| 1 May 2025 |
 @emma:rory.gay | Redacted or Malformed Event | 12:28:50 |
| @emma:rory.gay | 15 sure triggers it | 12:29:03 |
 WeetHet | Why are images being deleted? Is there an alternative if I need to send one?
| 15:32:43 |
| @emma:rory.gay | upload it to a file host | 15:33:28 |
 Yorusaka Miyabi | In reply to @emma:rory.gay
15 sure triggers it But if I remember correctly, when I saw such spams, they seems to be always lacking @ symbols in its text parts, or just trying to spam name mentions only in text parts without HTML part in the Matrix message content | 15:33:54 |
| @emma:rory.gay | yep | 15:34:04 |
 @joepie91:pixie.town | wait. the mention detection triggers on @ symbols instead of actual mentions? | 15:34:56 |
| @emma:rory.gay | yes, because its nigh impossible to detect actual mentions | 15:35:15 |
| @emma:rory.gay | because the spammer litterally hinges on the DEPRECATED mention behavior based on body, and not intentional mentions (which would make detection easy) | 15:35:45 |
| @joepie91:pixie.town | you could at the very least detect <word boundary>@<non-boundary character> | 15:35:55 |
| @joepie91:pixie.town | and that could definitely be improved further to prevent misdetections | 15:36:18 |
| @emma:rory.gay | most of the pings dont contain an @ at all, is what yoru was saying | 15:36:18 |
| @joepie91:pixie.town | sure but we're talking about the code that does check for @s | 15:36:30 |
| Yorusaka Miyabi | In reply to @joepie91:pixie.town
you could at the very least detect @ I think they even lack the @ symbol | 15:36:31 |
| @emma:rory.gay | the only case where an @ is in the message, is when a user doesnt have a displayname and it falls back to mxid | 15:36:50 |
| @joepie91:pixie.town | the problem I have with this is not the false negatives, it's the false positives | 15:36:54 |
| Yorusaka Miyabi | for instance they would try like literally saying Emma [it/its] and so on to mass mention | 15:37:04 |
| @emma:rory.gay | that pinged, yes | 15:37:11 |
| @joepie91:pixie.town | yes yes I get that but that is specifically not the case I am talking about | 15:37:14 |
| @emma:rory.gay | Redacted or Malformed Event | 15:37:25 |
| @emma:rory.gay | blegh | 15:37:29 |
| @emma:rory.gay | https://github.com/matrix-org/mjolnir/blob/main/src/protections/MentionSpam.ts#L49
youre welcome | 15:38:12 |
| @emma:rory.gay | tl;dr it splits the string by litteral @ characters, and checks if the result count is above the limit | 15:38:47 |
| @joepie91:pixie.town | yes, and that's a terrible way to check this... | 15:38:54 |
| @emma:rory.gay | yes, the correct way would be to grab the member list, and count instances of user.displayname ?? user.mxid | 15:39:19 |
| @emma:rory.gay | * yes, the correct way would be to grab the member list, and count instances of user.displayname ?? user.mxid | 15:39:22 |
| @emma:rory.gay | and well, obviously thats very slow because extra api call | 15:39:36 |
| @joepie91:pixie.town | like, this feels really illustrative for the problem with a lot of element/matrix code, actually. someone implemented the absolute most naive implementation of the idea, even though with barely any extra effort they could've substantially improved the reliability, but they just didn't do that step at all | 15:40:18 |
| @joepie91:pixie.town | I've been seeing this in so many places | 15:40:32 |
| @emma:rory.gay | well, originally they didnt use displayname so it was actually sensible | 15:40:41 |
