Hi all,
Back in June we wrote about our plans to tighten up data privacy in Matrix after some areas for improvement were brought to our attention. To quickly recap: the primary concern was that the default config for Riot specifies identity servers and integration managers run by New Vector (the company which the original Matrix team set up to build Riot and fund Matrix dev) - and so folks using a standalone homeserver may end up using external services without realising it. There were some other legitimate issues raised too (e.g. contact information should be obfuscated when checking if your contacts are on Matrix; Riot defaulted to using Google for STUN (firewall detection) if no TURN server had been set up on their server; Synapse defaults to using matrix.org as a key notary server).
We’ve been working away at this fairly solidly over the last few months. Some of the simpler items shipped quickly (e.g. Riot/Web had a stupid bug where it kept incorrectly loading the integration manager; Riot/Android wasn’t clear enough about when contact discovery was happening; Riot/Web wasn’t clear enough about the fact device names are publicly visible; etc) - but other bits have turned out to be incredibly time-consuming to get right.
However, we’re in the process today of releasing Synapse 1.4.0 and Riot/Web 1.4.0 (it’s coincidence the version numbers have lined up!) which resolve the majority of the remaining issues. The main changes are as follows:
-
Riot no longer automatically uses identity servers by default. Identity servers are only useful when inviting users by email address, or when discovering whether your contacts are on Matrix. Therefore, we now wait until the user tries to perform one of these operations before explaining that they need an identity server to do so, and we prompt them to select one if they want to proceed. This makes it abundantly clear that the user is connecting to an independent service, and why.
-
Integration Managers and identity servers now have the ability to force users to accept terms of use before using them. This means they can explicitly spell out the data privacy & usage policy of the server as required by GDPR, and it should now be impossible for a user to use these services without realising it. This was particularly fun in the case of identity servers, which previously had no concept of users and so couldn’t track whether users had agreed to their terms & conditions or not… and because homeservers sometimes talk to the identity server on behalf of users rather than the user talking direct, the privacy policy flow gets even hairier. But it’s solved now, and a nice side-effect of this is that users can now explicitly select their Integration Manager in Riot, in case they want to use Dimension or similar rather than the default provided by Modular.
-
Synapse no longer uses identity servers for verifying registrations or verifying password reset. Originally, Synapse made use of the fact that the Identity Service contains email/msisdn verification logic to handle identity verification in general on behalf of the homeserver. However, in retrospect this was a mistake: why should the entity running your identity server have the right to verify password resets or registration details on your homeserver? So, we have moved this logic into Synapse. This means Synapse 1.4.0 requires new configuration for email/msisdn verification to work - please see the upgrade notes for full details.
-
Sydent now supports discovering contacts based on hashed identifiers. MSC2134 specifies entirely new IS APIs for discovering contacts using a hash of their identifier rather than directly exposing the raw identifiers being searched for. This is implemented in Riot/iOS and Riot/Android and should be in the next major release; Riot/Web 1.4.0 has it already.
-
Synapse now warns in its logs if you are using matrix.org as a default trusted key server, in case you wish to use a different server to help discover other servers’ keys.
-
Synapse now garbage collects redacted messages after N days (7 days by default). (It doesn’t yet garbage collect attachments referenced from redacted messages; we’re still working on that).
-
Synapse now deletes account access data (IP addresses and User Agent) after N days (28 days by default) of a device being deleted.
-
Riot warns before falling back to using STUN (and defaults to turn.matrix.org rather than stun.google.com) for firewall discovery (STUN) when placing VoIP calls, and makes it clear that this is an emergency fallback for misconfigured servers which are missing TURN support. (We originally deleted the fallback entirely, but this broke things for too many people, so we’ve kept it but warn instead).
All of this is implemented in Riot/Web 1.4.0 and Synapse 1.4.0. Riot/Web 1.4.0 shipped today (Fri Sept 27th) and we have a release candidate for Synapse 1.4 (1.4.0rc1) today which fully ship on Monday.
For full details please go check out the Riot 1.4.0 and Synapse 1.4.0 blog posts.
Riot/Mobile is following fast behind - most of the above has been implemented and everything should land in the next release. RiotX/Android doesn’t really have any changes to make given it hadn’t yet implemented Identity Service or Integration Manager APIs.
This has involved a surprisingly large amount of spec work; no fewer than 9 new Matrix Spec Changes (MSC) have been required as part of the project. In particular, this results in a massive update to the Identity Service API, which will be released very shortly with the new MSCs. You can see the upcoming changes on the unstable branch and compare with the previous 0.2.1 stable release, as well as checking the detailed MSCs as follows:
- MSC1961: Integration manager authentication APIs
- MSC2078: Sending Third-Party Request Tokens via the Homeserver
- MSC2134: Identity Hash Lookups
- MSC2140: Terms of Service for ISes and IMs
- MSC2229: Allowing 3PID Owners to Rebind
- MSC2230: Store Identity Server in Account Data
- MSC2263: Give homeservers the ability to handle their own 3PID registrations/password resets
- MSC2264: Add an unstable feature flag to MSC2140 for clients to detect support
- MSC2290: Separate Endpoints for Threepid Binding
This said, there is still some work remaining for us to do here. The main things which haven’t made it into this release are:
- Preferring to get server keys from the source server rather than the notary server by default (https://github.com/matrix-org/synapse/pull/6110). This almost made it in, but we need to test it more first - until then, your specified notary server will see roughly what servers your servers are trying to talk to. In future this will be mitigated properly by MSC1228 (removing mxids from events).
- Configurable data retention periods for rooms. We are tantalisingly close with this - https://github.com/matrix-org/synapse/pull/5815 is an implementation that the French Govt deployment is using; we need to port it into mainline Synapse.
- Authenticating access to the media repository - for now, we still rely on media IDs being almost impossible to guess to protect the data rather than authenticating the user.
- Deleting items from the media repository - we still need to hook up deletion APIs.
- Garbage collecting forgotten rooms. If everyone leaves & forgets a room, we should delete it from the DB.
- Communicating erasure requests over federation
We’ll continue to work on these as part of our ongoing maintenance backlog.
Separately to the data privacy concerns, we’ve had a separate wave of feedback regarding how we handle GDPR Data Subject Access Requests (DSARs). Particularly: whether DSAR responses should contain solely the info your have directly keyed by the requesting Matrix ID - or if we should provide all the data “visible” to that ID (i.e. the history of the conversations they’ve been part of). We went and got professional legal advice on this one, and the conclusion is that we should keep our responses to DSARs as tightly scoped as possible. We updated Matrix.org’s privacy policy and DSAR tools to reflect the new legal input.
Finally, it’s really worth calling out the amount of effort that went into this project. Huge huge thanks to everyone involved (given it’s cut across pretty much every project & subteam we have working on the core of Matrix) who have soldiered through the backlog. We’ve been tracking progress using our feature-dashboard tool which summarises Github issues based on labels & issue lifecycle, and for better or worse it’s ended up being the biggest project board we’ve ever had. You can see the live data here (warning, it takes tens of seconds to spider Github to gather the data) - or, for posterity and ease of reference, I’ve included the current issue list below. The issues which are completed have “done” after them; the ones still in progress say “in progress”, and ones which haven’t started yet have nothing. We split the project into 3 phases - phases 1 and 2 represent the items needed to fully solve the privacy concerns, phase 3 is right now a mix of "nice to have" polish and some more speculative items. At this point we’ve effectively finished phase 1 on Synapse & Riot/Web, and Riot/Mobile is following close behind. We're continuing to work on phase 2, and we’ll work through phase 3 (where appropriate) as part of our general maintenance backlog.
I hope this gives suitable visibility on how we’re considering privacy; after all, Matrix is useless as an open communication protocol if the openness comes at the expense of user privacy. We’ll give another update once the remaining straggling issues are closed out; and meanwhile, now the bulk of the privacy work is out of the way on Riot/Web, we can finally get back to implementing the UI E2E cross-signing verification and improving first time user experience.
Thanks for your patience and understanding while we’ve sorted this stuff out; and thanks once again for flying Matrix :)
In the absence of comments on the current blog, please feel free to discuss over at HN, or alternatively come ask stuff in our AMA over at /r/privacy (starting ~5pm GMT+1 (UK) on Friday Sept 27th).
🔗The Privacy Project Dashboard Of Doom
- phase:1
- vector-im/riot-web
- 5846 Riot duplicates calls to Scalar (done)
- 5921 Ability to disable all identity server functionality via the config file (done)
- 6802 riot shouldn't try to load integrations from an integration manager unless the user has accepted that manager's privacy policies (done)
- 10088 Prompt to accept integration manager polices on use (done)
- 10090 Make sure there are no ugly edge cases running Riot without an integrations manager (done)
- 10091 Decouple setting an email for password reset from publishing your threepid to the identity server and support choice of identity server (on registration) (done)
- 10092 Prompt to accept Identity Server policies on registration (done)
- 10093 Prompt to accept identity server policies before inviting them to a room (done)
- 10094 Store identity server in Account Data and support choosing identity server integration in User Settings (done)
- 10159 Enable toggling a threepid's association with the current IS in User Settings (done)
- 10173 VoIP: Stop falling back to Google for STUN (done)
- 10216 We should make it clear in the UI that device names are publicly readable (done)
- 10386 Terms modal prompt should appear without a flash of the integration manager portal first (done)
- 10408 Identity server v2 API authentication (done)
- 10423 Deploy a develop environment for t's and c's flows for IM and IS (done)
- 10424 Remove the bind true flag from 3PID calls on registration (done)
- 10425 Ability to disconnect from the identity server by pressing buttons in user settings. (done)
- 10452 Test IS v2 access tokens for validity (done)
- 10497 Integration manager terms hides terms that need signing (done)
- 10510 Remove the bind true flag from 3PID adds in settings (done)
- 10519 Update discovery and account 3PID sections when either changes (done)
- 10522 Handle terms agreement in the Discovery section of settings (done)
- 10525 IS interactions proxied through the HS also need terms agreement (done)
- 10528 don't try & show threepids in discovery section if we don't have an ID server (done)
- 10539 Inline terms agreement on change IS and IM (done)
- 10540 When using Riot without an IS, identity requests are sent to server hosting Riot (done)
- 10546 Prompt for fallback VOIP should only happen when the user tries to make a call (done)
- 10550 warn when disconnecting ID server if there are any current bindings (done)
- 10552 Allow email registration, password reset & adding 3pids when no IS (done)
- 10553 Remove the ability to set an IS at login/registration (done)
- 10556 Use the hashed v2 lookup API for 3PIDs (done)
- 10561 Scalar should serve a .well-known file (done)
- 10566 Use nicer APIs for toggling a 3PID's shared status (done)
- 10571 Allow email registration when no IS (done)
- 10572 Allow password reset when no IS (done)
- 10573 Allow adding 3pids when no IS (done)
- 10574 Placeholder issue for MSCs that should land prior to the privacy release (done)
- 10593 Placeholder issue for privacy migration path (done)
- 10597 Ensure IS in account data is read / written as specced (done)
- 10599 Send IS for adding MSISDNs only when required by HS (done)
- 10603 Getting a terms prompt when inviting an email address clears the address picker (done)
- 10619 Handle the case of no IS in features that require IS to lookup (done)
- 10620 Change auth flows so that you default to no IS (done)
- 10634 Changing to vector.im IS in Settings fails because /terms 404s (done)
- 10635 Inline terms agreement in Discovery should still show change and do not use (done)
- 10636 The UX is a little confusing if you haven't accepted the terms of the default identity server. (done)
- 10637 Unable to add email address to HS account without IS set (done)
- 10660 Sydent implementation: Unauthed v1, clone all endpoints, auth v2 (done)
- 10666 In login/register, riot freezes if you go to Advanced, remove the IS url and click next (done)
- 10669 Checking email invite account is unclear when no IS set (done)
- 10674 Email help text on registration should be updated without binding (done)
- 10677 Change text about other users being able to invite you by email on registration page (done)
- 10744 Only set terms URLs in the account when they change (done)
- 10749 Changing from one IS to another does not trigger bound 3PID warning (done)
- 10750 Bound 3PIDs warning should better explain what's being left behind (done)
- 10754 Lowercase emails during IS lookup calls (done)
- 10755 Terms account data is meant to be additive, but currently sets only new URLs (done)
- 10756 After changing IS to termstest.matrix.org the text field isn't cleared and the button remains active (done)
- 10757 After changing IS back to vector.im the text field isn't cleared and the button remains active (done)
- 10758 Revoke may be too vague for unbinding a 3PID (done)
- 10779 When publishing a threepid to an IS, if you click 'continue' before clicking the link in your email, we delete your threepid from the HS. (done)
- 10800 Community invite should not talk about ISes at all. (done)
- 10823 IS with unagreed terms will block you from adding even unshared 3PIDs to your HS (done)
- 10839 Use the new backend APIs for adding-3pid-to-homeserver and binding-3pid-on-identity-server when they exist. (done)
- 10878 UX regression when trying to invite by email if no IS is configured (done)
- 10883 Riot should check for r0.6.0 server support alongside feature flags (done)
- 10923 Send validation tokens to submit_url from HS (done)
- 10933 Do not include ID server or access token when HS supports MSC2290 (done)
- 10939 Registration with MSISDN needs to use submit_url (done)
- 10941 threepid_creds for registration and password reset still include id_server (done)
- 10959 Remove id_server from email threepid_creds (done)
- 10604 QA: Re-test ALL of the identity server interactions (in progress)
- 10958 Terms of Service nitpicks (in progress)
- 10704 We treat an empty string identity server as not having one
- vector-im/riot-ios
- 2518 Make sure there are no ugly edge cases running Riot without an integrations manager (done)
- 2521 Privacy: Improve wording on contact upload UI (done)
- 2532 VoIP: Stop falling back to Google for STUN (done)
- 2600 Prompt to accept integration manager polices on use (done)
- 2601 Decouple setting an email for password reset from publishing your threepid to the identity server and support choice of identity server (on registration) (done)
- 2602 Prompt to accept identity server policies before inviting them to a room (done)
- 2603 Identity server v2 API authentication (done)
- 2606 Settings: Add a Discovery section (done)
- 2608 Registration: Update consents flow (done)
- 2643 Ability to disable all identity server functionality via the config file (done)
- 2646 VoIP: Fallback to matrix.org STUN server with a confirmation dialog (done)
- 2647 MXRestClient: Move IS API to its own (done)
- 2648 Remove the bind true flag from 3PID calls on registration (done)
- 2650 Remove the bind true flag from 3PID adds in settings (done)
- 2651 Store identity server in Account Data and support choosing identity server integration in User Settings (done)
- 2652 Use the hashed v2 lookup API for 3PIDs (done)
- 2653 Allow email registration, password reset & adding 3pids when no IS (done)
- 2654 Use nicer APIs for toggling a 3PID's shared status (done)
- 2657 Allow email registration when no IS (done)
- 2658 Allow password reset when no IS (done)
- 2659 Allow adding 3pids when no IS (done)
- 2660 Handle terms agreement in the Discovery section of settings (done)
- 2661 Remove the ability to set an IS at login/registration (done)
- 2662 We should make it clear in the UI that device names are publicly readable (done)
- 2664 Placeholder issue for privacy migration path (done)
- 2665 Ensure IS in account data is read / written as specced (done)
- 2672 Handle the case of no IS in features that require IS to lookup (done)
- 2675 Email help text on registration should be updated without binding (done)
- 2682 Send IS for adding MSISDNs only when required by HS (done)
- 2686 Use wellknown to discover the IS of a custom HS (done)
- 2696 Lowercase emails during IS lookup calls (done)
- 2704 Use
id_access_token
in CS API when required (done) - 2604 Settings: Ability to change the identity server (in progress)
- 2649 Ability to disconnect from the identity server by pressing buttons in user settings (in progress)
- 2713 Use the new backend APIs for adding-3pid-to-homeserver and binding-3pid-on-identity-server when they exist. (in progress)
- 2718 Riot should check for r0.6.0 server support alongside feature flags (in progress)
- 2683 Checking email invite account is unclear when no IS set
- 2731 Send validation tokens to submit_url from HS
- 2732 Do not include ID server or access token when HS supports MSC2290
- 2736 IS terms cannot be accepted anymore
- vector-im/riot-android
- 3223 VoIP: Stop falling back to Google for STUN (done)
- 3224 Make sure there are no ugly edge cases running Riot without an integrations manager (done)
- 3225 Prompt to accept integration manager polices on use (done)
- 3226 Decouple setting an email for password reset from publishing your threepid to the identity server and support choice of identity server (on registration) (done)
- 3227 Prompt to accept identity server policies before inviting them to a room (done)
- 3228 Identity server v2 API authentication (done)
- 3229 Settings: Ability to change the identity server (done)
- 3230 Settings: Add a Discovery section (done)
- 3231 Registration: Update consents flow (done)
- 3252 Remove the bind true flag from 3PID calls on registration (done)
- 3253 Ability to disconnect from the identity server by pressing buttons in user settings (done)
- 3254 Remove the bind true flag from 3PID adds in settings (done)
- 3256 Store identity server in Account Data and support choosing identity server integration in User Settings (done)
- 3257 Use the hashed v2 lookup API for 3PIDs (done)
- 3258 Allow email registration, password reset & adding 3pids when no IS (done)
- 3260 Allow email registration when no IS (done)
- 3261 Allow password reset when no IS (done)
- 3262 Allow adding 3pids when no IS (done)
- 3263 Handle terms agreement in the Discovery section of settings (done)
- 3264 Remove the ability to set an IS at login/registration (done)
- 3265 We should make it clear in the UI that device names are publicly readable (done)
- 3268 Placeholder issue for privacy migration path (done)
- 3269 Ensure IS in account data is read / written as specced (done)
- 3277 Handle the case of no IS in features that require IS to lookup (done)
- 3278 Email help text on registration should be updated without binding (done)
- 3281 Send IS for adding MSISDNs only when required by HS (done)
- 3283 Use wellknown to discover the IS of a custom HS (done)
- 3289 Lowercase emails during IS lookup calls (done)
- 3295 Use
id_access_token
in CS API when required (done) - 3300 Use the new backend APIs for adding-3pid-to-homeserver and binding-3pid-on-identity-server when they exist. (done)
- 3312 Riot should check for r0.6.0 server support alongside feature flags (done)
- 3316 Implement MSC2290 (done)
- 3324 id_server param sent when registering an email on server that does not requires one (done)
- 3326 Discovery Settings / infinite loading if terms not signed on existing IS (done)
- 3327 vector.im is seen as having no terms, but it does (done)
- 3251 VoIP: Fallback to matrix.org STUN server with a confirmation dialog (in progress)
- 3248 Ability to disable all identity server functionality via the config file
- 3318 Send validation tokens to submit_url from HS
- 3322 Do not include ID server or access token when HS supports MSC2290
- vector-im/riotX-android
- 490 Allow email registration, password reset & adding 3pids when no IS (done)
- 432 Prompt to accept integration manager polices on use (in progress)
- 431 Make sure there are no ugly edge cases running Riot without an integrations manager
- 433 Decouple setting an email for password reset from publishing your threepid to the identity server and support choice of identity server (on registration)
- 434 Prompt to accept identity server policies before inviting them to a room
- 435 Identity server v2 API authentication
- 436 Settings: Ability to change the identity server
- 438 Settings: Add a Discovery section
- 439 Registration: Update consents flow
- 489 Use the hashed v2 lookup API for 3PIDs
- matrix-org/matrix-doc
- 1961 MSC1961: Integration manager authentication APIs (done)
- 2078 MSC2078: Sending Third-Party Request Tokens via the Homeserver (done)
- 2130 Identity service should do lookups based on hashed 3PIDs, not plaintext ones. (done)
- 2134 MSC2134: Identity Hash Lookups (done)
- 2139 Method for ISes and Integration managers to provide terms of service (done)
- 2140 MSC2140: Terms of Service for ISes and IMs (done)
- 2229 MSC2229: Allowing 3PID Owners to Rebind (done)
- 2230 MSC2230: Store Identity Server in Account Data (done)
- 2263 MSC2263: Give homeservers the ability to handle their own 3PID registrations/password resets (done)
- 2264 MSC2264: Add an unstable feature flag to MSC2140 for clients to detect support (done)
- 2290 MSC2290: Separate Endpoints for Threepid Binding (in progress)
- matrix-org/sydent
- 178 Support for MSC2140 (done)
- 179 Support testing with matrix-is-tester (done)
- 180 Support for MSC2140 (done)
- 181 Deny bindings to anything other than the mxid you're authed as (done)
- 184 Hash 3PID lookups (done)
- 186 Don't fail the unbind request if the binding doesn't exist (done)
- 187 Add more tweaks to terms branch (done)
- 189 Redact looked-up threepids from the application logs. (done)
- 191 Add OpenID auth to 3PID hash lookup (done)
- 197 Have 'mappings' contain medium as well as address (done)
- 198 Throw exception on bad args & catch in wrapper (done)
- 199 Return algorithm, lookup_pepper in M_INVALID_PEPPER response (done)
- 200 Support MSC2140 register/terms endpoints (done)
- 201 Port v1 endpoints to v2 (done)
- 202 Deny bindings to anything other than the mxid you're authed as (done)
- 204 Fix the signing servlet (done)
- 205 Correct API v1 path check in get_args (done)
- 206 Fix terms POST (done)
- 207 Deploy policy file (done)
- 208 Remove PII logging from log-level INFO (done)
- 213 Delete threepid assocs on unbind and remove existing with migration (done)
- 217 Allow non-matrix.org MXIDs via v2 only once terms are enabled (done)
- 218 Unbind fails to remove the binding on matrix.org IS (done)
- 220 Unbind fails to work for bindings where it was attempted with #213 (done)
- 192 Sydent doesn't delete 3PIDs from DB on unbind (in progress)
- matrix-org/synapse
- 1287 We need to actually censor redactions from the DB (SYN-284) (done)
- 5751 Make homeservers able to handle registration-with-email without depending on an Identity Server (done)
- 5786 Support IS v2 API with authentication for requests proxied to the IS (done)
- 5827 Add 3PID unbind API for MSC2140 (done)
- 5835 [1/2] Allow homeservers to send registration emails | Sending the email (done)
- 5861 Use the v2 lookup API for 3PID invites (done)
- 5862 Allow account owners to rebind 3PIDs as in MSC2229 (done)
- 5868 Add flag in /versions for whether clients should send id_server params (done)
- 5874 Placeholder issue for privacy migration path (done)
- 5875 Remove trusted_third_party_id_servers functionality (done)
- 5876 Replace trust_identity_server_for_password_resets with account_threepid_delegate (done)
- 5892 Switch to using v2 Identity Service APIs other than lookup (MSC 2140) (done)
- 5897 Use the v2 lookup API for 3PID invites (done)
- 5927 Add a m.id_access_token flag to unstable_features (done)
- 5928 Split account_threepid_handler into a msisdn and email versions (done)
- 5929 Use account_threepid_delegate for sending SMS (done)
- 5930 Add m.id_access_token flag (done)
- 5934 Censor redactions in DB after a month (done)
- 5935 Use federation blacklist for requests to identity servers (done)
- 5937 Revert "Use the v2 lookup API for 3PID invites" (done)
- 5940 [2/2] Allow homeservers to send registration emails | Accepting the verification (done)
- 5945 Revert "Add m.id_access_token flag" (done)
- 5948 Support v2 Identity Server APIs (done)
- 5964 Remove bind_email and bind_msisdn (done)
- 5968 Set m.require_identity_server to always be False (done)
- 5969 Change account_threepid_delegate to a dictionary (done)
- 5972 Add m.require_identity_server to /versions unstable_flags (done)
- 5974 Add m.id_access_token to /versions unstable_features (MSC2264) (done)
- 5976 Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) (done)
- 5979 v2 3PID Invites (part of MSC2140) (done)
- 5980 Add POST /_matrix/client/r0/account/3pid/unbind (MSC2140) (done)
- 5987 Allow Synapse to send registration emails + choose Synapse or an external server to handle 3pid validation (done)
- 5996 Allow users to rebind 3pids they own (MSC2229) (done)
- 6000 Use the federation blacklist for requests to untrusted Identity Servers (done)
- 6011 Use account_threepid_delegate for 3pid validation (done)
- 6013 Fix existing v2 identity server calls (MSC2140) (done)
- 6042 Allow HS to send emails when adding an email to the HS (done)
- 6043 Implement MSC2290 (done)
- 6044 Add an unstable feature flag for separate add/bind 3pid APIs (done)
- 6062 Use unstable prefix for 3PID unbind API (done)
- 6067 Drop support for bind param on POST /account/3pid (MSC2290) (done)
- 6076 Synapse doesn't give clients a submit_url on requestToken breaking msisdn adding (done)
- 6078 Add POST submit_token endpoint for MSISDN (done)
- 6079 Add submit_url response parameter to msisdn /requestToken (done)
- 6087 Remove hardcoded defaults of matrix.org and vector.im in configuration (done)
- 6090 Explicitly log when a homeserver does not have a trusted key server configured (done)
- 6096 Riot Web expects the email validation next_link to have the sid appended (done)
- 6100 Remove email from registration flows if it’s unsupported (done)
- 6103 _check_threepid in auth.py incorrect for MSISDN (done)
- 6045 Support Client-Server API r0.6.0 (in progress)
- 1263 When we redact events, any mxc content they refer to should be redacted too (SYN-216)
- 4565 Metadata resistance.
- 6086 Fetch signing-keys directly from servers before falling back to the trusted_key_servers
- vector-im/riot-web
- phase:2
- vector-im/riot-web
- 4913 Option for homeservers to set a default integration manager (done)
- 10161 Store Integration Manager preferences in account data and allow user to change them somewhere sensible (done)
- 10967 Disconnect from identity server fails (done)
- 10443 Remove v1 IS API fallbacks once servers are updated
- 10557 Prompt users each time before sending data to an Identity Server that doesn't have a terms of service (unless you have actively set that IS in your account data).
- 10696 Allow users to disconnect from an integration manager entirely in the same way that we support doing this for identity servers
- 10909 Unable to disconnect from IS if the server is unavailable
- 10936 Refine submit_url handling to only activate with separate add and bind
- vector-im/riot-ios
- vector-im/riot-android
- matrix-org/matrix-doc
- matrix-org/sydent
- matrix-org/synapse
- vector-im/riot-web
- phase:3
- vector-im/riot-web
- 10563 Add better domain for turn.matrix.org use as STUN server (done)
- 10087 Prompt to accept integration manager policies on registration
- 10167 Present an aggregated terms of service dialogue at registration if possible
- 10168 If a user has disabled the identity server integration on their account, we should make invite user handle this nicely
- 10401 Invite new users to publish their threepids to the identity server
- 10422 Use more contextual prompt for integration manager polices on use
- 10453 Log out from IM on Riot log out and IM removal
- 10455 Log out from IS on Riot log out and IS removal
- 10487 Store the date of users having read and accepted the IM policies in the IM db
- 10488 Store the date of users having read and accepted the IS policies in the IS db
- 10498 Terms test scalar requires the legacy ?v query param on the new account route
- 10575 We should show the 'must configure TURN' warning when a call fails, even after using the fallback turn.matrix.org
- 10615 Change all IS access token APIs to use getIdentityAccessToken only
- 10671 riot submits sign-ed25519 requests as POST requests with params in query string and empty body
- 10746 /invite doesn't force terms with older homeservers
- 10830 Show IS policy links in user settings somewhere.
- 10950 Unhelpful 400 error when adding MSISDN and server doesn’t delegate
- vector-im/riot-ios
- matrix-org/matrix-doc
- matrix-org/synapse
- vector-im/riot-web
The Foundation needs you
The Matrix.org Foundation is a non-profit and only relies on donations to operate. Its core mission is to maintain the Matrix Specification, but it does much more than that.
It maintains the matrix.org homeserver and hosts several bridges for free. It fights for our collective rights to digital privacy and dignity.
Support us