Change history_visibility for new private rooms to invite #587
Labels
A-Client-Server
Issues affecting the CS API
enhancement
A suggestion for a relatively simple improvement to the protocol
Comments
turt2live
added
A-Client-Server
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The room history is always set to shared (https://matrix.org/docs/spec/client_server/r0.6.0#post-matrix-client-r0-createroom). This results in the following problem:
User A and User B start a private conversation (with default settings)
User A and B chat about private/confidential matters
User A invites User C to the conversation
User C can see the entire history
This could result in serious Problems for the affected users including security (leaked passwords), bullying (private information being disclosed) etc.
By changing this to invite for private conversations (trusted_private_chat) and possibly even for private rooms (private_chat) this problem is mitigated by only allowing new people to see messages created after their invite (which is visible to all previous room members). In my opinion this is the more reasonable default value.
With shared history, the invitation of a new room member can have serious implications for the previous members. With history set to invited, the "worst case" is that information has to be resend to the channel for the new member.
#289 goes into the same direction, but this is a quick and easy solution to the problem with little work and quick to implement in comparison. And it solves many of the same problems. So even if you change the room later, the private parts stay private (unless explicitly set to shared again during room creation).
The text was updated successfully, but these errors were encountered: