"Protecting media from quarantine" terminology is confusing

[anoadragon453]

Today, using the Admin API, homeserver admins can both:

• "quarantine" media, which will hide that media from users but keep it on the homeserver, and
• "protect" media, which prevents a piece of media from being quarantined. This is mostly used to protect known sticker packs when all media in a room is quarantined.

Additionally, media retention will not delete "quarantined" media - irregardless of its "protection" bit.

The "protect" terminology is a bit confusing. I feel like "protecting" media would prevent it from being deleted typically, where in our case it's "protection from quarantine".

This question came up on the subject of "protecting" rooms from automatic purging (when all users leave and forget a room). Perhaps instead of "protected media", we should say something along the lines of "whitelisted" or "verified" media.

[jesopo]

can i get a clarification on what putting media in "quarantine" means, mechanically?

[anoadragon453]

Local and cached remote media each have a database table defining their homeserver/media ID combination and where the file is stored on disk. These are the local_media_repository and remote_media_cache database tables respectively.

When local media is quarantined, the nullable quarantined_by column for that media is set to an Matrix User ID - that of the admin that quarantined the media. If media is removed from quarantine, the column value is set back to NULL.

When cached remote media is quarantined, the same occurs: quarantined_by is set to the MXID of the user that executed the quarantined. When removing from quarantine, this is set back to NULL.

Only local media can be protected from quarantine. This is done by setting the boolean column safe_from_quarantine to true on the relevant row of the local_media_repository table. If this column is true, then attempting to quarantine that piece of media will be a no-op.

Relevant code for the above.

When local media is requested by a client or remote homeserver, that request is 404'd if quarantined_by is not NULL:

synapse/synapse/rest/media/v1/media_repository.py

Lines 241 to 243 in a47636c

	if not media_info or media_info["quarantined_by"]:
	respond_404(request)
	return

A similar thing happens for remote media, checking the same column name on remote_media_cache:

synapse/synapse/rest/media/v1/media_repository.py

Lines 364 to 366 in a47636c

	if media_info["quarantined_by"]:
	logger.info("Media is quarantined")
	raise NotFoundError()