Ability to add additional metadata to invites #2339
Comments
|
we deliberately didn’t add further metadata to invites in order to avoid the spam vector. however, this turns out to be a pain for invites between trusted users/servers, so we’re looking to define a way of doing it for that scenario which doesn’t result in abuse in the general public network. |
turt2live
added
client-server
|
MSC2367 allows adding reasons to invites, amongst other things. |
|
Apparently this was implemented in spec and synapse. How about client support? |
I've been thinking about this, and while I see the "spam vector", I also think that it's a false flag that we're waving here, because the status quo doesn't really prevent spam (I'll expand in a sec), but it inconvenience legitimate users. Let me explain by way of an example, in which one morning I open Riot, and I find two invitations, one by Alice ( Of course I'll accept Alice's, then wait a few seconds while the room synchronises, before I finally see what Alice is trying to talk about. During those seconds, the perception in my head manifests that Alice didn't really have a very "responsive" experience reaching out to me, as she was typing into a room to which I'd been invited, but where I wasn't actually present. There's lots more to be said about this, including the fact that Alice can't re-invite me, or inquire about why I haven't seen a message. This experience is by design, because we wouldn't want spammers to be able to send us unsolicited dick pics, or whatever it is that they do. However, consider what exactly happens when you see that invitation by Bob: you have absolutely nothing to go by to decide whether Bob is a spammer, or a legitimate attempt to contact you, e.g. by a former school friend. We don't spam-filter email based on the From header either. Fact is that you will accept the invitation, wait a few seconds, and then see the spam anyway. At this point it's too late, except you've now created a room that you have to leave, and forget. This gives the spammer a lot more information than if you just were silently able to ignore the request. I'd like to propose that the experience actually become more like what happens when you surf to the URL of a public room: you can browse the timeline, and there's a button asking you to join the room. In the case of a direct chat, the invitation should also show you the whole timeline (optionally with images disabled…), and ask you whether to "join", "ignore", or "block". How about it? PS: please let me know if you'd prefer that I split this off into a separate issue. |
richvdh
changed the title
|
seems like this has been fixed by #2795. |
Would it make sense to add an optional short message or some other metadata to invites? That could make invites easier to evaluate. As in, do I want to accept this invite or is it likely invite spam? Wasn't there talk of adding reasons to kicks and bans? This would mirror that in a way.
The text was updated successfully, but these errors were encountered: