Invite spam control (SPEC-96) #491
Comments
|
Jira watchers: @kegsay |
|
Links exported from Jira: relates to SPEC-60 |
matrixbot
added
the
feature
|
SPEC-60 now at #932 |
|
I see in SPEC-96 "Clients need to know why they are being invited (e.g. a reason key, just like for kicks/bans). However, this opens up a spam vector where any user can send any other user a string. Do we really want to do that?" One way to manage this is to give control over how and where users may send invites from. For example, maybe I don't want to be able to be contacted directly/out of nowhere, but if you are in a room with me, then you may. So an imperfect solution i've thought of is to have a way to know and display where the user was invited from. This way there is at least some context to understand how the user was discovered or the inviting party is connected. This possibly could be implemented through forcing room invitations to be whispers in other rooms (and possibly giving each user their own "room" from which they can either allow or deny whispers): https://github.com/vector-im/riot-web/issues/3345#issuecomment-285274081 A simpler but less ideal option is to have a way to always show the rooms users have in common with each other, which I believe discord does. |
turt2live
changed the title
|
Please see my comment at #2339 (comment) |
|
I have a similar approach like @heyakyra. |
|
I don't think there's much left to do here. Invites can now come with reasons (#2795), and invites already come with a "stripped state" including room name etc. In short, this issue is showing its age. |
See SPEC-60 for room knock support.
There are outstanding issues with inviting users to rooms, namely:
(Imported from https://matrix.org/jira/browse/SPEC-96)
(Reported by @kegsay)
The text was updated successfully, but these errors were encountered: