Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC4069: Inhibit profile propagation #4069

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

turt2live
Copy link
Member

@turt2live turt2live commented Oct 23, 2023

Rendered

Implementations:

@turt2live turt2live added proposal A matrix spec change proposal client-server Client-Server API kind:feature MSC for not-core and not-maintenance stuff hacktoberfest-accepted needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Oct 23, 2023
@turt2live turt2live marked this pull request as ready for review October 23, 2023 04:18
@turt2live turt2live changed the title MSC: Inhibit profile propagation MSC4069: Inhibit profile propagation Oct 23, 2023
be more readily possible. For example, a client *introducing* per-space memberships might use this
new query parameter to make it easier to manually apply `m.room.member` event changes.

## Alternatives
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of propagating at /avatar_url and /displayname, it could be part of m.room.member. A "locked": true (or similar) in the content would cause the server to not update that member event.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so, I've been thinking about this a lot. There's some potential privacy concerns with revealing the information. Specifically, it tells other members of the room that the user is definitely using a customized, non-default, profile in the room. On the other hand, any malicious party wanting to make use of that information could just GET the user's default profile to find their "real" profile anyways. A separate MSC would be good to add protections/guarantees around the user's [default] profile (who can access it, etc).

Eventually it'd also be good to move the profile out of the m.room.member event, to give at minimum separation of concerns. Currently the membership event's primary purpose is to denote the user's, well, membership. Profile information is added on as a convenience. While scalable, it feels a bit overloaded to use the event for two things.

The third concern is mostly one of backwards compatibility. Clients may already have UX which says the user's profile changes everywhere. If we add locked: true to the membership event, that client UX is now a lie. This is relatively minor, but worth noting as an incompatibility. By preventing propagation at the endpoint level, existing clients can maintain their UX and new clients can more obviously add a toggle or similar to "overwrite" the profile in all rooms, or otherwise tailor their UI for their specific use case.

Overall, I think I'm still in favour of using the endpoint-level control, though a counter MSC to discuss the m.room.member flagging would be interesting.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A possibly third option: m.profile_locked as a per-room account data event. This state would not be visible to other users. I would prefer this to a locked property in the membership event, but would prefer endpoint-level control over both.

turt2live added a commit to matrix-org/synapse that referenced this pull request Nov 15, 2023
erikjohnston pushed a commit to matrix-org/synapse that referenced this pull request Dec 4, 2023
yingziwu added a commit to yingziwu/synapse that referenced this pull request Dec 17, 2023
Synapse 1.98.0 will be the last Synapse release in 2023; the regular release cadence will resume in January 2024.

Synapse will soon be forked by Element under an AGPLv3.0 licence (with CLA, for
proprietary dual licensing). You can read more about this here:

 - https://matrix.org/blog/2023/11/06/future-of-synapse-dendrite/
 - https://element.io/blog/element-to-adopt-agplv3/

The Matrix.org Foundation copy of the project will be archived. Any changes needed
by server administrators will be communicated via our usual announcements channels,
but we are striving to make this as seamless as possible.

No significant changes since 1.98.0rc1.

- Synapse now declares support for Matrix v1.7, v1.8, and v1.9. ([\matrix-org#16707](matrix-org#16707))
- Add `on_user_login` [module API](https://matrix-org.github.io/synapse/latest/modules/writing_a_module.html) callback for when a user logs in. ([\matrix-org#15207](matrix-org#15207))
- Support [MSC4069: Inhibit profile propagation](matrix-org/matrix-spec-proposals#4069). ([\matrix-org#16636](matrix-org#16636))
- Restore tracking of requests and monthly active users when delegating authentication via [MSC3861](matrix-org#16672) to an OIDC provider. ([\matrix-org#16672](matrix-org#16672))
- Add an autojoin setting for server notices rooms, so users may be joined directly instead of receiving an invite. ([\matrix-org#16699](matrix-org#16699))
- Follow redirects when downloading media over federation (per [MSC3860](matrix-org/matrix-spec-proposals#3860)). ([\matrix-org#16701](matrix-org#16701))

- Enable refreshable tokens on the admin registration endpoint. ([\matrix-org#16642](matrix-org#16642))
- Consistently bypass rate limits when using the server notice admin API. ([\matrix-org#16670](matrix-org#16670))
- Fix a bug introduced in Synapse 1.7.2 where rooms whose power levels lacked an `events` field could not be upgraded. ([\matrix-org#16725](matrix-org#16725))
- Fix `GET /_synapse/admin/v1/federation/destinations` [admin API](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) returning null (instead of 0) for `retry_last_ts` and `retry_interval`. ([\matrix-org#16729](matrix-org#16729))

- Add schema rollback information to documentation. ([\matrix-org#16661](matrix-org#16661))
- Fix poetry version typo in the [contributors' guide](https://matrix-org.github.io/synapse/latest/development/contributing_guide.html). ([\matrix-org#16695](matrix-org#16695))
- Switch the example UNIX socket paths to `/run`. Add HAProxy example configuration for UNIX sockets. ([\matrix-org#16700](matrix-org#16700))
- Add documentation for how to validate the configuration file with `synapse.config` script. ([\matrix-org#16714](matrix-org#16714))

- Clean-up unused tables. ([\matrix-org#16522](matrix-org#16522))
- Reduce a little database load while processing state auth chains. ([\matrix-org#16552](matrix-org#16552))
- Reduce database load of pruning old `user_ips`. ([\matrix-org#16667](matrix-org#16667))
- Reduce DB load when forget on leave setting is disabled. ([\matrix-org#16668](matrix-org#16668))
- Ignore `encryption_enabled_by_default_for_room_type` setting when creating server notices room, since the notices will be send unencrypted anyway. ([\matrix-org#16677](matrix-org#16677))
- Correctly read the to-device stream ID on startup using SQLite. ([\matrix-org#16682](matrix-org#16682))
- Reoranganise test files. ([\matrix-org#16684](matrix-org#16684))
- Remove old full schema dumps which are no longer used. ([\matrix-org#16697](matrix-org#16697))
- Raise poetry-core upper bound to <=1.8.1. This allows contributors to import Synapse after `poetry install`ing with Poetry 1.6 and above. Contributed by Mo Balaa. ([\matrix-org#16702](matrix-org#16702))
- Add a workflow to try and automatically fixup linting in a PR. ([\matrix-org#16704](matrix-org#16704))

* Bump cryptography from 41.0.5 to 41.0.6. ([\matrix-org#16703](matrix-org#16703))
* Bump cryptography from 41.0.6 to 41.0.7. ([\matrix-org#16721](matrix-org#16721))
* Bump idna from 3.4 to 3.6. ([\matrix-org#16720](matrix-org#16720))
* Bump jsonschema from 4.19.1 to 4.20.0. ([\matrix-org#16692](matrix-org#16692))
* Bump matrix-org/netlify-pr-preview from 2 to 3. ([\matrix-org#16719](matrix-org#16719))
* Bump phonenumbers from 8.13.23 to 8.13.26. ([\matrix-org#16722](matrix-org#16722))
* Bump prometheus-client from 0.18.0 to 0.19.0. ([\matrix-org#16691](matrix-org#16691))
* Bump pyasn1 from 0.5.0 to 0.5.1. ([\matrix-org#16689](matrix-org#16689))
* Bump pydantic from 2.4.2 to 2.5.1. ([\matrix-org#16663](matrix-org#16663))
* Bump pyo3 (0.19.2→0.20.0), pythonize (0.19.0→0.20.0) and pyo3-log (0.8.1→0.9.0). ([\matrix-org#16673](matrix-org#16673))
* Bump pyopenssl from 23.2.0 to 23.3.0. ([\matrix-org#16662](matrix-org#16662))
* Bump ruff from 0.1.4 to 0.1.6. ([\matrix-org#16690](matrix-org#16690))
* Bump sentry-sdk from 1.32.0 to 1.35.0. ([\matrix-org#16666](matrix-org#16666))
* Bump serde from 1.0.192 to 1.0.193. ([\matrix-org#16693](matrix-org#16693))
* Bump sphinx-autodoc2 from 0.4.2 to 0.5.0. ([\matrix-org#16723](matrix-org#16723))
* Bump types-jsonschema from 4.19.0.4 to 4.20.0.0. ([\matrix-org#16724](matrix-org#16724))
* Bump types-pillow from 10.1.0.0 to 10.1.0.2. ([\matrix-org#16664](matrix-org#16664))
* Bump types-psycopg2 from 2.9.21.15 to 2.9.21.16. ([\matrix-org#16665](matrix-org#16665))
* Bump types-setuptools from 68.2.0.0 to 68.2.0.2. ([\matrix-org#16688](matrix-org#16688))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client-server Client-Server API hacktoberfest-accepted kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants