chat.privacytools.io / Riot tracking issue

[Mikaela]

chat.privacytools.io/selfhosted instance issues

Check boxes as they are fixed on PTIO

• Host Dimension instead of relying on vector.im
  • upstream issue letting clients know about it: integrations suggested by homeserver element-hq/element-web#6430
    • upstream spec and sdk change allowing this has been merged MSC1957: Integration manager discovery matrix-org/matrix-spec-proposals#1957 & Support homeserver-configured integration managers matrix-org/matrix-react-sdk#3340
• Host identity server OR set it to chat.privacytools.io (same as homeserver) so it won't work.
  • https://github.com/matrix-org/matrix-doc/blob/6e8739c989172c351a6ead66f073b413f6340326/api/client-server/login.yaml#L147-L148 ?
  • Update 10/7: I don't know if our fix actually works currently so I'm unchecking this box, see: https://github.com/privacytoolsIO/privacytools.io/issues/1049#issuecomment-539269846
• Host Jitsi Meet
  • upstream: Jitsi concerns element-hq/element-web#7711 WONTFIX Wishlist: self-hosted jitsi server element-hq/element-web#6930

Upstream privacy issues

• Upstream Privacy Tracker which seems to have different priorities and miss some issues below, notably Tor and actually removing removed messages from the database.

major

Privacy issues that I think prevent PTIO listing:

• matrix-org/matrix-doc#447 - history is stored forever, there is no way to limit how much or how long
  • Signal & Wire: messages aren't stored on server, clients have option how many old messages to keep + both also support disappearing/timed/exploding messages.
• When we redact events, any mxc content they refer to should be redacted too (SYN-216) matrix-org/synapse#1263 - uploaded media/files aren't removed when they are removed in Riot
• We need to actually censor redactions from the DB (SYN-284) matrix-org/synapse#1287 - actually removing removed messages from the database fixed
• Feature: Private Contact Discovery (discovery without servers learning your contacts list) element-hq/element-web#7649 / MSC2134: Identity Hash Lookups matrix-org/matrix-spec-proposals#2134 - private contact discovery
  I am not sure which topic to put this under, but Signal & Wire both have this.
• Please don't use CloudFlare. matrix-org/matrix.org#342 - Matrix.org uses Cloudflare (issue closed without disabling Cloudflare)
  • See also https://github.com/privacytoolsIO/privacytools.io/issues/374. I understand this to mean that Cloudflare can one way or another read all traffic going through Matrix.org including IRC users who have never even heard of Matrix if someone happens to use Matrix on the same IRC channel? Matrix.org is quite big compared to an individual Cloudflaring their IRC client, I have heard a number 1500 connections associated with a I-line request from third party bridge admin.
  • Wire and Signal [citation needed] apparently have support pages behind Cloudflare Please stop using CloudFlare wireapp/wire-webapp#5716.

major privacy issues also with selfhosting

I consider these as major due to Cloudflare as the traffic to integration manager and identity server would go through it and so would all messages assuming the user federated with Matrix.org. These may be irrelevant to user who is on Matrix.org.

• Store Integration Manager preferences in account data and allow user to change them somewhere sensible element-hq/element-web#10161 - Store Integration Manager preferences in account data and allow user to change them somewhere sensible
• Present an aggregated terms of service dialogue at registration if possible element-hq/element-web#10167 - Present an aggregated terms of service dialogue at registration if possible
• Prompt to accept integration manager policies on registration element-hq/element-web#10087 - Prompt to accept integration manager policies on registration
• Store identity server in Account Data and support choosing identity server integration in User Settings element-hq/element-web#10094 - Store identity server in Account Data and support choosing identity server integration in User Settings
• Login/register: allow to set home server and identity server urls element-hq/element-android#20 - Identity server is hardcoded in RiotX (Android client rewrite), the issue is closed and no one has commented on identity server since it was pointed out on 2019-07-09.

medium

I need a better word here, but these would be issues that also affect other recommended instant messengers and may not be a blocker.

• redacted matrix-org/synapse#4565 - metadata resistance
  • to-read for me, is this similar like Wire server knows connections between users, or is this a more serious one?*

nice to have

• Options to strip EXIF metadata from media uploads. element-hq/element-web#4426 - riot does not scrub exif data from upload
  • Discord apparently does, Signal and Wire do.
• Proxy support element-hq/riot-meta#287 - Proxy/Tor support meta issue
  • I cannot find option to enable Tor use either in Signal or Wire, Conversations would have it
  • https://github.com/vector-im/riot-web/issues/3320 - desktop
  • Support connecting via SOCKS proxy (Tor) element-hq/riot-android#1234 - Android
  • TOR needs to be integrated in IOS version because TOR is BROKEN with IOS element-hq/element-ios#1085 - iOS

unsorted / note

• [Request] Allow account deletion matrix-org/synapse#1941 - allow account deletion, not just deactivation
  • I am not sure where exactly to put this either.
• https://github.com/vector-im/riot-web/issues/7757 - Open source the integrations server WONTFIX
• https://github.com/vector-im/riot-web/issues/6739 - stickers aren't encrypted
• Less technical users may register on matrix.org unknowingly by default
  • Show users that they're logging into matrix.org on the default login screen element-hq/element-ios#2614
  • Show users that they're logging into matrix.org on the default login screen element-hq/element-android#450
  • Show users that they're logging into matrix.org on the default login screen element-hq/riot-android#3238

Research papers

• Notes on privacy and data collection of Matrix.org
• Notes on privacy and data collection of Matrix.org, Part 2

---

These issues are mostly took from privacytoolsIO/privacytools.io#840, if you are aware of reported issues that aren't listed here, please do comment them and someone from the team will edit this issue and add them.

I was personally missing a list of things that can be done today to avoid the privacy issues that Matrix/Riot currently has and this may be helpful while considering the delisting (#1047).

[Mikaela]

@lampholder Could you also comment on these issues?

(Good night, it's 02 AM for me)

[lampholder]

Sorry I missed this earlier - I will take a look and come back with responses as soon as I can.

[lampholder]

Hi @Mikaela,

Sorry I'm only just getting to this now. Can I check what this list of issues represents to you?

In the interests of providing some hopefully useful feedback now, I'm going to assume that this list represents the set of issues you would like to see addressed in Riot/Matrix for you to be wholly comfortable with its inclusion in privacytools' set of recommended services. I'll assume that they aren't all equally weighted, but I won't worry about relative priorities for now.

First up - the ones I can handle off the top of my head. These issues are part of the current privacy work:

• Store Integration Manager preferences in account data and allow user to change them somewhere sensible element-hq/element-web#10161 - Store Integration Manager preferences in account data and allow user to change them somewhere sensible
• Present an aggregated terms of service dialogue at registration if possible element-hq/element-web#10167 - Present an aggregated terms of service dialogue at registration if possible
• Prompt to accept integration manager policies on registration element-hq/element-web#10087 - Prompt to accept integration manager policies on registration
• Store identity server in Account Data and support choosing identity server integration in User Settings element-hq/element-web#10094 - Store identity server in Account Data and support choosing identity server integration in User Settings

As for open sourcing the scalar integration manager (vector-im/riot-web#7757 - Open source the integrations server WONTFIX) we have no plan to do this today, but we are making it clearer and easier for users to control which Integrations Manager they use, and there's also Dimension which can be used as an open source alternative. Hopefully this mitigates our not having a plan to open source Scalar?

Some of the others weren't high on my agenda - I wouldn't want to consider exif stripping, private contact discovery and sticker encryption until we've got cross-signing working in Riot so that E2E encryption is finally as user friendly as it needs to be. If they're blockers to your recommending or service, though, I can make sure that is at least kept in mind as we schedule future work.

The remaining items I'll have to check the status on tomorrow (it's gotten a little later than I planned). I'll be in touch ASAP with an update.

[Mikaela]

In the interests of providing some hopefully useful feedback now, I'm going to assume that this list represents the set of issues you would like to see addressed in Riot/Matrix for you to be wholly comfortable with its inclusion in privacytools' set of recommended services. I'll assume that they aren't all equally weighted, but I won't worry about relative priorities for now.

You are correct, however I wouldn't consider some issues like the exif metadata scrubbing essential for listing Riot as as far as I am aware nothing else is doing that either. The ordering could be considered random as it's based on what I picked from other issues and then tried to search for issues based on other discussions, so towards the end it's in order of newest reported on your issue tracker.

we are making it clearer and easier for users to control which Integrations Manager they use, and there's also Dimension which can be used as an open source alternative. Hopefully this mitigates our not having a plan to open source Scalar?

I find it acceptable, especially with open source alternative existing, as opposed to the current situation where an average user doesn't even know they are using Scalar. my previous comment at prism-break

Some of the others weren't high on my agenda

In my opinion the most important issue from those I listed would be actually removing removals (matrix-org/synapse#1287) and allowing data to expire (https://github.com/matrix-org/matrix-doc/issues/447). (As you can see I started replying without reading your comment entirely at first)

There are also the issues raised by muppeth, do you have an issue number for them?

The remaining items I'll have to check the status on tomorrow (it's gotten a little later than I planned). I'll be in touch ASAP with an update.

Thank you in advance and good night. I will try to sort the list better tomorrow.

[ggg27]

This is very interesting ( +1 )

Just to be clear, Synapse isn't the only way to implement Matrix.
There are also homeserver's like Ruma.

Matrix is just a protocol, lots of ways to use it!

---

Plus, you can always change your homeserver for most clients.
Therefore it may not be necessary for privacytools.io to host a full client like Riot-Web.
- not to say it wouldn't be convenient tho.

[Mikaela]

I think I got the list in a more clear order now.

---

Just to be clear, Synapse isn't the only way to implement Matrix.
There are also homeserver's like Ruma.

Has Ruma had stable releases yet? While it could fix some issues with Synapse, I don't think it helps very much with some issues like matrix-org/synapse#1287 while the federation includes Synapses that are doing that.

Plus, you can always change your homeserver for most clients.

Yes, however identity server is currently not changeable after logging in (and yesterday I missed it entirely in login, if it even was there in RiotX) and currently integration server existing is not even told to the user being an option only a selfhoster can change.

[afonari]

ISs can and should be blocked if privacy is desired. IS is not needed for matrix chat client to function correctly (I think). See also: LiMium/mini-vector-android#26.

[afonari]

Yes, however identity server is currently not changeable after logging in (and yesterday I missed it entirely in login, if it even was there in RiotX)

element-hq/element-android#20

they don't want people to change it.

[Mikaela]

Thanks, there we have another issue to add to this tracking.

[ghbjklhv1]

I'm a Fractal and Weechat fan. Although, I do use Riot.im for my aliases.

Although, I cannot confirm. But it seems like they allow you to change identity servers.

Edit: Also, what is IS?

[ghbjklhv1]

Plus, you can always change your homeserver for most clients.

I know, many users dislike them; However, even Purism seems to have acknowledged web based apps are no longer a first priority: https://shop.puri.sm/librem-one-thanks/

[lampholder]

they don't want people to change it.

Hey - I just wanted to highlight that the ability to change Identity Servers after having logged in is on the roadmap for the current privacy sprint, across all clients. If you would like to see the plan and track its progress you can follow along here: https://vector-im.github.io/feature-dashboard/#/plan?label=privacy-sprint&repo=vector-im%2Friot-web&repo=vector-im%2Friot-ios&repo=vector-im%2Friot-android&repo=vector-im%2FriotX-android&repo=matrix-org%2Fmatrix-doc&repo=matrix-org%2Fsydent

(this tool just pulls issues with the same labels from across they myriad repos this work spans; you can find all the same stuff by searching each github repo manually).

[afonari]

Edit: Also, what is IS?

identity server. Sorry shouldn't have written short right away.

to change Identity Servers after having logged

Why not at login? As it is now possible in the riot android (not riotx)?

[lampholder]

Why not at login? As it is now possible in the riot android (not riotx)?

I'm hoping we can get rid of references to identity servers at login entirely, and just have them configured by the user in user settings after they've logged in (so identity server is a configurable property of the account, rather than the session).

Once the current work has landed, no data will be processed by any identity server until the user has explicitly accepted the terms and conditions, so from a data processing standing I think it's fine to drop it from registration/login. I think it feels a lot more natural from an average user's perspective, too.

This does present a slightly tricky UX problem of how we handle the idea of a 'default' identity server, though I think that's fine, too - default identity servers can be set at the client level or in the .well-known, and all that will mean is that the default identity server is the one that your client will prompt you to accept the terms and conditions of if and when you try and do something identity-servery (e.g. invite by email or publicly link your mxid with your email).

We might want to maintain separate identity server choice states for this - i.e. "don't use an identity server" as distinct from "this is the identity server I would use, but I won't send it any data because I haven't accepted its terms and conditions". Even though they're materially the same (from a data processing perspective), it would be nice for people to feel like they're not at risk of accidentally accepting the terms and conditions of an identity server they don't want to use.

[lampholder]

Hi all,

I've updated some of the relevant issues to get them into our privacy project tracking tool. I've tried to summarise clearly:

Things which have been added to the plan:

• We need to actually censor redactions from the DB (SYN-284) matrix-org/synapse#1287, redacted matrix-org/synapse#4565 and When we redact events, any mxc content they refer to should be redacted too (SYN-216) matrix-org/synapse#1263 have been added to phase:1
• https://github.com/matrix-org/matrix-doc/issues/447 has been added to phase:2 - this is not to assign it lower priority than the other issues, rather it is to say that there are more hurdles to completing this (getting the MSC agreed primarily) so we're not exactly sure when it will land

Issues from your list which I think are mitigated by other issues:

• Feature: Private Contact Discovery (discovery without servers learning your contacts list) element-hq/element-web#7649 is being addressed by MSC2134: Identity Hash Lookups matrix-org/matrix-spec-proposals#2134
• Login/register: allow to set home server and identity server urls element-hq/element-android#20 there's been some discussion on that issue - RiotX doesn't support interacting with an Identity Server yet (or an integration server for that matter); there is a reference to vector.im in the codebase, though - Remove default identity server as we don't use it. element-hq/element-android#446 has been filed to address this though from @maxidorius' comments it sounds like there may be a bit more to do

Things which haven't been added to the plan:

• [WIP] MSC1228: Removing MXIDs from events matrix-org/matrix-spec-proposals#1228 - even though we're very keen to fix this, we can't commit to it right now since it's a large and invasive change; we need to weigh it against the other objectives we're trying to achieve. If privacytools aren't comfortable recommending matrix whilst matrix IDs are baked into events, could this be mitigated by recommending users choose non-identifying IDs?
• [Request] Allow account deletion matrix-org/synapse#1941 is relatively easy to implement, but doesn't add a lot of value until [WIP] MSC1228: Removing MXIDs from events matrix-org/matrix-spec-proposals#1228 lands
• Please don't use CloudFlare. matrix-org/matrix.org#342 - we rely on Cloudflare for DoS mitigation - matrix.org can only stay online thanks to this service. If this is a hard blocker for a privacytools recommendation then I understand, though are you are able to recommend alternative homeservers/self hosting instead?
• Options to strip EXIF metadata from media uploads. element-hq/element-web#4426 - there's no plan to do this at this stage (users can strip their own exif data before sharing, which is not great I know - if anyone is willing to provide a PR for this it would be warmly received)
• Proxy support element-hq/riot-meta#287 - we've no plans to make any tor-specific changes at this stage, though Riot Web mostly works fine in tor browser if that's of any value. Once again, though, community-provided PRs for this would be warmly received

[Mikaela]

Thanks for the update,

element-hq/element-web#7649 is being addressed by matrix-org/matrix-spec-proposals#2134

I added matrix-org/matrix-spec-proposals#2134 with a slash.

If this is a hard blocker for a privacytools recommendation then I understand, though are you are able to recommend alternative homeservers/self hosting instead?

I am not sure as I don't think anyone (in the team or commenting actively) is checking for Cloudflared domains and in privacytoolsIO/privacytools.io#1054 (ICANNnet DNS servers) half of the suggestions are using Cloudflare. I think a bigger issue would be Riot not exposing the default homeserver matrix.org by default, do you have an issue tracking it? From that issue I also get impression that you have a wish to shut down Matrix.org homeserver (matrix-org/matrix.org#342 (comment)) which I imagine would resolve these issues unless you would replace it with another homeserver that is suggested by default unless the user knows to click advanced/additional/similar settings.

Personally my main concerns with Cloudflare is

I understand this to mean that Cloudflare can one way or another read all traffic going through Matrix.org including IRC users who have never even heard of Matrix if someone happens to use Matrix on the same IRC channel? Matrix.org is quite big compared to an individual Cloudflaring their IRC client, I have heard a number 1500 connections associated with a I-line request from third party bridge admin.

[lampholder]

I think a bigger issue would be Riot not exposing the default homeserver matrix.org by default, do you have an issue tracking it?

I think there might be crossed wires here - the queued up privacy work has a few items to better highlight the default identity server and integration manager, but the default homeserver is already pretty well highlighted:

and

Or do you mean Riot's not highlighting that the default homeserver is behind cloudflare?

[Mikaela]

Your screenshots look good to me (other than not mentioning the identity server), but they seem to be from Riot Desktop, while the currently recommended Riot Android app looks like this:

I have misremembered or am thinking of older version which had advanced settings while currently there is "edit server settings" and I don't see matrix.org/vector.im mentioned without checking it, even if I click login.

I am currently not able to get Riot X login screen as I don't want to regenerate keys yet again.

[lampholder]

Oh, yes - I'm Delivery Manager for Riot Web, so I sometimes have something of a Riot Web bias, sorry.

It would be better if the mobile apps made it clearer you were logging into/registering on matrix.org, though of course users registering on matrix.org will be sent past the matrix.org terms and conditions before that registration is completed.

I'll make an issue for this, too.

[lampholder]

I am currently not able to get Riot X login screen as I don't want to regenerate keys yet again.

Key backup works on Riot X, so you could back your keys up to save regenerating. The backups are encrypted locally and stored on the homeserver encrypted (without the homeserver ever having access to the encryption key).

[Mikaela]

I'll make an issue for this, too.

Please give the link here when you are done.

Key backup works on Riot X, so you could back your keys up to save regenerating. The backups are encrypted locally and stored on the homeserver encrypted (without the homeserver ever having access to the encryption key).

Doesn't this however give me a separate device ID and fingerprint that I would need to reverify with people again?

[afonari]

I have misremembered or am thinking of older version which had advanced settings while currently there is "edit server settings" and I don't see matrix.org/vector.im mentioned without checking it, even if I click login.

This is fixed in https://github.com/LiMium/mini-vector-android (LiMium/mini-vector-android#27) Custom options is checked by default and Identity server set to localhost.

[ara4n]

Yes, however identity server is currently not changeable after logging in (and yesterday I missed it entirely in login, if it even was there in RiotX)

vector-im/riotX-android#20

they don't want people to change it.

@afonari There is massive confusion about this - the reason RiotX didn't expose UI for configuring the identity server is that it does not yet implement any identity functionality(!) The default setting was hanging around the codebase unused, and got removed in element-hq/element-android#446.

[afonari]

@ara4n This is great news, thanks! Hopefully, if it is added back, it will be chageable from GUI.

[ara4n]

of course! this has always been the plan.

[lampholder]

Please give the link here when you are done.

Riot iOS: element-hq/element-ios#2614
RiotX: element-hq/element-android#450 (issue already closed, RiotX actually shows the default homeserver already)
Riot Android: element-hq/riot-android#3238 - not sure we'll actually want to make the changes to Riot Android - it depends how quickly we can replace Riot Android with RiotX.

Doesn't this however give me a separate device ID and fingerprint that I would need to reverify with people again?

Sorry, yes it does. As an aside, cross signing will solve this problem and is very much inbound - the backend support is basically complete (but there's still a lot of UX to do yet).

[Mikaela]

Hi, I am not sure where this would be the most topical, but have you had time to see and read The Metadata Trap? It's very long, but interesting and included some suggestions that even Signal doesn't do yet, mainly

It’s not enough that these apps encrypt messages. They also need to do better at promptly deleting data that’s no longer needed. End-to-end encryption protects messages as they travel from one phone to another, but each phone still has a copy of the plain text of all these messages, leaving them vulnerable to physical device searches. Disappearing messages features are a great start, but they need to be improved. Users should have the option to automatically have all their chats disappear without having to remember to set disappearing messages each time they start a conversation, and they should be asked if they’d like to enable this when they first set up the app. And when all messages in a conversation disappear, all forensic traces that a conversation with that person happened should disappear too.

Are you thinking or going to think about it, or is it out-of-scope (if you are focusing more on team chat and bridging, but I guess it would be a nice addition to E2EE-by-default-private-chats though)?

If you are following this repository you may already have seen https://github.com/privacytoolsIO/privacytools.io/issues/1134 where I have been wondering how do other instant messengers treat this and linking to their issues.

[ghost]

element-hq/element-web#4426 - riot does not scrub exif data from upload

I don't think anything else does this either, please correct me.

Discord does or used to do this.

[afonari]

LiMium/mini-vector-android#32 was merged into mini-vector for android. I think this removes all the integrations. @maxidorius based on your research are there any other "hidden" integrations in the riot-android?

[maxidorius]

@afonari There are others like the Integration manager. I didn't dig into android specifically, but from network activity I saw, the identity server is the tip of the iceberg, as being the only configurable item.

[afonari]

Max, they exposed quite a few in the config.xml: https://github.com/vector-im/riot-android/blob/develop/vector/src/main/res/values/config.xml

I searched for "vector.im" in the riot-android repo, I couldn't find anything that it is leaking except those from the config.xml.

[ara4n]

See https://matrix.org/blog/2019/09/27/privacy-improvements-in-synapse-1-4-and-riot-1-4, which solves many of the issues touched on in the OP.

[blacklight447]

so, do you guys have a estimated release date for e2ee other then Soon™ (which has been its status for what, 2 maybe 3 years now?)

[afonari]

@ara4n I can still reproduce https://github.com/privacytoolsIO/privacytools.io/issues/1338 with Riot-web 1.4. My config is:

{
    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://chat.privacytools.io",
            "server_name": "chat.privacytools.io"
        },
        "m.identity_server": {
            "base_url": "https://chat.privacytools.io"
        }
    },
    "disable_custom_urls": false,
    "disable_guests": false,
    "disable_login_language_selector": false,
    "disable_3pid_login": false,
    "brand": "Riot",
    "integrations_ui_url": "https://chat.privacytools.io/",
    "integrations_rest_url": "https://chat.privacytools.io/api",
    "integrations_widgets_urls": [
        "https://chat.privacytools.io/_matrix/integrations/v1"
    ],
    "integrations_jitsi_widget_url": "https://chat.privacytools.io/api/widgets/jitsi.html",
    "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
    "defaultCountryCode": "GB",
    "showLabsSettings": false,
    "features": {
        "feature_pinning": "labs",
        "feature_custom_status": "labs",
        "feature_custom_tags": "labs",
        "feature_state_counters": "labs"
    },
    "default_federate": true,
    "default_theme": "light",
    "roomDirectory": {
        "servers": [
            "matrix.org"
        ]
    },
    "welcomeUserId": false,
    "piwik": false,
    "enable_presence_by_hs_url": {
        "https://matrix.org": false
    }
}

[jryans]

@afonari Homeservers like Synapse used to require an identity server for some operations such as adding an email. This has been fixed as part of the privacy work, but it requires both Riot 1.4 and Synapse 1.4. Synapse 1.4 is not yet released (currently in RC), so I am guessing it is not used on the privacytools.io HS yet. You can test HS support on matrix.org which includes the latest server changes if you’d like to check it out.

[afonari]

@jryans can you please clarify. When I add an email address from riot web 1.4 running on localhost with HS pointing to somehost1.org and IS pointing to somehost2.org, where does this request go?

Homeservers like Synapse used to require an identity server for some operations such as adding an email.

Maybe this means that my request goes to the HS and then HS creates a request to vector.im identity server?

[jryans]

@jryans can you please clarify. When I add an email address from riot web 1.4 running on localhost with HS pointing to somehost1.org and IS pointing to somehost2.org, where does this request go?

Riot 1.4 behaves differently when adding an email to your HS account depending on whether the HS supports the new privacy changes, currently part of Synapse 1.4.

If your HS is older (without privacy work), then Riot passes the selected IS to the HS and the HS talks to IS on your behalf to trigger the email.

If your HS includes privacy work (such as Synapse 1.4), then the IS is not involved at all. The HS handles email validation internally (or chooses to delegate email sending elsewhere and should be explained in the privacy policy of that HS).

[afonari]

If your HS is older (without privacy work), then Riot passes the selected IS to the HS and the HS talks to IS on your behalf to trigger the email.

Yes, I can see that:

POST to https://chat.privacytools.io/_matrix/client/r0/account/3pid/email/requestToken

What I don't understand is, how it is possible for IS to send email if IS is set to localhost (non existent IS, which is confirmed by the yellow warning at the login page). IS is set using:

"m.identity_server": {
            "base_url": "https://chat.privacytools.io"
        }

Identity server is not being picked up from this settings. In the Help & About it says:

Advanced
Homeserver is https://chat.privacytools.io
Identity Server is https://vector.im
Access Token: <click to reveal>

[jryans]

What I don't understand is, how it is possible for IS to send email if IS is set to localhost (non existent IS, which is confirmed by the yellow warning at the login page). IS is set using:

"m.identity_server": {
            "base_url": "https://chat.privacytools.io"
        }

This bit of Riot config is only a default IS suggested to users of that Riot install. Each user can pick a different IS or use no IS at all. You should check the General tab of Settings which allows editing the current IS to see what value is currently used. The user’s chosen IS overrides the default from Riot config.

It’s possible you’ve hit a bug that only occurs when setting the IS to some unreachable server? If so, it would great to have a Riot issue with more detail on the steps you are taking so we can fix that edge case.

Anyway, this is all a legacy path for an old HS, so you should move to Synapse 1.4 once available, as it won’t need the IS for these flows, which seems like what you want to achieve anyway. 😄

[afonari]

@jryans thanks for the explanations.

[afonari]

Linking another privacy case: element-hq/element-web#10696

[jonaharagon]

It’s possible you’ve hit a bug that only occurs when setting the IS to some unreachable server? If so, it would great to have a Riot issue with more detail on the steps you are taking so we can fix that edge case.

@jryans Possibly. This is a problem I noticed on my personal account and have since confirmed with a couple people. It seems like when Riot encounters an invalid IS it appears to default to Vector.im. This is something I did not realize until this latest update where the IS is clearly displayed in settings.

I would really like to see @joepie91's suggestion at matrix-org/matrix-spec-proposals#2284 (comment) implemented ASAP so we can clearly recommend to our users to not use an IS at all as opposed to setting the IS field to some invalid link which is a hacky workaround (and also does not appear to work, although I was advised by @maxidorius that setting it to a blank string also doesn't seem to work, so I don't know if there is any way to disable the IS by default currently).

[maxidorius]

@jonaharagon Recent changes in Riot code regarding auto-discovery made this quite complex. I would be very cautious with any approach you take and be sure to test it before hand.

[jryans]

@jryans Possibly. This is a problem I noticed on my personal account and have since confirmed with a couple people. It seems like when Riot encounters an invalid IS it appears to default to Vector.im. This is something I did not realize until this latest update where the IS is clearly displayed in settings.

As far as the Riot core team is aware, when using Riot 1.4+ together with Synapse 1.4+, there should not be any case where Riot is defaulting back to https://vector.im as an IS.

If the Riot admin has supplied a default IS in Riot's config or if the HS admin has supplied a default IS in .well-known, then Riot will display that IS in Settings, but no user data is sent until the user has agreed terms.

If the Riot config supplies an invalid IS such as:

    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://chat.privacytools.io"
        },
        "m.identity_server": {
            "base_url": "https://dev.null"
        }
    },

then Riot will display that IS in Settings (just like a real, working IS) and attempt to contact it to request terms, but that will of course fail.

If the HS .well-known supplies an invalid IS, we do hit the issue that matrix-org/matrix-spec-proposals#2284 is aimed at, as currently Riot would fail on registration in that scenario, but really it should change to a warning only and behave like the previous case where the invalid IS appears in Settings but fails on use.

If both the Riot config and HS .well-known do not configure any IS, then a new account will not have any associated IS. (This appears to achieve your goal as I understand it.)

If you or others are observing behaviour different from the above, then it sounds like a bug, and the Riot team would greatly appreciate an issue describing it so we can resolve the problem. 😄

[poperigby]

Why was this closed, @Mikaela? Are all the problems fixed?

[Mikaela]

Why was this closed, @Mikaela? Are all the problems fixed?

because @jonaharagon thought in privacytoolsIO/privacytools.io#1392 (which dngray and I approved before I merged it) that it/relisting resolves this issue. For the discussion resulting me to approve in the end, see https://github.com/privacytoolsIO/privacytools.io/issues/1389.

I am content with leaving this closed as there is that upstream privacy tracker and I am not following everything happening there and don't have the capability of keeping this up-to-date, and would consider https://github.com/privacytoolsIO/privacytools.io/issues/1395 as the successor.

[jonaharagon]

Host Dimension instead of relying on vector.im

I know I said I wasn't going to do this, but I'm going to do this. I was actually going to do it tonight, but it took me too long to setup a homeserver (even though I've done it like 5 different times before), so I'll actually setup Dimension tomorrow 😴

[afonari]

I agree with @poperigby, I think this should stay open. There are many unresolved issues.

[afonari]

One important issue is element-hq/element-web#10696: Allow users to disconnect from an integration manager entirely in the same way that we support doing this for identity servers.

[Mikaela]

@privacytoolsIO/editorial Are there volunteers on keeping this up-to-date?

I will move that to privacytoolsIO/privacytools.io#1395, while another option would be to not use Riot as I think it's the only client that implements an integration manager.

[afonari]

@privacytoolsIO/editorial Are there volunteers on keeping this up-to-date?

I'm OK posting here links to cases and following this thread.

not use Riot as I think it's the only client that implements an integration manager.

I agree. But currently PIO hosts riot-web.

[jonaharagon]

FYI the default on our Riot install is now an integration manager that is 1) controlled by me, and 2) disabled by default until you specifically use it once and check an agreement box.

[Mikaela]

Is there more documentation about it somewhere and what is the address that can be given to Riot user settings?

[dm17]

Are there any current Riot/Element clients (for Linux) that allow for proxies, VPNs, or Tor?