New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC3823: Account Suspension #3823
base: main
Are you sure you want to change the base?
Conversation
e6939d6
to
955a5ea
Compare
955a5ea
to
c2f422c
Compare
Signed-off-by: David Teller <davidt@element.io>
c2f422c
to
b3a4a79
Compare
Co-authored-by: Travis Ralston <travpc@gmail.com>
Synapse 1.61.0 (2022-06-14) =========================== This release removes support for the non-standard feature known both as 'groups' and as 'communities', which have been superseded by *Spaces*. See [the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1610) for more details. Improved Documentation ---------------------- - Mention removed community/group worker endpoints in [upgrade.md](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1610s). Contributed by @olmari. ([\matrix-org#13023](matrix-org#13023)) Synapse 1.61.0rc1 (2022-06-07) ============================== Features -------- - Add new `media_retention` options to the homeserver config for routinely cleaning up non-recently accessed media. ([\matrix-org#12732](matrix-org#12732), [\matrix-org#12972](matrix-org#12972), [\matrix-org#12977](matrix-org#12977)) - Experimental support for [MSC3772](matrix-org/matrix-spec-proposals#3772): Push rule for mutually related events. ([\matrix-org#12740](matrix-org#12740), [\matrix-org#12859](matrix-org#12859)) - Update to the `check_event_for_spam` module callback: Deprecate the current callback signature, replace it with a new signature that is both less ambiguous (replacing booleans with explicit allow/block) and more powerful (ability to return explicit error codes). ([\matrix-org#12808](matrix-org#12808)) - Add storage and module API methods to get monthly active users (and their corresponding appservices) within an optionally specified time range. ([\matrix-org#12838](matrix-org#12838), [\matrix-org#12917](matrix-org#12917)) - Support the new error code `ORG.MATRIX.MSC3823.USER_ACCOUNT_SUSPENDED` from [MSC3823](matrix-org/matrix-spec-proposals#3823). ([\matrix-org#12845](matrix-org#12845), [\matrix-org#12923](matrix-org#12923)) - Add a configurable background job to delete stale devices. ([\matrix-org#12855](matrix-org#12855)) - Improve URL previews for pages with empty elements. ([\matrix-org#12951](matrix-org#12951)) - Allow updating a user's password using the admin API without logging out their devices. Contributed by @jcgruenhage. ([\matrix-org#12952](matrix-org#12952)) Bugfixes -------- - Always send an `access_token` in `/thirdparty/` requests to appservices, as required by the [Application Service API specification](https://spec.matrix.org/v1.1/application-service-api/#third-party-networks). ([\matrix-org#12746](matrix-org#12746)) - Implement [MSC3816](matrix-org/matrix-spec-proposals#3816): sending the root event in a thread should count as having 'participated' in it. ([\matrix-org#12766](matrix-org#12766)) - Delete events from the `federation_inbound_events_staging` table when a room is purged through the admin API. ([\matrix-org#12784](matrix-org#12784)) - Fix a bug where we did not correctly handle invalid device list updates over federation. Contributed by Carl Bordum Hansen. ([\matrix-org#12829](matrix-org#12829)) - Fix a bug which allowed multiple async operations to access database locks concurrently. Contributed by @sumnerevans @ Beeper. ([\matrix-org#12832](matrix-org#12832)) - Fix an issue introduced in Synapse 0.34 where the `/notifications` endpoint would only return notifications if a user registered at least one pusher. Contributed by Famedly. ([\matrix-org#12840](matrix-org#12840)) - Fix a bug where servers using a Postgres database would fail to backfill from an insertion event when MSC2716 is enabled (`experimental_features.msc2716_enabled`). ([\matrix-org#12843](matrix-org#12843)) - Fix [MSC3787](matrix-org/matrix-spec-proposals#3787) rooms being omitted from room directory, room summary and space hierarchy responses. ([\matrix-org#12858](matrix-org#12858)) - Fix a bug introduced in Synapse 1.54.0 which could sometimes cause exceptions when handling federated traffic. ([\matrix-org#12877](matrix-org#12877)) - Fix a bug introduced in Synapse 1.59.0 which caused room deletion to fail with a foreign key violation error. ([\matrix-org#12889](matrix-org#12889)) - Fix a long-standing bug which caused the `/messages` endpoint to return an incorrect `end` attribute when there were no more events. Contributed by @Vetchu. ([\matrix-org#12903](matrix-org#12903)) - Fix a bug introduced in Synapse 1.58.0 where `/sync` would fail if the most recent event in a room was a redaction of an event that has since been purged. ([\matrix-org#12905](matrix-org#12905)) - Fix a potential memory leak when generating thumbnails. ([\matrix-org#12932](matrix-org#12932)) - Fix a long-standing bug where a URL preview would break if the image failed to download. ([\matrix-org#12950](matrix-org#12950)) Improved Documentation ---------------------- - Fix typographical errors in documentation. ([\matrix-org#12863](matrix-org#12863)) - Fix documentation incorrectly stating the `sendToDevice` endpoint can be directed at generic workers. Contributed by Nick @ Beeper. ([\matrix-org#12867](matrix-org#12867)) Deprecations and Removals ------------------------- - Remove support for the non-standard groups/communities feature from Synapse. ([\matrix-org#12553](matrix-org#12553), [\matrix-org#12558](matrix-org#12558), [\matrix-org#12563](matrix-org#12563), [\matrix-org#12895](matrix-org#12895), [\matrix-org#12897](matrix-org#12897), [\matrix-org#12899](matrix-org#12899), [\matrix-org#12900](matrix-org#12900), [\matrix-org#12936](matrix-org#12936), [\matrix-org#12966](matrix-org#12966)) - Remove contributed `kick_users.py` script. This is broken under Python 3, and is not added to the environment when `pip install`ing Synapse. ([\matrix-org#12908](matrix-org#12908)) - Remove `contrib/jitsimeetbridge`. This was an unused experiment that hasn't been meaningfully changed since 2014. ([\matrix-org#12909](matrix-org#12909)) - Remove unused `contrib/experiements/cursesio.py` script, which fails to run under Python 3. ([\matrix-org#12910](matrix-org#12910)) - Remove unused `contrib/experiements/test_messaging.py` script. This fails to run on Python 3. ([\matrix-org#12911](matrix-org#12911)) Internal Changes ---------------- - Test Synapse against Complement with workers. ([\matrix-org#12810](matrix-org#12810), [\matrix-org#12933](matrix-org#12933)) - Reduce the amount of state we pull from the DB. ([\matrix-org#12811](matrix-org#12811), [\matrix-org#12964](matrix-org#12964)) - Try other homeservers when re-syncing state for rooms with partial state. ([\matrix-org#12812](matrix-org#12812)) - Resume state re-syncing for rooms with partial state after a Synapse restart. ([\matrix-org#12813](matrix-org#12813)) - Remove Mutual Rooms' ([MSC2666](matrix-org/matrix-spec-proposals#2666)) endpoint dependency on the User Directory. ([\matrix-org#12836](matrix-org#12836)) - Experimental: expand `check_event_for_spam` with ability to return additional fields. This enables spam-checker implementations to experiment with mechanisms to give users more information about why they are blocked and whether any action is needed from them to be unblocked. ([\matrix-org#12846](matrix-org#12846)) - Remove `dont_notify` from the `.m.rule.room.server_acl` rule. ([\matrix-org#12849](matrix-org#12849)) - Remove the unstable `/hierarchy` endpoint from [MSC2946](matrix-org/matrix-spec-proposals#2946). ([\matrix-org#12851](matrix-org#12851)) - Pull out less state when handling gaps in room DAG. ([\matrix-org#12852](matrix-org#12852), [\matrix-org#12904](matrix-org#12904)) - Clean-up the push rules datastore. ([\matrix-org#12856](matrix-org#12856)) - Correct a type annotation in the URL preview source code. ([\matrix-org#12860](matrix-org#12860)) - Update `pyjwt` dependency to [2.4.0](https://github.com/jpadilla/pyjwt/releases/tag/2.4.0). ([\matrix-org#12865](matrix-org#12865)) - Enable the `/account/whoami` endpoint on synapse worker processes. Contributed by Nick @ Beeper. ([\matrix-org#12866](matrix-org#12866)) - Enable the `batch_send` endpoint on synapse worker processes. Contributed by Nick @ Beeper. ([\matrix-org#12868](matrix-org#12868)) - Don't generate empty AS transactions when the AS is flagged as down. Contributed by Nick @ Beeper. ([\matrix-org#12869](matrix-org#12869)) - Fix up the variable `state_store` naming. ([\matrix-org#12871](matrix-org#12871)) - Faster room joins: when querying the current state of the room, wait for state to be populated. ([\matrix-org#12872](matrix-org#12872)) - Avoid running queries which will never result in deletions. ([\matrix-org#12879](matrix-org#12879)) - Use constants for EDU types. ([\matrix-org#12884](matrix-org#12884)) - Reduce database load of `/sync` when presence is enabled. ([\matrix-org#12885](matrix-org#12885)) - Refactor `have_seen_events` to reduce memory consumed when processing federation traffic. ([\matrix-org#12886](matrix-org#12886)) - Refactor receipt linearization code. ([\matrix-org#12888](matrix-org#12888)) - Add type annotations to `synapse.logging.opentracing`. ([\matrix-org#12894](matrix-org#12894)) - Remove PyNaCl occurrences directly used in Synapse code. ([\matrix-org#12902](matrix-org#12902)) - Bump types-jsonschema from 4.4.1 to 4.4.6. ([\matrix-org#12912](matrix-org#12912)) - Rename storage classes. ([\matrix-org#12913](matrix-org#12913)) - Preparation for database schema simplifications: stop reading from `event_edges.room_id`. ([\matrix-org#12914](matrix-org#12914)) - Check if we are in a virtual environment before overriding the `PYTHONPATH` environment variable in the demo script. ([\matrix-org#12916](matrix-org#12916)) - Improve the logging when signature checks on events fail. ([\matrix-org#12925](matrix-org#12925)) # -----BEGIN PGP SIGNATURE----- # # iQFEBAABCgAuFiEEBTGR3/RnAzBGUif3pULk7RsPrAkFAmKoaa0QHGVyaWtAbWF0 # cml4Lm9yZwAKCRClQuTtGw+sCVn3B/sF8hdhrZ7hWW40ST3eG9cEKNFrj/xZXiaI # zho3ryrxaQF68BSKot15AvZSprEdwBXWrb8WeTjyw+QH7vTKrCQDZ0p7qubn10Z7 # BuKq9hyYjyCLjBZrgy8d4U3Y8gsSByuO59YKHNLn+UTJLOs5GTH8Wprwh4mpU3Jl # +o+cC+lMSVcyZij2hihFymcSxWq/I9WL0dsjRif8x0BUQwRXwmXc6+mhlgLBe2Zs # 2dUouzJ8NVZcjfWvsg4noXPrNQ/IiyCVZlSIgaDftDIxVSPk5/rXiUUNex8Tn1+I # TnOgnXhpOQD1vwVGYS8LrcfA0ubSili7xUJ8k2e5TkCjpkaVnYNu # =q+7N # -----END PGP SIGNATURE----- # gpg: Signature made Tue Jun 14 11:57:49 2022 BST # gpg: using RSA key 053191DFF4670330465227F7A542E4ED1B0FAC09 # gpg: issuer "erik@matrix.org" # gpg: WARNING: server 'dirmngr' is older than us (2.2.34 < 2.3.6) # gpg: Note: Outdated servers may lack important security fixes. # gpg: Note: Use the command "gpgconf --kill all" to restart them. # gpg: Can't check signature: No public key # Conflicts: # docs/workers.md # synapse/handlers/message.py # synapse/handlers/pagination.py # synapse/push/bulk_push_rule_evaluator.py # synapse/push/push_rule_evaluator.py # synapse/rest/client/receipts.py # synapse/storage/databases/main/appservice.py # tests/push/test_push_rule_evaluator.py
Upstream NEWS, less bugfixes and minor improvements: Synapse 1.61.0 (2022-06-14) =========================== This release removes support for the non-standard feature known both as 'groups' and as 'communities', which have been superseded by *Spaces*. Synapse 1.61.0rc1 (2022-06-07) ============================== Features -------- - Add new `media_retention` options to the homeserver config for routinely cleaning up non-recently accessed media. ([\#12732](matrix-org/synapse#12732), [\#12972](matrix-org/synapse#12972), [\#12977](matrix-org/synapse#12977)) - Experimental support for [MSC3772](matrix-org/matrix-spec-proposals#3772): Push rule for mutually related events. ([\#12740](matrix-org/synapse#12740), [\#12859](matrix-org/synapse#12859)) - Update to the `check_event_for_spam` module callback: Deprecate the current callback signature, replace it with a new signature that is both less ambiguous (replacing booleans with explicit allow/block) and more powerful (ability to return explicit error codes). ([\#12808](matrix-org/synapse#12808)) - Add storage and module API methods to get monthly active users (and their corresponding appservices) within an optionally specified time range. ([\#12838](matrix-org/synapse#12838), [\#12917](matrix-org/synapse#12917)) - Support the new error code `ORG.MATRIX.MSC3823.USER_ACCOUNT_SUSPENDED` from [MSC3823](matrix-org/matrix-spec-proposals#3823). ([\#12845](matrix-org/synapse#12845), [\#12923](matrix-org/synapse#12923)) - Add a configurable background job to delete stale devices. ([\#12855](matrix-org/synapse#12855)) - Allow updating a user's password using the admin API without logging out their devices. Contributed by @jcgruenhage. ([\#12952](matrix-org/synapse#12952)) Deprecations and Removals ------------------------- - Remove support for the non-standard groups/communities feature from Synapse. ([\#12553](matrix-org/synapse#12553), [\#12558](matrix-org/synapse#12558), [\#12563](matrix-org/synapse#12563), [\#12895](matrix-org/synapse#12895), [\#12897](matrix-org/synapse#12897), [\#12899](matrix-org/synapse#12899), [\#12900](matrix-org/synapse#12900), [\#12936](matrix-org/synapse#12936), [\#12966](matrix-org/synapse#12966)) - Remove contributed `kick_users.py` script. This is broken under Python 3, and is not added to the environment when `pip install`ing Synapse. ([\#12908](matrix-org/synapse#12908)) Synapse 1.60.0 (2022-05-31) =========================== This release of Synapse adds a unique index to the `state_group_edges` table, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. Additionally, the signature of the `check_event_for_spam` module callback has changed. The previous signature has been deprecated and remains working for now. Module authors should update their modules to use the new signature where possible. Synapse 1.60.0rc2 (2022-05-27) ============================== Features -------- - Add an option allowing users to use their password to reauthenticate for privileged actions even though password login is disabled. ([\#12883](matrix-org/synapse#12883)) Synapse 1.60.0rc1 (2022-05-24) ============================== Features -------- - Measure the time taken in spam-checking callbacks and expose those measurements as metrics. ([\#12513](matrix-org/synapse#12513)) - Add a `default_power_level_content_override` config option to set default room power levels per room preset. ([\#12618](matrix-org/synapse#12618)) - Add support for [MSC3787: Allowing knocks to restricted rooms](matrix-org/matrix-spec-proposals#3787). ([\#12623](matrix-org/synapse#12623)) - Send `USER_IP` commands on a different Redis channel, in order to reduce traffic to workers that do not process these commands. ([\#12672](matrix-org/synapse#12672), [\#12809](matrix-org/synapse#12809)) - Synapse will now reload [cache config](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#caching) when it receives a [SIGHUP](https://en.wikipedia.org/wiki/SIGHUP) signal. ([\#12673](matrix-org/synapse#12673)) - Add a config options to allow for auto-tuning of caches. ([\#12701](matrix-org/synapse#12701)) - Update [MSC2716](matrix-org/matrix-spec-proposals#2716) implementation to process marker events from the current state to avoid markers being lost in timeline gaps for federated servers which would cause the imported history to be undiscovered. ([\#12718](matrix-org/synapse#12718)) - Add a `drop_federated_event` callback to `SpamChecker` to disregard inbound federated events before they take up much processing power, in an emergency. ([\#12744](matrix-org/synapse#12744)) - Implement [MSC3818: Copy room type on upgrade](matrix-org/matrix-spec-proposals#3818). ([\#12786](matrix-org/synapse#12786), [\#12792](matrix-org/synapse#12792)) - Update to the `check_event_for_spam` module callback. Deprecate the current callback signature, replace it with a new signature that is both less ambiguous (replacing booleans with explicit allow/block) and more powerful (ability to return explicit error codes). ([\#12808](matrix-org/synapse#12808)) Deprecations and Removals ------------------------- - Require a body in POST requests to `/rooms/{roomId}/receipt/{receiptType}/{eventId}`, as required by the [Matrix specification](https://spec.matrix.org/v1.2/client-server-api/#post_matrixclientv3roomsroomidreceiptreceipttypeeventid). This breaks compatibility with Element Android 1.2.0 and earlier: users of those clients will be unable to send read receipts. ([\#12709](matrix-org/synapse#12709)) Synapse 1.59.1 (2022-05-18) =========================== This release fixes a long-standing issue which could prevent Synapse's user directory for updating properly. Synapse 1.59.0 (2022-05-17) =========================== Synapse 1.59 makes several changes that server administrators should be aware of: - Device name lookup over federation is now disabled by default. ([\#12616](matrix-org/synapse#12616)) - The `synapse.app.appservice` and `synapse.app.user_dir` worker application types are now deprecated. ([\#12452](matrix-org/synapse#12452), [\#12654](matrix-org/synapse#12654)) Additionally, this release removes the non-standard `m.login.jwt` login type from Synapse. It can be replaced with `org.matrix.login.jwt` for identical behaviour. This is only used if `jwt_config.enabled` is set to `true` in the configuration. ([\#12597](matrix-org/synapse#12597)) Synapse 1.59.0rc2 (2022-05-16) ============================== Synapse 1.59.0rc1 (2022-05-10) ============================== Features -------- - Support [MSC3266](matrix-org/matrix-spec-proposals#3266) room summaries over federation. ([\#11507](matrix-org/synapse#11507)) - Implement [changes](matrix-org/matrix-spec-proposals@4a77139) to [MSC2285 (hidden read receipts)](matrix-org/matrix-spec-proposals#2285). Contributed by @SimonBrandner. ([\#12168](matrix-org/synapse#12168), [\#12635](matrix-org/synapse#12635), [\#12636](matrix-org/synapse#12636), [\#12670](matrix-org/synapse#12670)) - Extend the [module API](https://github.com/matrix-org/synapse/blob/release-v1.59/synapse/module_api/__init__.py) to allow modules to change actions for existing push rules of local users. ([\#12406](matrix-org/synapse#12406)) - Add the `notify_appservices_from_worker` configuration option (superseding `notify_appservices`) to allow a generic worker to be designated as the worker to send traffic to Application Services. ([\#12452](matrix-org/synapse#12452)) - Add the `update_user_directory_from_worker` configuration option (superseding `update_user_directory`) to allow a generic worker to be designated as the worker to update the user directory. ([\#12654](matrix-org/synapse#12654)) - Add new `enable_registration_token_3pid_bypass` configuration option to allow registrations via token as an alternative to verifying a 3pid. ([\#12526](matrix-org/synapse#12526)) - Implement [MSC3786](matrix-org/matrix-spec-proposals#3786): Add a default push rule to ignore `m.room.server_acl` events. ([\#12601](matrix-org/synapse#12601)) - Add new `mau_appservice_trial_days` configuration option to specify a different trial period for users registered via an appservice. ([\#12619](matrix-org/synapse#12619)) Deprecations and Removals ------------------------- - Remove unstable identifiers from [MSC3069](matrix-org/matrix-spec-proposals#3069). ([\#12596](matrix-org/synapse#12596)) - Remove the unspecified `m.login.jwt` login type and the unstable `uk.half-shot.msc2778.login.application_service` from [MSC2778](matrix-org/matrix-spec-proposals#2778). ([\#12597](matrix-org/synapse#12597)) - Synapse now requires at least Python 3.7.1 (up from 3.7.0), for compatibility with the latest Twisted trunk. ([\#12613](matrix-org/synapse#12613))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only typos
@Yoric I am assuming you're not in a position to continue working on this, so am looking to modernize it for today's MSC requirements. Implementation is expected to take place soon, possibly part of Matrix 1.11's release cycle. Disclosure: this is being done with my Element T&S hat in service of the Foundation, like #3939 (comment) |
Co-authored-by: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com>
* Add list of permitted/forbidden actions * Remove `href` from error code - this will be handled in a later MSC * Match modern template
I've updated this to match a modern template, and removed I've also added a set of permitted/forbidden actions a user can take while suspended. This is based upon the T&S team's current research in the area as it applies to regulatory/legislation compliance. |
|
||
See security considerations. | ||
* Log in/create additional sessions (which should also behave as suspended). | ||
* See and receive messages, particularly via `/sync` and `/messages`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesnt this go against the original proposal? Why should a suspended account still be allowed to read messages (Apart from possibly admin DMs)? If the user can still read all messages it feels like the suspension isnt really useful.
Imho the suspension would be applied in 2 major cases:
- Spamming from an account
- People using accounts as not allowed by COC crawlers.
However case 2 is not a thing you can do with this. Though maybe there is a reasoning behind this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a few reasons why a suspended user would need access to messages (not exhaustive):
- To access admin messages about the suspension (this bit needs more work/the future MSC referenced in the updates)
- To appeal their suspension, if erroneous
- To exercise their GDPR (or equivalent) rights (including export)
- To take actions to restore their account to good standing (e.g. redacting messages that broke the code of conduct or terms of service of their homeserver)
For situations where preventing the user from reading messages makes sense, account locking via MSC3939 could be one way of approaching it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(what Jim said 😇)
This may need bringing into the MSC itself, but for now leaving this open for reader context.
* Log out/delete any device of theirs, including the current session. | ||
* Deactivate their account, potentially with a deliberate time delay to discourage making a new | ||
account right away. | ||
* Change or add [admin contacts](https://spec.matrix.org/v1.10/client-server-api/#adding-account-administrative-contact-information), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if its a good idea to allow a suspended user to change their contact information in a suspended state. It may be used to hide the problematic information. We currently have no auditing system in matrix to see these changes so imho I am in favor of freezing the account more rather than less.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure it'd be appropriate to have such an auditing system built into the protocol, but we can rely on implementation details here. Possibly we should clarify that only servers which support contact change history should allow this action.
and write associated [cross-signing data](https://spec.matrix.org/v1.10/client-server-api/#cross-signing). | ||
* [Populate their key backup](https://spec.matrix.org/v1.10/client-server-api/#server-side-key-backups). | ||
* Leave rooms & reject invites. | ||
* Redact events. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be limited to redacting only their own events and expressively NOT continuing to act on their moderator/admin role, potentially acting disruptive by redacting other's events?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh good call, yes, definitely.
Unlike [account locking](https://github.com/matrix-org/matrix-spec-proposals/pull/3939), suspension | ||
allows the user to have a (largely) readonly view of their account. Homeserver administrators and | ||
moderators may use this functionality to temporarily deactivate an account, or place conditions on | ||
the account's experience. Critically, like locking, account suspension is reversible, unlike the | ||
deactivation mechanism currently available in Matrix - a destructive, irreversible, action. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I discussed this with @turt2live in #matrix-spec, but this paragraph made me think this is an alternative to MSC3939, but is meant to complement it so that you end up with a kind of flow between them:
Active -> Suspended -> Locked --> Deactive
It is a bit unclear to me if "Suspended" is meant to be closed to deactivated than locked or not though?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see them as parallels, used in different situations. Locking has narrower applications (one example would be for account compromise scenarios, where the homeserver security team locks access to the user's account, to prevent further intrusion and to enable out-of-band recovery). Suspension is the more broadly useful state, where the user account is restricted, but with access preserved.
For most servers, I'd expect a flow of active -> suspended -> deactivated
to be the standard flow for dealing with accounts that violate the terms of service. Locking would rarely feature, but would be available as a more restrictive option where appropriate.
We should clarify that this complements MSC3939, rather than competing with it!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for providing more context, sounds like it is something like this flowchart:
flowchart
Active --> Suspended --> Deactivated
Active --> Locked --> Active
Suspended --> Active
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep. There's definitely cases where it would be useful to go from Locked -> Deactivated or from Suspended -> Locked, but the flowchart captures most of the uses.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The example I was largely thinking of is Active -> Suspended due to suspicious activity (volumetric spam, etc), then Suspended -> Locked if the user/client keeps trying anyways. This would largely only apply if the server had material load on it caused by the suspended account, and the operations team didn't want to fully deactivate the account in response.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implementation requirements:
Synapse 1.107.0 (2024-05-14) ============================ No significant changes since 1.107.0rc1. - Add preliminary support for [MSC3823: Account Suspension](matrix-org/matrix-spec-proposals#3823). ([\#17051](element-hq/synapse#17051)) - Declare support for [Matrix v1.10](https://matrix.org/blog/2024/03/22/matrix-v1.10-release/). Contributed by @clokep. ([\#17082](element-hq/synapse#17082)) - Add support for [MSC4115: membership metadata on events](matrix-org/matrix-spec-proposals#4115). ([\#17104](element-hq/synapse#17104), [\#17137](element-hq/synapse#17137)) - Fixed search feature of Element Android on homesevers using SQLite by returning search terms as search highlights. ([\#17000](element-hq/synapse#17000)) - Fixes a bug introduced in v1.52.0 where the `destination` query parameter for the [Destination Rooms Admin API](https://element-hq.github.io/synapse/v1.105/usage/administration/admin_api/federation.html#destination-rooms) failed to actually filter returned rooms. ([\#17077](element-hq/synapse#17077)) - For MSC3266 room summaries, support queries at the recommended endpoint of `/_matrix/client/unstable/im.nheko.summary/summary/{roomIdOrAlias}`. The existing endpoint of `/_matrix/client/unstable/im.nheko.summary/rooms/{roomIdOrAlias}/summary` is deprecated. ([\#17078](element-hq/synapse#17078)) - Apply user email & picture during OIDC registration if present & selected. ([\#17120](element-hq/synapse#17120)) - Improve error message for cross signing reset with [MSC3861](matrix-org/matrix-spec-proposals#3861) enabled. ([\#17121](element-hq/synapse#17121)) - Fix a bug which meant that to-device messages received over federation could be dropped when the server was under load or networking problems caused problems between Synapse processes or the database. ([\#17127](element-hq/synapse#17127)) - Fix bug where `StreamChangeCache` would not respect configured cache factors. ([\#17152](element-hq/synapse#17152)) - Correct licensing metadata on Docker image. ([\#17141](element-hq/synapse#17141)) - Update the `event_cache_size` and `global_factor` configuration options' documentation. ([\#17071](element-hq/synapse#17071)) - Remove broken sphinx docs. ([\#17073](element-hq/synapse#17073), [\#17148](element-hq/synapse#17148)) - Add RuntimeDirectory to example matrix-synapse.service systemd unit. ([\#17084](element-hq/synapse#17084)) - Fix various small typos throughout the docs. ([\#17114](element-hq/synapse#17114)) - Update enable_notifs configuration documentation. ([\#17116](element-hq/synapse#17116)) - Update the Upgrade Notes with the latest minimum supported Rust version of 1.66.0. Contributed by @jahway603. ([\#17140](element-hq/synapse#17140)) - Enable [MSC3266](matrix-org/matrix-spec-proposals#3266) by default in the Synapse Complement image. ([\#17105](element-hq/synapse#17105)) - Add optimisation to `StreamChangeCache.get_entities_changed(..)`. ([\#17130](element-hq/synapse#17130)) * Bump furo from 2024.1.29 to 2024.4.27. ([\#17133](element-hq/synapse#17133)) * Bump idna from 3.6 to 3.7. ([\#17136](element-hq/synapse#17136)) * Bump jsonschema from 4.21.1 to 4.22.0. ([\#17157](element-hq/synapse#17157)) * Bump lxml from 5.1.0 to 5.2.1. ([\#17158](element-hq/synapse#17158)) * Bump phonenumbers from 8.13.29 to 8.13.35. ([\#17106](element-hq/synapse#17106)) - Bump pillow from 10.2.0 to 10.3.0. ([\#17146](element-hq/synapse#17146)) * Bump pydantic from 2.6.4 to 2.7.0. ([\#17107](element-hq/synapse#17107)) * Bump pydantic from 2.7.0 to 2.7.1. ([\#17160](element-hq/synapse#17160)) * Bump pyicu from 2.12 to 2.13. ([\#17109](element-hq/synapse#17109)) * Bump serde from 1.0.197 to 1.0.198. ([\#17111](element-hq/synapse#17111)) * Bump serde from 1.0.198 to 1.0.199. ([\#17132](element-hq/synapse#17132)) * Bump serde from 1.0.199 to 1.0.200. ([\#17161](element-hq/synapse#17161)) * Bump serde_json from 1.0.115 to 1.0.116. ([\#17112](element-hq/synapse#17112)) - Update `tornado` Python dependency from 6.2 to 6.4. ([\#17131](element-hq/synapse#17131)) * Bump twisted from 23.10.0 to 24.3.0. ([\#17135](element-hq/synapse#17135)) * Bump types-bleach from 6.1.0.1 to 6.1.0.20240331. ([\#17110](element-hq/synapse#17110)) * Bump types-pillow from 10.2.0.20240415 to 10.2.0.20240423. ([\#17159](element-hq/synapse#17159)) * Bump types-setuptools from 69.0.0.20240125 to 69.5.0.20240423. ([\#17134](element-hq/synapse#17134))
Rendered