Configuration for ticket channel names

[nitrofski]

Is your feature request related to a problem? Please elaborate.

Private channels in discord cannot be accessed, but can still be discovered by can be discovered using third-party clients. This allows anyone to view the names of the currently open tickets. Since the current ticket name is the mangled ID of the Discord user that opened the ticket, anyone can theoretically see who has opened a ticket. One of the main reason we use Modmail is to keep all information relating to ongoing issues private, having the user ID in the channel name is problematic.

Describe the solution you'd like

A configuration to change the channel naming strategy.

Optionally, changing the default channel naming to the more anonymous version so other servers are not surprised by the channel discoverability issue.

Does your solution involve any of the following?

• Logviewer
• New config option

Describe alternatives you've considered

Opening threads in a single channel instead of completely new channels — threads are short lived, so unless Modmail continuously refreshes it this would not be viable

Who will this benefit?

Everyone concerned about secrecy.

Additional Information

No response

[fourjr]

As mentioned in #2982, plugins can now extend Bot.format_channel_name(bot, author, exclude_channel=None, force_null=False).

In addition, a variety of config options have already been added regarding channel names such as use_timestamp_channel_name.

As such, custom channel names are now further out of the scope of Modmail and plugins should be the ones extending this functionality.

[ghost]

Would it be a good idea to have a configuration which allowed randomized names/numbers? While this would make it difficult for moderators to keep track of whose ticket is which it would help people who are concerned about privacy/secrecy

[fourjr]

17b2f89 adds a use_random_channel_name in v4-dev12.

The algorithm for this random channel name is as follows:

• Using a portion of the token and the user ID, an MD5 hash is created.
• The last 8 characters of this MD5 hash is used for the channel name.

This accomplishes the following objectives:

• A random channel name that is not immediately tied to anything.
• A form of familiarity for same users (identical hash for identical bot+user combination) to quickly notice spammers
• Non-reversible: Hashes are by nature, irreversible and anyone knowing simply the channel name is not able to obtain the bot token or the user ID. Furthermore, only a portion of the hash is displayed, making it literally impossible to reverse.
• Due to the hash incorporating the bot token, malicious actors without the token cannot bruteforce all possibilities to find out the recipient of a channel.