-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC4184: Dynamic Notification Suppression #4184
Open
turt2live
wants to merge
2
commits into
main
Choose a base branch
from
travis/msc/mention-spam-suppress
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| # MSC4184: Dynamic Notification Suppression | ||
|
|
||
| *Not to be confused with Domain Name System.* | ||
|
|
||
| An unfortunately common method of spam is to mention users individually in events, causing disruption | ||
| for the users in that room. These events are often large as well. | ||
|
|
||
| The [current specification](https://spec.matrix.org/v1.11/client-server-api/#push-notifications) for | ||
| notifications relies on "push rules" to alter behaviour for received events. A solution to reduce the | ||
| impact of the spam may be to create a new push rule and condition which does not allow the event to cause | ||
| notification if there's more than X mentions. Determining a value for X can be difficult, and would | ||
| require experimentation through suffering spam waves and daily usage to get a decent balance on an | ||
| acceptable number. Further, spammers can somewhat trivially work around the number by sending more | ||
| events 1 step below the limit. | ||
|
|
||
| This proposal instead creates a provision in the specification for a server (or client) to decide | ||
| to suppress a notification on a per-event basis. Servers can then protect their users by adjusting | ||
| an X value described above, or implement other suppression mechanisms depending on the situation. | ||
| Clients can already choose to not notify the user on events, but their counts may differ from the | ||
| server if they do this. This proposal includes a way for the server to communicate to the client that | ||
| notifications (or more specifically, push rules) are ignoring the event. | ||
|
|
||
| ## Proposal | ||
|
|
||
| Servers and clients become explicitly able to skip push rule execution on events which appear to contain | ||
| spam. The definition of "spam" is deliberately left as an implementation detail, though is not intended | ||
| to permit a server to arbitrarily suppress notifications. | ||
|
|
||
| Non-exhaustive examples of acceptable reasons to skip push rules are: | ||
|
|
||
| * Too many mentions in a message. | ||
| * Repeated messages in a room. | ||
| * Excessively high traffic. | ||
| * The notification would expose the user to illegal material. | ||
|
|
||
| When the server skips push rule execution on an event, it adds `m.push_rules_executed: false` to the | ||
| `unsigned` object when serving that event over [`/sync`](https://spec.matrix.org/v1.11/client-server-api/#get_matrixclientv3sync). | ||
| The value may be `true` and included on events served from other endpoints as well, though doesn't | ||
| serve significant utility to the client. | ||
|
|
||
| Clients SHOULD NOT execute push rules locally on events with `m.push_rules_executed: false` as this | ||
| may cause notification counts to desynchronize from the server, leading to 'stuck notifications' for | ||
| the user. | ||
|
|
||
| Clients SHOULD consider local suppression of notifications on spammy events, particularly in encrypted | ||
| rooms where the server is unable to provide a reliable notification count. | ||
|
|
||
| ## Potential issues | ||
|
|
||
| Server owners may abuse this feature to cause users grief, or disrupt communications for a group using | ||
| their server. While technically made possible, users are typically able to relocate to a more kind | ||
| server, removing the incentive for this particular method of abuse. | ||
|
|
||
| A server or community moderator may wish to receive these notifications regardless of spam so they | ||
| can take action against the spammer. It is expected that implementation of this feature would be | ||
| paired with other spam suppression mechanisms, including soft-failure or automatically redacting | ||
| events to reduce outward impact. If the spammer is a local user, heavy rate limiting may also be | ||
| applied. Servers should additionally consider maintaining a list of users to never suppress notifications | ||
| for, and potentially the power level of the user receiving the notification. Another strategy may | ||
| be to let 1 notification per minute through to avoid overly spamming the user's device. | ||
|
|
||
| ## Alternatives | ||
|
|
||
| Mentioned in the introduction for this proposal, a number of push rules and push rule conditions | ||
| could be introduced to cover the different types of spam a user might not want to be notified for. | ||
| These push rules and conditions may be trivial to work around, and potentially faster than the spec | ||
| process is able to consider them. Instead, this proposal suggests that the Matrix.org Foundation C.I.C.'s | ||
| Trust & Safety team create MSCs for push rules and conditions which prove themselves useful against | ||
| spam visible to the team. In particular, when the team uses this MSC's suppression mechanism, they | ||
| shall follow up with an MSC to describe the effective push rule/condition. Other T&S teams and server | ||
| owners are encouraged to do the same. | ||
|
|
||
| ## Security considerations | ||
|
|
||
| See 'Potential Issues' - the considerations are the same. | ||
|
|
||
| ## Unstable prefix | ||
|
|
||
| While this proposal is not considered stable, servers must use `org.matrix.msc4184.push_rules_executed` | ||
| instead of `m.push_rules_executed`. | ||
|
|
||
| ## Dependencies | ||
|
|
||
| This proposal has no dependencies. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clients that don't support this proposal yet, won't act on
push_rules_executedif a server implements and enables this proposal. Therefore, these clients might run higher risk of hitting 'stuck notifications' which might be worth calling out in the potential issues section.