-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expected UTDs: Hide UTDs for messages sent while you were not in the room ("Pre-join UTDs") #2317
Comments
I'm really confused by this title. Is this specific to pre-invite UTDs, or does it also cover UTDs sent between the invite and the join? "when room allows" --- when room allows what? |
It's related to the room history visibility. If you are invited in an invite only room you will not get any historical message anyhow. So it is if the room is e2e with history_visibility set to There are edge cases like if it's a 3pid invite, but maybe in this case we should warn the sender that there is no point sending a message in that case. |
what do you mean by an invite only room?
matrix-js-sdk has this logic:
|
Interesting on android there is also a global setting IOS is like web |
Proposed solution:
This is a partial solution: there is still a race on the sender side. That has solutions discussed at #2268. We might also want to consider preventing setting |
Old description, for the record: There was already a tentative to fix that problem matrix-org/matrix-react-sdk#3881 Rooms have different For other The only way this user could access this history, is that a previous member of the room shares the keys, as per MSC3061 Share room keys for past messages. For MSC3061 to work properly, all devices in the room should support MSC3061 (otherwise the key generated by the devices won't be marked as sharable), the current device should support it (otherwise it will reject the forwarded keys as they were not requested), and the user should be invited by another user that supports MSC3061. Notice that the user has to be invited first, if he join the room by himself (space restricted room) it won't work. In any cases, we know for sure that:
Some technical pointsThere is no reliable way to know exactly if an event was sent before the user as joined the room. So a first approach based on hiding events just based on the invite event position in the timeline might lead to some errors. |
I think this should be done, as of the next releases of Synapse and all the clients. |
Problem
Sometimes, a client will receive messages that were sent before they were a member of the room. This can happen for a number of reasons:
In this situation, sometimes the receiving client will be unable to decrypt (UTD) the message because it does not have the room key needed (because no-one sent it when they send the message, because they didn't know this user needed it).
We want to make it clear why this UTD happened, because in many circumstances it is expected, and not an error.
(Note: this is different from UTDs where someone was a member, but the message was not encrypted for this device. That is tracked under #2313.)
Solution
To be able to identify this type of message and inform the user appropriately, we need to know whether the user was a member of the room when the message event was created.
The server is well-placed to know this because it has access to the DAG, whereas the client does not.
So we propose to write and implement MSC4115, allowing the server to annotate events with information about their membership of the room at the time the event was created.
Work to do
Spec:
Write MSC4115Synapse:
matrix-rust-sdk:
membership
info from withinunsigned
matrix-analytics-events
Element X Android:
Element X iOS:
Element Web/matrix-js-sdk:
(We expect to implement this a little later in Web.)
membership
info from withinunsigned
: https://github.com/element-hq/crypto-internal/issues/201Notes
Further work
This is a partial solution: there is still a race on the sender side. That has solutions discussed at #2268.
We might also want to consider preventing setting history_visibility: shared on encrypted rooms, which would stop the server sending us the events in the first place.
Previous attempts to hide these UTDs
Element Web attempted to hide these UTDs in the past: matrix-org/matrix-react-sdk#3881 but various problems with this approach have been identified e.g. element-hq/element-web#22671 .
Sharing room history, MSC3061
MSC3061 Share room keys for past messages allows providing keys to people who are allowed to decrypt messages, even if they were not a member when they were created.
If/when this is implemented, it will allow decrypting this type of UTD later. But:
The text was updated successfully, but these errors were encountered: