-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Ability to disable End-To-End Encryption #4367
Comments
This sounds like the inverse of element-hq/element-web#4367. Is this server likely to federate, or connect to servers outside the control of this one. You cannot prevent users from joining rooms where others on may enable e2e, but a feature to disable it via a flag on your own server should be possible. You mentioned "my end-users from encrypting any room they create", so I assume this isn't a federating server? I don't know where a feature like this sits with the maintainers, however. |
Federation is currently enabled, and I would like to keep it. I'm not concerned with users using encryption, I just need to be able to provide logs of communication on my server - if my users join encrypted rooms on other synapse instances, that's fine with me. |
for an unfederated homeserver you could cheat and set the default power levels for rooms created on the server to require impossible power to set m.room.encryption events. This means adding a line around https://github.com/matrix-org/synapse/blob/master/synapse/handlers/room.py#L679 to say that the power level required to set m.room.encryption is 101 or something. |
@ara4n That's an interesting solution. Why isn't that an option for federated homeservers? |
because it only impacts rooms created on your server. if you’re federated, people can create rooms elsewhere, and you can’t control whether they configure them or not to allow crypto. |
@ara4n I believe that's an acceptable solution. My legal requirement is to provide logs on my server. Am I correct in understanding that:
if that's the case, I believe that's acceptable. |
Rooms don't work like this, as soon as one of your users joins a federated room that room is as much on your server as it is on the other servers in the room, e.g Matrix HQ is shared between 505 (at time of writing) servers: https://view.matrix.org/room/!QtykxKocfZaZOUrTwp:matrix.org/servers |
Thanks @t3chguy, that makes sense. I'm still curious, and I'd like to do some testing with @ara4n's solution. Editing /usr/lib/python2.7/dist-packages/synapse/handlers/room.py, what exactly am I adding? I've tried:
but none of those prevent me from encrypting rooms... hint please :) ? |
That change prevents rooms which were created on your server from getting encrypted (by any server) |
(only applies to new rooms and after a server restart are some hints) |
I restarted Synapse after all of my changes, and only tested in new rooms - no dice. My My
|
That doesn't look like valid python so something suggests you're not actually running the file, it should be |
Quotes! success! I'll just leave this here for any fellow travelers:
Time to do some testing and see if this satisfies the lawyers :P Thanks for your help! |
@neilisfragile I don't think this is fixed. It would actually be nice to have this be a config option. |
+1 |
@jkms: I used your suggestion on my own server and it worked perfectly to prevent new rooms w/ encryption! Unfortunately in the latest versions of Riot this prevents direct-messages from being created as there is no user-visible option to disable encryption. To work around this for now, I've added the following to rooms.py:
|
Thank you, You save my day :-) |
I too would like to show support for such a feature. Or, give a server setting option where everything is simply encrypted with the user-login password. For our org, it has shown that current implementation of end-to-end encryption is a net-negative and a support nightmare. Not only is the UX still relatively bad, it also still fails on current Element clients while encryption is on by default for direct messages which I find outrageous. Just right now, I wanted to do a simple cross-signing of a new session and I get a message saying "Failed to import keys" (different from when I would enter a bad key phrase) - no hint as to what is going wrong. This frustrates even me, and I have a computer science background, so for the average user, there is no way this feature is usable at the moment on a larger scale. /EDIT: Sorry for the redundancy, I just found the better issue for this topic and I want to redirect others to it: #4401 |
wow. thank you so much! please provide an option for this!! I am using the Synapse it worked perfectly well using web-based riot but when users were setting up encryption, It would be really nice to have a configuration so that "local" rooms are required |
@jkms @D3-jwatts sorry to ask, but can I confirm where "rooms.py" is? TL;DR If I need to create it where should it go? I don't have a synapse folder in /usr/lib/python2.7/dist-packages/ (or other python folders since that was first mentioned in 2019) I've done a grep search and can't find rooms.py or room.py I'm not sure if it should exist or if I need to create it and reference it elsewhere? Thank you. |
Synapse is python 3 only now, so it'll be under the dist-packages directory of whatever python 3 installation you have. |
Thanks @t3chguy, sorry to be a pain, I've been using CLI for a few years but this just makes me feel like a n00b (I've even used SFTP to check for the Synapse directory). I have 3, 3.8 and 3.9 (under /usr/lib if that's correct?) I looked under
for Synapse and synapse, nothing found :( python3.9 has no dist-packages dir. Thank you for your help. |
It depends on how you installed Synapse - I suggest going to an actual support room rather than a closed issue ticket. |
Try to search here: |
Another solution which I'll just leave here for people who struggle like me https://github.com/digitalentity/matrix_encryption_disabler |
@digitalentity please do not spam issues. |
Noted. Merely trying to help users mitigate a 3 year old feature request element-hq/element-web#4401. |
Simpler method would be to return json data, however it only turns off default encryption for rooms |
Since this is the first Issue that shows up, and to stop people from spending 30min going down the github rabbithole, here is a simple solution: https://github.com/digitalentity/matrix_encryption_disabler |
Description:
I would like the ability to disable end-to-end encryption in my self hosted Synapse instance. I have a legal requirement to provide audit-able chat logs, which is obviously impossible if there's nothing preventing my end-users from encrypting any room they create.
I originally created an issue for riot-web here, thinking this was an entirely client-side feature. But I suspect there may be a client-side component to fully implementing this feature.
The text was updated successfully, but these errors were encountered: