You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 6, 2020. It is now read-only.
The GDPR consent UX is that synapse will invite all users to a personal "Server notices" room, in which they will get spammed a message saying "To continue to use the server, please click this link to read and consent to the privacy policy". The user will not be able to reject the invite, nor leave the room. We would like Riot to handle the room as ergonomically as possible.
1 - Handles users trying to leave an unleaveable room (or reject an unrejectable invite) nicely
2 - Handles error messages issued whilst trying to talk when missing consent prettily (routing them towards the consent tool). Presumably this should be the primary route the users uses to enter the consent tool? We don't want them to have to join the notices room and manually click on the link.
3 - OPTIONAL: Special-case the 'please consent to use this server' event somehow in the notices room; possibly just hide it, given the user will be being forced into the consent tool by all the 40x errors they'll be getting? I don't think we should autoload the consent tool based on this event, as it might be abusable for phishing (e.g. if anyone else sent the right event type we could end up autoloading arbitrary URLs or something horrid).
This is now optional as we don't want to mess around setting a custom event type for the 'please consent to use this server' message, given we don't have fallback events yet. So instead Riot users will just get a redundant message.
The text was updated successfully, but these errors were encountered:
richvdh
changed the title
Ensure sure Riot (both web & mobile) handles the GDPR consent UX well
Ensure Riot (both web & mobile) handles the GDPR consent UX well
May 18, 2018
Proposal for the error API from the server is to return a 40x with json error code of M_CONSENT_NOT_GIVEN, a human readable error message in the error field, and a privacy_policy JSON field that gives the url of the consent tool.
Every time the app meets a M_CONSENT_NOT_GIVEN error for a request (message post, room creation, etc), it should display a modal to the end user asking them to consent via the consent tool.
The text for this modal is:
To continue using the matrix.org homeserver you must review and agree to the terms and conditions.
where matrix.org should be replaced by the user's homeserver.
The GDPR consent UX is that synapse will invite all users to a personal "Server notices" room, in which they will get spammed a message saying "To continue to use the server, please click this link to read and consent to the privacy policy". The user will not be able to reject the invite, nor leave the room. We would like Riot to handle the room as ergonomically as possible.
The text was updated successfully, but these errors were encountered: