| 23 May 2025 |
 emily | agreed that I don't want this to be permanent, but I also don't know what our endgame actually is other than just hoping they get bored. | 07:05:36 |
 BeatLink | whats going on with this spammer thing? | 07:05:48 |
 @raboof:matrix.org | is there anything to track Matrix's progress on this? I found https://github.com/element-hq/element-meta/issues/2486 but that doesn't look very active. Commented that it's a current issue at least. | 07:08:14 |
| @raboof:matrix.org | (that also mentions emailing abuse@matrix.org, I didn't know that was a thing, have we been doing that?) | 07:09:00 |
| emily | they have posted about it on the matrix.org blog | 07:09:09 |
| emily | they are very aware of the problem | 07:09:12 |
| emily | unclear if they are doing anything except flailing | 07:09:16 |
 K900 | Their solution seems to be policy servers | 07:09:41 |
| emily | that's like, a pretty major architectural/engineering project right? | 07:10:01 |
| emily | a thing Matrix famously has a track record for completing on time and without issues? | 07:10:16 |
| K900 | Yes and I'm not even convinced it's a good idea | 07:10:17 |
| emily | "In my opinion, the most interesting part to talk about above is MSC4284: Policy Servers. If you haven't already, read the matrix.org blog post on Introducing Policy Servers. In short, they're servers on the internet where you can send events to and have them be checked for spam/illegal imagery/etc. before allowing the event to be sent down to your users. You can think of them like a SpamChecker Synapse module, but homeserver implementation agnostic." | 07:10:41 |
| emily | right. | 07:10:43 |
| emily | (https://matrix.org/blog/) | 07:10:44 |
| emily | so… this doesn't even solve it for "us" | 07:10:58 |
| emily | like, it's something every one of the 5 billion homeservers our users run would have to implement, individually, right? | 07:11:12 |
| emily | (and also I assume that in practice there's going to be one policy server on matrix.org, because how many orgs are going to have the resources to negotiate access to the illegal content hash databases or staff people to do moderation work? so it's going to have a major centralizing effect on moderation policy) | 07:12:33 |
| emily | (…and also introduce a matrix.org SPOF on other homeservers 🙃) | 07:12:54 |
 @leira:matrix.org | Hi~ Can I get an invitation to the new NixOS room? | 07:13:19 |
| @leira:matrix.org | Thanks! | 07:14:17 |
| @leira:matrix.org left the room. | 07:15:35 |
| @raboof:matrix.org | if that'd exist we could at least realistically tell affected users "talk to your homeserver admin" instead of "uh yeah that's just how Matrix is rn", right? that seems like an improvement. (but indeed AFAICT a simple user reporting system would be both more useful and an order of magnitude easier to implement? am I missing something) | 07:17:34 |
| @raboof:matrix.org | oh policy servers are at the 'room level'? then that's nice but doesn't help against invite spam at all? | 07:20:11 |
| BeatLink | I think the only way to fix it is to implement better permission systems. Like for example, discord allows you to set who can create invite links, how long they are valid for and so on | 07:21:32 |
| BeatLink | Right now, anyone in a room can invite anyone | 07:21:41 |
| emily | that's not our issue at all | 07:25:10 |
| emily | we have not had a single instance of anyone inviting a spammer with the rooms being invite-only | 07:25:27 |
| BeatLink | oh | 07:25:37 |
| BeatLink | im curious then, what is the main problem? | 07:25:50 |
| @raboof:matrix.org | spammers inviting users to rooms with names containing slurs (and hinting that the room will contain illegal/offensive material like CSAM, though I haven't joined obv) | 07:27:13 |
