Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC3174: An error code for spam rejections #3174

Open
wants to merge 3 commits into
base: old_master
Choose a base branch
from

Conversation

Yoric
Copy link

@Yoric Yoric commented May 4, 2021

@Yoric Yoric changed the title [MSC] An error code for spam rejections MSC3174: An error code for spam rejections May 4, 2021
Comment on lines +33 to +36
- `m.reject.spam` -- spam has been detected (e.g. message or username is spam);
- `m.reject.inappropriate` -- unacceptable content has been detected (e.g. a user attempting to register `@deathtojews:...`);
- `m.reject.investigation` -- account is suspected of being a spambot and is deactivated pending investigation;
- `m.reject.server` -- federation with this server has been deactivated (e.g. because server is used to send spam);
Copy link

@erkinalp erkinalp May 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `m.reject.spam` -- spam has been detected (e.g. message or username is spam);
- `m.reject.inappropriate` -- unacceptable content has been detected (e.g. a user attempting to register `@deathtojews:...`);
- `m.reject.investigation` -- account is suspected of being a spambot and is deactivated pending investigation;
- `m.reject.server` -- federation with this server has been deactivated (e.g. because server is used to send spam);
- `m.reject.spam` -- spam has been detected (e.g. message or username is spam);
- `m.reject.inappropriate` -- unacceptable content has been detected (e.g. a user attempting to register `@deathtojews:...`);
- `m.reject.investigation` -- account is suspected of illegal activity and is deactivated pending investigation;
- `m.reject.server` -- federation with this server has been deactivated (e.g. because server is used to send spam);
- `m.reject.ua` -- disallowed user agent or user agent family (including implicitly detected behavioral patterns)
If a server does not want to tell the user the reason, it should use `m.reject.ua` as the reason.

Signed-off by: Erkin Alp Güney erkinalp9035@gmail.com

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean bots that use specific useragents? That might be dangerous as plenty bots use default User-agents. especially the bad ones do. So I would think that it causes false positives.

Copy link

@erkinalp erkinalp May 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I would think that it causes false positives.

Indeed it can. But nowhere in the proposed change tells the user agent detection must, or even should, be based on the User-Agent strings alone. Instead, the kinds of user agents that act similarly to the suspected user agent may be rejected by this error code.

Meaning, habitual offender would get m.reject.spam, and accounts that act like them but not quite would get m.reject.ua instead.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a server doesn't want to tell the user the reason, it shouldn't include a kind field at all.

Copy link
Author

@Yoric Yoric May 5, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. The idea is that kind is optional, so as @tulir mentioned, if we don't want to tell the reason, just don't include a kind.
  2. For m.reject.investigation, it doesn't have to be illegal activity. The notion of "illegal" is very complicated in Matrix-land, as each country has different laws. This is about any activity that requires investigation, typically a user being suspected of being a member of a spambot family.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While I don't think that m.reject.ua would cause any issue, I don't see a good use case for it yet. Unless there's a clear and present use case, I would suggest postponing m.reject.ua to another MSC.

Copy link

@erkinalp erkinalp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a new error code, and fix the title

@anoadragon453 anoadragon453 added proposal A matrix spec change proposal proposal-in-review labels May 4, 2021
@turt2live turt2live added kind:maintenance MSC which clarifies/updates existing spec client-server Client-Server API labels May 4, 2021
Yoric and others added 2 commits May 5, 2021 09:24

### Proposal

1. Add a new error code `M_ANTISPAM_REJECTION`;

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seeing as rejections could happen for reasons other than spam (for instance, m.reject.server does not explicitly specify spam to be the reason, only a possible reason), perhaps this should just be more generic, like M_REJECTION?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea to call it M_ANTISPAM_REJECTION is due to the fact that the message is rejected by the antispam filter, even if it's not necessarily spam, but you're right, that's a fine nuance that doesn't bring anything to the table.

I'm ok with M_REJECTION.

Copy link

@erkinalp erkinalp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Required error kind for plausible deniability of rejection reasons

### Proposal

1. Add a new error code `M_ANTISPAM_REJECTION`;
2. Any `M_ANTISPAM_REJECTION` error MAY come with a field `kind`, which may contain any of the following values:
Copy link

@erkinalp erkinalp May 10, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. Any `M_ANTISPAM_REJECTION` error MAY come with a field `kind`, which may contain any of the following values:
2. Any `M_ANTISPAM_REJECTION` error MUST come with a field `kind`, which shall have a value of the string type,
with the recommended set with corresponding below:

Signed-off by: Erkin Alp Güney erkinalp9035@gmail.com

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does requiring kind give plausible deniability?

@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants