-
Notifications
You must be signed in to change notification settings - Fork 625
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Matrix username spoofing #1875
Matrix username spoofing #1875
Conversation
While I like not requiring a Matrix server and appservice access for this which #1864 brings support for, I am not sure if changing the display name constantly is a good idea. Then again Matrix doesn't seem to be providing anything serverless for this anytime soon, matrix-org/matrix-spec#840 has also became over an year old. |
It's definitively not the best thing to do, but I don't see an alternative without hosting a full-blown homeserver which we would have no other use for. I admit, I've just played around how a behavior similar to Discord webhooks can be achieved, and it turns out it was that simple and was surprised there wasn't already a PR like this. Changing the nickname instead of embedding the name into the message is so much better to read that IMHO this change provides great usability. The channel is fairly low frequent, but we already ran into rate limits in the past on the Matrix side. If this gets merged it should default to false and include a warning regarding the additional requests. |
Code Climate has analyzed commit ea5a865 and detected 0 issues on this pull request. View more on Code Climate. |
An alternative actually exists: application services as I've tried to implement in #1864. It allows a server to properly impersonate users, and was built in the matrix standard for that reason. However as @Mikaela pointed out, it's true that this requires a "cooperative" homeserver. |
I think both options are useful. Running a Matrix homeserver is a bit more involved that you make it sound like, and if Matrix is "just another service to bridge to" for you than simpler is better. |
Fair enought, I can certainly agree that this has its uses, because I can definitely understand why one wouldn't want to host a [matrix] homeserver :-) |
LGTM: A bit dirty, but it does the job and not too much code change. 🚀 |
I want to remind you that /myroomnick sends a state event into the room every time which leads to lots of state events over time. This will for example slow down room joins and make other state changes take longer to process. |
I hear matrix-org/matrix-spec-proposals#3883 might help with this, but I stand in the opinion that Matrix really does nothing to help us who cannot host a Matrix server with how heavy it is compared to IRC and point to matrix-org/matrix-spec#840. Matrix developers at least those following a specific waterduck have been aware of this PR since opening it resulting to comments on RELAYMSG, while not here. I don't think Matterbridge or its contributors can be blamed if this is another public Matrix DDoS attack like the IRCnet bridge with |
Seconding @timokoesters here — this is a horrendously bad idea. Seriously, really really bad. Every time the bridge spoofs someone by sending an updated membership event, it is lengthening the auth chain for the bridge user. State resolution is likely to get progressively more and more expensive on resident homeservers as a result, resulting in additional load and worsening event processing times, quite likely up to the point that bridged rooms will become unusable or unjoinable.
Ultimately we know these problems exist and are spending a lot of time optimising and trying to figure out ways to reduce persistent room state in Matrix. That is no easy task — it requires deep architectural changes and is not going to happen overnight. That does not mean it isn't happening.
I partially disagree. The right answer here is, and always has been, appservices for user puppeting. Forcing through state changes for every relayed message is not the right answer and is instead a major footgun. |
And that is being worked on in #1864, however how is that exactly done without a homeserver?
Thank you for acknowledging the issue. |
Based on the feedback, although this feature isn't enabled by default, I'm thinking about reverting the PR. But if this can result into a DoS, maybe there should be more strict ratelimiting on those member state updates. |
I tested this for a couple of minutes and as it doesn't work on either FluffyChat or Nheko, I am disabling it. From so-called flagship Matrix clients by New Vector Ltd. Element iOS didn't work either while Element Web and Hydrogen work. |
Something that has not been pointed out is that this is based on the sole assumption that the client will render the user's display name at the given point in time where the message was sent. Element does do that by default (and can be disabled) but for instance, Nheko and Fluffychat do not. |
This implements username spoofing for Matrix similar to Discords webhooks.
Matterbridge will rename itself - only in the room - to the username of the message by using a room state event.
The equivalent in Element is
/myroomnick $nick
.If the username already exists in the room then Element will show the mxid next to the username.
There's a new setting introduced for Matrix named
SpoofUsername=true
which defaults tofalse
.Caveats:
This could be reduced a bit by caching the last messages username and only change the name when necessary.
Comparison screenshots
Default:
This PR with default Element settings:
This PR with nickname changes turned off locally:
Discord: