Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit trail for device changes. #5145

Open
ara4n opened this issue May 6, 2019 · 1 comment

Comments

2 participants
@ara4n
Copy link
Member

commented May 6, 2019

We need an API which exposes what devices get created and removed on your account.

Synapse should also mail & push you when devices get created (i.e. people log in to your account), to track abuse.

Ideally this needs to somehow be resilient to a malicious homeserver admin (otherwise an admin might add malicious devices to your account and remove them again without you noticing). The way to do that is probably to expose device additions more clearly in the apps, rather than waiting to see a KS req from an unexpected device or similar.

@ara4n ara4n added the p1 label May 6, 2019

@turt2live

This comment has been minimized.

Copy link
Member

commented May 6, 2019

@neilisfragile neilisfragile added this to Holding Pen in Homeserver Task Board via automation May 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.