matrix-appservice-discord
matrix-appservice-discord copied to clipboard
matrix-org
Bot can't handle encrypted rooms
I've successfully set up the appservice and it works in unencrypted rooms. When I add the bot to an encrypted room, it does join the room but doesn't respond to anything. I further tried to connect it through pantalaimon, like I've set up maubot, but then it gives an invalid authentication token error.
Is there any way to make this appservice work within encrypted rooms?
Nope, this appservice simply dpes not support encrypted rooms. Please bridge unencrypted rooms instead.
-
- 2021 11:26:55 Gerrit Gogel @.***>:
I've successfully set up the appservice and it works in unencrypted rooms. When I add the bot to an encrypted room, it does join the room but doesn't respond to anything. I further tried to connect it through pantalaimon, like I've set up maubot, but then it gives an invalid authentication token error.
Is there any way to make this appservice work within encrypted rooms?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub[https://github.com/Half-Shot/matrix-appservice-discord/issues/687], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AASSEVGGF2QQTD77TGE3GK3TEB7W3ANCNFSM4ZKJU5XA]. [data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAAAXNSR0IArs4c6QAAAARzQklUCAgICHwIZIgAAAArSURBVHic7cEBDQAAAMKg909tDjegAAAAAAAAAAAAAAAAAAAAAAAAAAA+DFFIAAEctgHwAAAAAElFTkSuQmCC###24x24:true###][Sledovací obrázek][https://github.com/notifications/beacon/AASSEVBOQLJUHI25FMRBM5TTEB7W3A5CNFSM4ZKJU5XKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4MNQB45Q.gif]
As encrypted rooms are the default for matrix by now, is anything planned in that regard? Further, why isn't that pointed out in the documentation?
As encrypted rooms are the default for matrix by now
I thought public rooms were unencrypted by default in all currently maintained clients and servers.
Public rooms are unencrypted and private rooms are encrypted by default (at least in Element)
Yes, if you create a room the default setting is private and encrypted. In my opinion one of the main reasons to use matrix is the encryption. It's just bothering me that it isn't even pointed out in the documentation, as if encryption would be an insignificant feature for matrix...
There is little benefit to encrypting a conversation you then turn around and immediately send unencrypted to discord.
Encryption is for keeping conversations secret from your homeserver, bridges are ran by the homeserver. So they'd have the keys anyways. No point.
AFAIK only some of tulirs bridges supports end2bridge, and that probably isn't what you want anyway
Encryption is for keeping conversations secret from your homeserver, bridges are ran by the homeserver. So they'd have the keys anyways. No point.
Excuse me? The encryption is E2E. It is not only to keep the conversations secret from the homeserver.
I run maubot with pantalaimon and it works in encrypted rooms.
I get your point with the unencrypted discord, though it rather have encryption somewhere instead of giving up encryption entirely.
Maubot is a bot not an Application Service. Bots are not tied to a homeserver.
You also seem to be misunderstanding what E2E is, traffic between the homeserver and clients is always transport encrypted. Simplified, the only actor who can read your messages even without e2e enabled is your homeserver.
Maubot is a bot not an Application Service. Bots are not tied to a homeserver.
I'm aware of that.
You also seem to be misunderstanding what E2E is, traffic between the homeserver and clients is always transport encrypted. Simplified, the only actor who can read your messages even without e2e enabled is your homeserver.
No, this is simply wrong. Without E2E there are multiple attack vectors. Even when the transport encryption is broken the attacker won't be able to read the messages when using E2E. Further the messages do not only reside on the server but also on the clients...
If TLS being broken is part of your threat model you have more pressing concerns than wanting to bridge your secret messages to discord
When was the last time you entered a password to read your messages in a client? I certainly only know of clients that store keys in pretty insecure places.
Not that it matters; if your client device is compromised you are SOL regardless of E2E or not.
Only you can decide what threat model you want to use for your communication. But what's outlined above are some of the reasons your workflow is not supported by most of the community.
E2Bridge is useful when you want to host a trusted bridge via a less-trusted homeserver. Like how beeper let users host their own bridges so that they don't have to trust beeper with their account details on other platforms.
E2Bridge is also important given that Matrix rooms can be federated. Users who join via a homeserver that they don't own or manage improperly are extending the room's visibility to the admins for that homeserver.
Discord may be one point for a data leak, the bridge may be another, and without encryption, all homeservers with users in the room are as well. Enabling e2bridge limits the ability for vulnerable homeservers to leak data.
I don't quite get why it has to be two-way with and without E2EE, if you can just listen to everything in Discord to crosspost in Matrix and not give anything back to Discord side?
just chiming in to say: hope this will be get implemented. folks i admin with are considering not using this in our bridging stack due to lack of encryption support. all sorts of considerations to think about that people don't want to deal with.
Everything working great otherwise, thanks for this work!
