| 1 May 2025 |
 @emma:rory.gay | yep | 15:34:04 |
 @joepie91:pixie.town | wait. the mention detection triggers on @ symbols instead of actual mentions? | 15:34:56 |
| @emma:rory.gay | yes, because its nigh impossible to detect actual mentions | 15:35:15 |
| @emma:rory.gay | because the spammer litterally hinges on the DEPRECATED mention behavior based on body, and not intentional mentions (which would make detection easy) | 15:35:45 |
| @joepie91:pixie.town | you could at the very least detect <word boundary>@<non-boundary character> | 15:35:55 |
| @joepie91:pixie.town | and that could definitely be improved further to prevent misdetections | 15:36:18 |
| @emma:rory.gay | most of the pings dont contain an @ at all, is what yoru was saying | 15:36:18 |
| @joepie91:pixie.town | sure but we're talking about the code that does check for @s | 15:36:30 |
 Yorusaka Miyabi | In reply to @joepie91:pixie.town
you could at the very least detect @ I think they even lack the @ symbol | 15:36:31 |
| @emma:rory.gay | the only case where an @ is in the message, is when a user doesnt have a displayname and it falls back to mxid | 15:36:50 |
| @joepie91:pixie.town | the problem I have with this is not the false negatives, it's the false positives | 15:36:54 |
| Yorusaka Miyabi | for instance they would try like literally saying Emma [it/its] and so on to mass mention | 15:37:04 |
| @emma:rory.gay | that pinged, yes | 15:37:11 |
| @joepie91:pixie.town | yes yes I get that but that is specifically not the case I am talking about | 15:37:14 |
| @emma:rory.gay | Redacted or Malformed Event | 15:37:25 |
| @emma:rory.gay | blegh | 15:37:29 |
| @emma:rory.gay | https://github.com/matrix-org/mjolnir/blob/main/src/protections/MentionSpam.ts#L49
youre welcome | 15:38:12 |
| @emma:rory.gay | tl;dr it splits the string by litteral @ characters, and checks if the result count is above the limit | 15:38:47 |
| @joepie91:pixie.town | yes, and that's a terrible way to check this... | 15:38:54 |
| @emma:rory.gay | yes, the correct way would be to grab the member list, and count instances of user.displayname ?? user.mxid | 15:39:19 |
| @emma:rory.gay | * yes, the correct way would be to grab the member list, and count instances of user.displayname ?? user.mxid | 15:39:22 |
| @emma:rory.gay | and well, obviously thats very slow because extra api call | 15:39:36 |
| @joepie91:pixie.town | like, this feels really illustrative for the problem with a lot of element/matrix code, actually. someone implemented the absolute most naive implementation of the idea, even though with barely any extra effort they could've substantially improved the reliability, but they just didn't do that step at all | 15:40:18 |
| @joepie91:pixie.town | I've been seeing this in so many places | 15:40:32 |
| @emma:rory.gay | well, originally they didnt use displayname so it was actually sensible | 15:40:41 |
| @joepie91:pixie.town | no it wasn't | 15:40:47 |
| @joepie91:pixie.town | there are no circumstances under which this check is a reasonable implementation | 15:40:56 |
| @joepie91:pixie.town | I literally provided the improved version above | 15:41:05 |
| @emma:rory.gay | besides, friendly reminder that you dont need a word boundary | 15:41:18 |
| @emma:rory.gay | joepie91 🏳️🌈Yorusaka Miyabi [DO NOT DM]WeetHet | 15:41:45 |
