Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC3144: Allow Widgets By Default in Private Rooms #3144

Open
wants to merge 1 commit into
base: old_master
Choose a base branch
from

Conversation

dbkr
Copy link
Member

@dbkr dbkr commented Apr 23, 2021

@dbkr dbkr changed the title MSC for allowing anyone to create widgets in private rooms MSC3144: Allow Widgets By Default in Private Rooms Apr 23, 2021
@dbkr dbkr added client-server Client-Server API kind:core MSC which is critical to the protocol's success proposal-in-review proposal A matrix spec change proposal labels Apr 23, 2021
@dbkr dbkr marked this pull request as ready for review April 23, 2021 16:36
Comment on lines +13 to +15
It proposes to accomplish this by changing the `private_chat` preset on `createRoom` to send the
`m.room.power_levels` event with the `im.vector.modular.widgets` event at the `users_default` level
(ie. normally 0).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't reasonably specify that the spec include a vendor prefix in a preset, but there is nothing stopping a server from doing this. For the spec, this should be m.widget

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmm, true - what's the path to us changing this though? Is there any hope?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Widgets are in a complicated state, but the short answer is m.widget is accepted into the spec but needs to be properly incorporated. There are larger questions about the structure of widgets which are preventing that spec PR from being written, and why clients like Element haven't yet started transitioning - if we're changing how widgets fundamentally work, there's not much benefit to having a transitional period for a legacy identifier.


## Security considerations

None forseen other than those detailed in 'potential issues'.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Widgets are inherently insecure pieces of a room. In larger private rooms (say, community watercooler) it opens the door to a number of phishing or exfiltration attacks that can be performed by untrusted individuals (untrusted because they will not have been graced with higher power levels).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, private-but-untrusted rooms certainly exist (an all-company internal room, for example). Is this distinction important enough to make a separate managed_private_room preset? or putting this behaviour on a separate semi_trusted_private_chat (for want of a better name)? Or do we just let people start off with a private chat and tweak the settings appropriately?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More presets I think is probably our best answer, particularly with usecases like Spaces asking questions like "is this for your team?" - the intricacies of the answer to this question is already more complex than a simple private_room preset.

or tldr: a preset which distinguishes team-like rooms from not-team-like rooms would be the way forward, I think

1. Room admins might later change the room to be a public room without realising that anyone can
edit widgets, resulting in an insecure configuration.

## Alternatives
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could also decouple conference calling from widgets, though this is a much harder technical feat.

Copy link
Member Author

@dbkr dbkr Apr 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a possibility but allowing users to make widgets by default seems desirable too, in the sense that I asked Matthew and the convo went like this:

Dave: [...] it would have to apply for widgets too, which I assume would be ok
Matthew: yeah, very okay

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yea, that seems fair. Can some words about "or we decouple, but lolno because complexity" be added to the proposal? I don't think it needs to be overly detailed about what "decoupling" means, as that'd be a whole other proposal's problem.

@turt2live turt2live added voip widgets anything to do with widgets labels Apr 23, 2021
@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client-server Client-Server API kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal voip widgets anything to do with widgets
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants