-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC3174: An error code for spam rejections #3174
base: old_master
Are you sure you want to change the base?
Conversation
- `m.reject.spam` -- spam has been detected (e.g. message or username is spam); | ||
- `m.reject.inappropriate` -- unacceptable content has been detected (e.g. a user attempting to register `@deathtojews:...`); | ||
- `m.reject.investigation` -- account is suspected of being a spambot and is deactivated pending investigation; | ||
- `m.reject.server` -- federation with this server has been deactivated (e.g. because server is used to send spam); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- `m.reject.spam` -- spam has been detected (e.g. message or username is spam); | |
- `m.reject.inappropriate` -- unacceptable content has been detected (e.g. a user attempting to register `@deathtojews:...`); | |
- `m.reject.investigation` -- account is suspected of being a spambot and is deactivated pending investigation; | |
- `m.reject.server` -- federation with this server has been deactivated (e.g. because server is used to send spam); | |
- `m.reject.spam` -- spam has been detected (e.g. message or username is spam); | |
- `m.reject.inappropriate` -- unacceptable content has been detected (e.g. a user attempting to register `@deathtojews:...`); | |
- `m.reject.investigation` -- account is suspected of illegal activity and is deactivated pending investigation; | |
- `m.reject.server` -- federation with this server has been deactivated (e.g. because server is used to send spam); | |
- `m.reject.ua` -- disallowed user agent or user agent family (including implicitly detected behavioral patterns) | |
If a server does not want to tell the user the reason, it should use `m.reject.ua` as the reason. |
Signed-off by: Erkin Alp Güney erkinalp9035@gmail.com
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean bots that use specific useragents? That might be dangerous as plenty bots use default User-agents. especially the bad ones do. So I would think that it causes false positives.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I would think that it causes false positives.
Indeed it can. But nowhere in the proposed change tells the user agent detection must, or even should, be based on the User-Agent
strings alone. Instead, the kinds of user agents that act similarly to the suspected user agent may be rejected by this error code.
Meaning, habitual offender would get m.reject.spam
, and accounts that act like them but not quite would get m.reject.ua
instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If a server doesn't want to tell the user the reason, it shouldn't include a kind
field at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- The idea is that
kind
is optional, so as @tulir mentioned, if we don't want to tell the reason, just don't include akind
. - For
m.reject.investigation
, it doesn't have to be illegal activity. The notion of "illegal" is very complicated in Matrix-land, as each country has different laws. This is about any activity that requires investigation, typically a user being suspected of being a member of a spambot family.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I don't think that m.reject.ua
would cause any issue, I don't see a good use case for it yet. Unless there's a clear and present use case, I would suggest postponing m.reject.ua
to another MSC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a new error code, and fix the title
Co-authored-by: Erkin Alp Güney <erkinalp9035@gmail.com>
|
||
### Proposal | ||
|
||
1. Add a new error code `M_ANTISPAM_REJECTION`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seeing as rejections could happen for reasons other than spam (for instance, m.reject.server
does not explicitly specify spam to be the reason, only a possible reason), perhaps this should just be more generic, like M_REJECTION
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea to call it M_ANTISPAM_REJECTION
is due to the fact that the message is rejected by the antispam filter, even if it's not necessarily spam, but you're right, that's a fine nuance that doesn't bring anything to the table.
I'm ok with M_REJECTION
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Required error kind
for plausible deniability of rejection reasons
### Proposal | ||
|
||
1. Add a new error code `M_ANTISPAM_REJECTION`; | ||
2. Any `M_ANTISPAM_REJECTION` error MAY come with a field `kind`, which may contain any of the following values: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. Any `M_ANTISPAM_REJECTION` error MAY come with a field `kind`, which may contain any of the following values: | |
2. Any `M_ANTISPAM_REJECTION` error MUST come with a field `kind`, which shall have a value of the string type, | |
with the recommended set with corresponding below: |
Signed-off by: Erkin Alp Güney erkinalp9035@gmail.com
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does requiring kind
give plausible deniability?
Rendered