Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL Previews should be entirely disabled in E2E rooms #10853

Closed
ara4n opened this issue Sep 12, 2019 · 5 comments
Closed

URL Previews should be entirely disabled in E2E rooms #10853

ara4n opened this issue Sep 12, 2019 · 5 comments
Labels
A-E2EE A-URL-Previews T-Other Questions, user support, anything else X-Needs-Product More input needed from the Product team

Comments

@ara4n
Copy link
Member

ara4n commented Sep 12, 2019

i'm hearing anecdotal reports that they appear for some users in E2E rooms

@turt2live
Copy link
Member

They are disabled by default unless one enables them explicitly.

@ara4n
Copy link
Member Author

ara4n commented Sep 13, 2019

hm, i doubt that has happened here. will try to find more info

@jryans jryans added T-Other Questions, user support, anything else A-E2EE A-URL-Previews labels Sep 30, 2019
@CEbhNwPM
Copy link

CEbhNwPM commented Jan 5, 2020

Please make this a priority. Currently, unprivileged users can subvert E2E encryption of private rooms by enabling URL previews. In my server logs, I found requests from the homeserver to URLs on my site that were only shared in a private Matrix room.

The fact that URLs have to be sent to the homeserver in plaintext for this feature is only an afterthought in the description of this option, yet it is far from obvious that this is somehow necessary.

There should at least be a very big warning and it should be a setting only a room admin (or someone else with explicit permission) can enable in encrypted rooms. The fact that the option says "only affects you" is very troublesome as well, when leaking all URLs clearly affects everyone in the room.

@SimonBrandner
Copy link
Contributor

While I agree, users who don't know the risks of enabling URL previews isn't great, I think it should always be an option. While I want my conversations to be E2EE, I usually don't tend to mine the URLs leaking

@turt2live
Copy link
Member

Closing because we already have this. If people are seeing otherwise, please open bug reports with new information.

su-ex added a commit to SchildiChat/element-web that referenced this issue Dec 13, 2023
* Redirect to the SSO page if `sso_redirect_options.on_welcome_page` is enabled and the URL hash is empty ([\element-hq#25495](element-hq#25495)). Contributed by @dhenneke.
* vector/index.html: Allow fetching blob urls ([\element-hq#25336](element-hq#25336)). Contributed by @SuperKenVery.
* When joining room in sub-space join the parents too ([\element-hq#11011](matrix-org/matrix-react-sdk#11011)).
* Include thread replies in message previews ([\element-hq#10631](matrix-org/matrix-react-sdk#10631)). Fixes element-hq#23920.
* Use semantic headings in space preferences ([\element-hq#11021](matrix-org/matrix-react-sdk#11021)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - Ignored users ([\element-hq#11006](matrix-org/matrix-react-sdk#11006)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - profile ([\element-hq#10973](matrix-org/matrix-react-sdk#10973)). Fixes element-hq#25461. Contributed by @kerryarchibald.
* Use semantic headings in user settings - account ([\element-hq#10972](matrix-org/matrix-react-sdk#10972)). Contributed by @kerryarchibald.
* Support `Insert from iPhone or iPad` in Safari ([\element-hq#10851](matrix-org/matrix-react-sdk#10851)). Fixes element-hq#25327. Contributed by @SuperKenVery.
* Specify supportedStages for User Interactive Auth ([\element-hq#10975](matrix-org/matrix-react-sdk#10975)). Fixes element-hq#19605.
* Pass device id to widgets ([\element-hq#10209](matrix-org/matrix-react-sdk#10209)). Contributed by @Fox32.
* Use semantic headings in user settings - discovery ([\element-hq#10838](matrix-org/matrix-react-sdk#10838)). Contributed by @kerryarchibald.
* Use semantic headings in user settings -  Notifications ([\element-hq#10948](matrix-org/matrix-react-sdk#10948)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - spellcheck and language ([\element-hq#10959](matrix-org/matrix-react-sdk#10959)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Appearance ([\element-hq#10827](matrix-org/matrix-react-sdk#10827)). Contributed by @kerryarchibald.
* Use semantic heading in user settings Sidebar & Voip ([\element-hq#10782](matrix-org/matrix-react-sdk#10782)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Security ([\element-hq#10774](matrix-org/matrix-react-sdk#10774)). Contributed by @kerryarchibald.
* Use semantic headings in user settings - integrations and account deletion ([\#10837](matrix-org/matrix-react-sdk#10837)). Fixes element-hq#25378. Contributed by @kerryarchibald.
* Use semantic headings in user settings Preferences ([\element-hq#10794](matrix-org/matrix-react-sdk#10794)). Contributed by @kerryarchibald.
* Use semantic headings in user settings Keyboard ([\element-hq#10793](matrix-org/matrix-react-sdk#10793)). Contributed by @kerryarchibald.
* RTE plain text mentions as pills ([\element-hq#10852](matrix-org/matrix-react-sdk#10852)). Contributed by @alunturner.
* Allow welcome.html logo to be replaced by config ([\element-hq#25339](element-hq#25339)). Fixes element-hq#8636.
* Use semantic headings in user settings Labs ([\element-hq#10773](matrix-org/matrix-react-sdk#10773)). Contributed by @kerryarchibald.
* Use semantic list elements for menu lists and tab lists ([\element-hq#10902](matrix-org/matrix-react-sdk#10902)). Fixes element-hq#24928.
* Fix aria-required-children axe violation ([\element-hq#10900](matrix-org/matrix-react-sdk#10900)). Fixes element-hq#25342.
* Enable pagination for overlay timelines ([\element-hq#10757](matrix-org/matrix-react-sdk#10757)). Fixes vector-im/voip-internal#107.
* Add tooltip to disabled invite button due to lack of permissions ([\element-hq#10869](matrix-org/matrix-react-sdk#10869)). Fixes element-hq#9824.
* Respect configured auth_header_logo_url for default Welcome page ([\element-hq#10870](matrix-org/matrix-react-sdk#10870)).
* Specify lazy loading for avatars ([\element-hq#10866](matrix-org/matrix-react-sdk#10866)). Fixes element-hq#1983.
* Room and user mentions for plain text editor ([\element-hq#10665](matrix-org/matrix-react-sdk#10665)). Contributed by @alunturner.
* Add audible notifcation on broadcast error ([\#10654](matrix-org/matrix-react-sdk#10654)). Fixes element-hq#25132.
* Fall back from server generated thumbnail to original image ([\element-hq#10853](matrix-org/matrix-react-sdk#10853)).
* Use semantically correct elements for room sublist context menu ([\element-hq#10831](matrix-org/matrix-react-sdk#10831)). Fixes vector-im/customer-retainer#46.
* Avoid calling prepareToEncrypt onKeyDown ([\element-hq#10828](matrix-org/matrix-react-sdk#10828)).
* Allows search to recognize full room links ([\element-hq#8275](matrix-org/matrix-react-sdk#8275)). Contributed by @bolu-tife.
* "Show rooms with unread messages first" should not be on by default for new users ([\element-hq#10820](matrix-org/matrix-react-sdk#10820)). Fixes element-hq#25304. Contributed by @kerryarchibald.
* Fix emitter handler leak in ThreadView ([\element-hq#10803](matrix-org/matrix-react-sdk#10803)).
* Add better error for email invites without identity server ([\element-hq#10739](matrix-org/matrix-react-sdk#10739)). Fixes element-hq#16893.
* Move reaction message previews out of labs ([\element-hq#10601](matrix-org/matrix-react-sdk#10601)). Fixes element-hq#25083.
* Sort muted rooms to the bottom of their section of the room list ([\element-hq#10592](matrix-org/matrix-react-sdk#10592)). Fixes element-hq#25131. Contributed by @kerryarchibald.
* Use semantic headings in user settings Help & About ([\element-hq#10752](matrix-org/matrix-react-sdk#10752)). Contributed by @kerryarchibald.
* use ExternalLink components for external links ([\element-hq#10758](matrix-org/matrix-react-sdk#10758)). Contributed by @kerryarchibald.
* Use semantic headings in space settings ([\element-hq#10751](matrix-org/matrix-react-sdk#10751)). Contributed by @kerryarchibald.
* Use semantic headings for room settings content ([\element-hq#10734](matrix-org/matrix-react-sdk#10734)). Contributed by @kerryarchibald.
* Use consistent fonts for Japanese text ([\element-hq#10980](matrix-org/matrix-react-sdk#10980)). Fixes element-hq#22333 and element-hq#23899.
* Fix: server picker validates unselected option ([\element-hq#11020](matrix-org/matrix-react-sdk#11020)). Fixes element-hq#25488. Contributed by @kerryarchibald.
* Fix room list notification badges going missing in compact layout ([\element-hq#11022](matrix-org/matrix-react-sdk#11022)). Fixes element-hq#25372.
* Fix call to `startSingleSignOn` passing enum in place of idpId ([\element-hq#10998](matrix-org/matrix-react-sdk#10998)). Fixes element-hq#24953.
* Remove hover effect from user name on a DM creation UI ([\element-hq#10887](matrix-org/matrix-react-sdk#10887)). Fixes element-hq#25305. Contributed by @luixxiul.
* Fix layout regression in public space invite dialog ([\element-hq#11009](matrix-org/matrix-react-sdk#11009)). Fixes element-hq#25458.
* Fix layout regression in session dropdown ([\element-hq#10999](matrix-org/matrix-react-sdk#10999)). Fixes element-hq#25448.
* Fix spacing regression in user settings - roles & permissions ([\element-hq#10993](matrix-org/matrix-react-sdk#10993)). Fixes element-hq#25447 and element-hq#25451. Contributed by @kerryarchibald.
* Fall back to receipt timestamp if we have no event (react-sdk part) ([\element-hq#10974](matrix-org/matrix-react-sdk#10974)). Fixes element-hq#10954. Contributed by @andybalaam.
* Fix: Room header 'view your device list' does not link to new session manager ([\element-hq#10979](matrix-org/matrix-react-sdk#10979)). Fixes element-hq#25440. Contributed by @kerryarchibald.
* Fix display of devices without encryption support in Settings dialog ([\element-hq#10977](matrix-org/matrix-react-sdk#10977)). Fixes element-hq#25413.
* Use aria descriptions instead of labels for TextWithTooltip ([\element-hq#10952](matrix-org/matrix-react-sdk#10952)). Fixes element-hq#25398.
* Use grapheme-splitter instead of lodash for saving emoji from being ripped apart ([\element-hq#10976](matrix-org/matrix-react-sdk#10976)). Fixes element-hq#22196.
* Fix: content overflow in settings subsection ([\#10960](matrix-org/matrix-react-sdk#10960)). Fixes element-hq#25416. Contributed by @kerryarchibald.
* Make `Privacy Notice` external link on integration manager ToS clickable ([\element-hq#10914](matrix-org/matrix-react-sdk#10914)). Fixes element-hq#25384. Contributed by @luixxiul.
* Ensure that open message context menus are updated when the event is sent ([\element-hq#10950](matrix-org/matrix-react-sdk#10950)).
* Ensure that open sticker picker dialogs are updated when the widget configuration is updated. ([\#10945](matrix-org/matrix-react-sdk#10945)).
* Fix big emoji in replies ([\element-hq#10932](matrix-org/matrix-react-sdk#10932)). Fixes element-hq#24798.
* Hide empty `MessageActionBar` on message edit history dialog ([\element-hq#10447](matrix-org/matrix-react-sdk#10447)). Fixes element-hq#24903. Contributed by @luixxiul.
* Fix roving tab index getting confused after dragging space order ([\element-hq#10901](matrix-org/matrix-react-sdk#10901)).
* Attempt a potential workaround for stuck notifs ([\element-hq#3384](matrix-org/matrix-js-sdk#3384)). Fixes element-hq#25406. Contributed by @andybalaam.
* Handle trailing dot FQDNs for domain-specific config.json files ([\element-hq#25351](element-hq#25351)). Fixes element-hq#8858.
* Ignore edits in message previews when they concern messages other than latest ([\element-hq#10868](matrix-org/matrix-react-sdk#10868)). Fixes element-hq#14872.
* Send correct receipts when viewing a room ([\element-hq#10864](matrix-org/matrix-react-sdk#10864)). Fixes element-hq#25196.
* Fix timeline search bar being overlapped by the right panel ([\element-hq#10809](matrix-org/matrix-react-sdk#10809)). Fixes element-hq#25291. Contributed by @luixxiul.
* Fix the state shown for call in rooms ([\element-hq#10833](matrix-org/matrix-react-sdk#10833)).
* Add string for membership event where both displayname & avatar change ([\element-hq#10880](matrix-org/matrix-react-sdk#10880)). Fixes element-hq#18026.
* Fix people space notification badge not updating for new DM invites ([\element-hq#10849](matrix-org/matrix-react-sdk#10849)). Fixes element-hq#23248.
* Fix regression in emoji picker order mangling after clearing filter ([\element-hq#10854](matrix-org/matrix-react-sdk#10854)). Fixes element-hq#25323.
* Fix: Edit history modal crash ([\#10834](matrix-org/matrix-react-sdk#10834)). Fixes element-hq#25309. Contributed by @kerryarchibald.
* Fix long room address and name not being clipped on room info card and update `_RoomSummaryCard.pcss` ([\element-hq#10811](matrix-org/matrix-react-sdk#10811)). Fixes element-hq#25293. Contributed by @luixxiul.
* Treat thumbnail upload failures as complete upload failures ([\element-hq#10829](matrix-org/matrix-react-sdk#10829)). Fixes element-hq#7069.
* Update finite automata to match user identifiers as per spec ([\#10798](matrix-org/matrix-react-sdk#10798)). Fixes element-hq#25246.
* Fix icon on empty notification panel ([\element-hq#10817](matrix-org/matrix-react-sdk#10817)). Fixes element-hq#25298 and element-hq#25302. Contributed by @luixxiul.
* Fix: Threads button is highlighted when I create a new room ([\element-hq#10819](matrix-org/matrix-react-sdk#10819)). Fixes element-hq#25284. Contributed by @kerryarchibald.
* Fix the top heading of notification panel ([\element-hq#10818](matrix-org/matrix-react-sdk#10818)). Fixes element-hq#25303. Contributed by @luixxiul.
* Fix the color of the verified E2EE icon on `RoomSummaryCard` ([\element-hq#10812](matrix-org/matrix-react-sdk#10812)). Fixes element-hq#25295. Contributed by @luixxiul.
* Fix: No feedback when waiting for the server on a /delete_devices request with SSO ([\element-hq#10795](matrix-org/matrix-react-sdk#10795)). Fixes element-hq#23096. Contributed by @kerryarchibald.
* Fix: reveal images when image previews are disabled ([\element-hq#10781](matrix-org/matrix-react-sdk#10781)). Fixes element-hq#25271. Contributed by @kerryarchibald.
* Fix accessibility issues around the room list and space panel ([\element-hq#10717](matrix-org/matrix-react-sdk#10717)). Fixes element-hq#13345.
* Ensure tooltip contents is linked via aria to the target element ([\#10729](matrix-org/matrix-react-sdk#10729)). Fixes vector-im/customer-retainer#43.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-E2EE A-URL-Previews T-Other Questions, user support, anything else X-Needs-Product More input needed from the Product team
Projects
None yet
Development

No branches or pull requests

5 participants