room settings and set the room to public join assuming it's supposed to
be public (14 of this worst case scenario are)
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how to
handle a private space (9 rooms in this case).
### Bus factor
As we are a serious organisation using Matrix here, even if we have no money or
people or homeserver or Mjolnir, what happens if you somehow become unable to
access your account or are asleep or something when you are needed? You add more
people with power and also register yourself on multiple homeservers, so if your
main account goes down, you have power somewhere else.
Let's say you have 20 rooms (you get it a bit more easy than I do), I think you
have three methods to promote your other accounts:
**_WARNING: administrator status cannot be removed by others._**
- A. Using the graphical user interface, invite the other administrators to the
room and click the buttons to make them administrators. I am too tired to
check how to do this, but it's a graphical user interface, good luck! Remember
you will do this twenty times, once for every room/administrator.
- B. You can type `/invite @user:example.org` and then
`/op @user:example.org 100` and copy-paste it all the time!
- C. My favourite, you can have a pre-formatted power-level event in json in a
git repository from which you can copy-paste it to all rooms, first
`/devtools`, then "room state", "m.room.power_levels", "edit" and you can
paste your new administrators there and press "send"! This is the only mass
option you have, and you will have to do this in each twenty rooms.
Remember you will have to do this every time you add a new moderator (or they
will be unable to act in the room when they are needed)!
We also have a matterbridge (which has it's own configuration for every room,
but offtopic here) which has administrator / power level 100 in every room, so
if I am not available the administrator team can login as it and take care of
the situation.
## Abuse finds you!
Congratulations, if abuse has found you, the security through obscurity model
has failed and now you get to deal with it! That is very simple, you just check
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all
twenty rooms.
Did you find out that you have a lot of abuse from a single server and Matrix
doesn't support wildcards in bans? No problem,
[Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
you simply use `/devtools` and ban the entire server by sending a completely new
event `m.room.server_acl`, luckily you are a professional `/devtools` user at
this point so having to do this 20 times is nothing to you.
_2022-01-10 addition:_ this becomes worse as Matrix Synapse alongside
[the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928)
so as per the guide, you will have to acl those servers too (or the ACL might as
well not exist).
### Icing on the cake
Could this get any better? Yes, the abuse could happen when you are sleeping or
otherwise out of the picture, so your fellow ICT team member (who has no
interest in touching this mess with a long stick) has to step in for you and
resolve the issue.
It's a stress situation for them, will the ICT team be able to find the shared
password for the Matrix administrator account you hopefully have and speedlearn
to be a `/devtools` professional or able to handle even easier forms of spamming
or flooding without you present? My money is on the spammer. Good luck,
high-five for the next team meeting where you wonder what happened, how to
prevent it from happening again and will you even support Matrix in the future?
I hope someone thanked you for ever having your organization there, I know that
I have only gotten complaints about matterbridge looking ugly and not using
matrix-appservice-irc, \<redacted-for-similar-trouble\>,
matrix-whatever-discord, etc.
## Aminda, are you ok, has this happened to you?
Thank you for asking, I am not ok, I have a burnout and xmas is poor time for me
in general, and this whole issue is ridiculous, someone could have thought of it
since 2014, everything I am saying is public knowledge, but no one cares.
It's whoever is running Matrix without hosting their own homeserver and Mjölnir
(which brings all reasonable management for organizations) who is at fault (me).
I wonder how much would a Mjolnir help if abuse was sophiscated enough to DDoS
it off the internet before beginning.
## What is this community with 23 rooms and two spaces?
It's [Pirate Party of Finland](https://piraattipuolue.fi/en). I cannot say
whether it's us or Matrix that is obscure enough to have avoided the nightmare I
painted in this blog post, but as I am the only administrator at Matrix, I have
locked it down so the rest of the ICT team can continue not touching Matrix or
practicing `/devtools` first without a stressful situation.
[Our main space](matrix:r/space.piraatit.fi:matrix.org?action=join) requires
knocking before it can be joined. Don't ask me what Matrix clients support
knocking, it's part of
[Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
don't even ask me what Matrix servers support it.
Our public rooms within that space require being a member of that space.
Our more sensitive rooms that desire working peace from spammers are in a
subspace, which again require belonging to it, and which requires knocking too.
We have similar system in place at Discord where we just grant people a role
once they have talked a bit and shown themselves to not be malicious and this is
the best <s>we</s> I can do at Matrix.
The above looks a bit weird as I was going to put the actual json events there,
but I am too tired to bother with that.
## Afterword
If I am wrong at anything I said, please contact me instantly either in
[my discussion channels](/discuss),
[the GitHub issue for this post](https://github.com/Mikaela/mikaela.github.io/issues/268)
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my
email actively though) as if I am wrong and there is a reasonable Discord-style
interface for this without additional money, you are improving my life greatly
as I am not just going to stop using Matrix.
- [Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md)