Skip to content
This repository has been archived by the owner on Sep 13, 2021. It is now read-only.

chat.privacytools.io / Riot tracking issue #17

Closed
1 of 4 tasks
Mikaela opened this issue Jul 24, 2019 · 54 comments · Fixed by privacytools/privacytools.io#1392
Closed
1 of 4 tasks

chat.privacytools.io / Riot tracking issue #17

Mikaela opened this issue Jul 24, 2019 · 54 comments · Fixed by privacytools/privacytools.io#1392

Comments

@Mikaela
Copy link

Mikaela commented Jul 24, 2019

chat.privacytools.io/selfhosted instance issues

Check boxes as they are fixed on PTIO

Upstream privacy issues

  • Upstream Privacy Tracker which seems to have different priorities and miss some issues below, notably Tor and actually removing removed messages from the database.

major

Privacy issues that I think prevent PTIO listing:

major privacy issues also with selfhosting

I consider these as major due to Cloudflare as the traffic to integration manager and identity server would go through it and so would all messages assuming the user federated with Matrix.org. These may be irrelevant to user who is on Matrix.org.

medium

I need a better word here, but these would be issues that also affect other recommended instant messengers and may not be a blocker.

  • redacted matrix-org/synapse#4565 - metadata resistance
    • to-read for me, is this similar like Wire server knows connections between users, or is this a more serious one?*

nice to have

unsorted / note

Research papers


These issues are mostly took from privacytoolsIO/privacytools.io#840, if you are aware of reported issues that aren't listed here, please do comment them and someone from the team will edit this issue and add them.

I was personally missing a list of things that can be done today to avoid the privacy issues that Matrix/Riot currently has and this may be helpful while considering the delisting (#1047).

@Mikaela
Copy link
Author

Mikaela commented Jul 24, 2019

@lampholder Could you also comment on these issues?

(Good night, it's 02 AM for me)

@lampholder
Copy link

Sorry I missed this earlier - I will take a look and come back with responses as soon as I can.

@lampholder
Copy link

Hi @Mikaela,

Sorry I'm only just getting to this now. Can I check what this list of issues represents to you?

In the interests of providing some hopefully useful feedback now, I'm going to assume that this list represents the set of issues you would like to see addressed in Riot/Matrix for you to be wholly comfortable with its inclusion in privacytools' set of recommended services. I'll assume that they aren't all equally weighted, but I won't worry about relative priorities for now.

First up - the ones I can handle off the top of my head. These issues are part of the current privacy work:

As for open sourcing the scalar integration manager (vector-im/riot-web#7757 - Open source the integrations server WONTFIX) we have no plan to do this today, but we are making it clearer and easier for users to control which Integrations Manager they use, and there's also Dimension which can be used as an open source alternative. Hopefully this mitigates our not having a plan to open source Scalar?

Some of the others weren't high on my agenda - I wouldn't want to consider exif stripping, private contact discovery and sticker encryption until we've got cross-signing working in Riot so that E2E encryption is finally as user friendly as it needs to be. If they're blockers to your recommending or service, though, I can make sure that is at least kept in mind as we schedule future work.

The remaining items I'll have to check the status on tomorrow (it's gotten a little later than I planned). I'll be in touch ASAP with an update.

@Mikaela
Copy link
Author

Mikaela commented Jul 25, 2019

In the interests of providing some hopefully useful feedback now, I'm going to assume that this list represents the set of issues you would like to see addressed in Riot/Matrix for you to be wholly comfortable with its inclusion in privacytools' set of recommended services. I'll assume that they aren't all equally weighted, but I won't worry about relative priorities for now.

You are correct, however I wouldn't consider some issues like the exif metadata scrubbing essential for listing Riot as as far as I am aware nothing else is doing that either. The ordering could be considered random as it's based on what I picked from other issues and then tried to search for issues based on other discussions, so towards the end it's in order of newest reported on your issue tracker.

we are making it clearer and easier for users to control which Integrations Manager they use, and there's also Dimension which can be used as an open source alternative. Hopefully this mitigates our not having a plan to open source Scalar?

I find it acceptable, especially with open source alternative existing, as opposed to the current situation where an average user doesn't even know they are using Scalar. my previous comment at prism-break

Some of the others weren't high on my agenda

In my opinion the most important issue from those I listed would be actually removing removals (matrix-org/synapse#1287) and allowing data to expire (https://github.com/matrix-org/matrix-doc/issues/447). (As you can see I started replying without reading your comment entirely at first)

There are also the issues raised by muppeth, do you have an issue number for them?

The remaining items I'll have to check the status on tomorrow (it's gotten a little later than I planned). I'll be in touch ASAP with an update.

Thank you in advance and good night. I will try to sort the list better tomorrow.

@ggg27
Copy link

ggg27 commented Jul 26, 2019

This is very interesting ( +1 )

Just to be clear, Synapse isn't the only way to implement Matrix.
There are also homeserver's like Ruma.

Matrix is just a protocol, lots of ways to use it!


Plus, you can always change your homeserver for most clients.
Therefore it may not be necessary for privacytools.io to host a full client like Riot-Web.
- not to say it wouldn't be convenient tho.

@Mikaela
Copy link
Author

Mikaela commented Jul 26, 2019

I think I got the list in a more clear order now.


Just to be clear, Synapse isn't the only way to implement Matrix.
There are also homeserver's like Ruma.

Has Ruma had stable releases yet? While it could fix some issues with Synapse, I don't think it helps very much with some issues like matrix-org/synapse#1287 while the federation includes Synapses that are doing that.

Plus, you can always change your homeserver for most clients.

Yes, however identity server is currently not changeable after logging in (and yesterday I missed it entirely in login, if it even was there in RiotX) and currently integration server existing is not even told to the user being an option only a selfhoster can change.

@afonari
Copy link

afonari commented Jul 26, 2019

ISs can and should be blocked if privacy is desired. IS is not needed for matrix chat client to function correctly (I think). See also: LiMium/mini-vector-android#26.

@afonari
Copy link

afonari commented Jul 26, 2019

Yes, however identity server is currently not changeable after logging in (and yesterday I missed it entirely in login, if it even was there in RiotX)

element-hq/element-android#20

they don't want people to change it.

@Mikaela
Copy link
Author

Mikaela commented Jul 27, 2019

Thanks, there we have another issue to add to this tracking.

@ghbjklhv1
Copy link

ghbjklhv1 commented Jul 28, 2019

I'm a Fractal and Weechat fan. Although, I do use Riot.im for my aliases.

Although, I cannot confirm. But it seems like they allow you to change identity servers.

Edit: Also, what is IS?

@ghbjklhv1
Copy link

ghbjklhv1 commented Jul 28, 2019

Plus, you can always change your homeserver for most clients.

I know, many users dislike them; However, even Purism seems to have acknowledged web based apps are no longer a first priority: https://shop.puri.sm/librem-one-thanks/

@lampholder
Copy link

they don't want people to change it.

Hey - I just wanted to highlight that the ability to change Identity Servers after having logged in is on the roadmap for the current privacy sprint, across all clients. If you would like to see the plan and track its progress you can follow along here: https://vector-im.github.io/feature-dashboard/#/plan?label=privacy-sprint&repo=vector-im%2Friot-web&repo=vector-im%2Friot-ios&repo=vector-im%2Friot-android&repo=vector-im%2FriotX-android&repo=matrix-org%2Fmatrix-doc&repo=matrix-org%2Fsydent

(this tool just pulls issues with the same labels from across they myriad repos this work spans; you can find all the same stuff by searching each github repo manually).

@afonari
Copy link

afonari commented Jul 29, 2019

Edit: Also, what is IS?

identity server. Sorry shouldn't have written short right away.

to change Identity Servers after having logged

Why not at login? As it is now possible in the riot android (not riotx)?

@lampholder
Copy link

Why not at login? As it is now possible in the riot android (not riotx)?

I'm hoping we can get rid of references to identity servers at login entirely, and just have them configured by the user in user settings after they've logged in (so identity server is a configurable property of the account, rather than the session).

Once the current work has landed, no data will be processed by any identity server until the user has explicitly accepted the terms and conditions, so from a data processing standing I think it's fine to drop it from registration/login. I think it feels a lot more natural from an average user's perspective, too.

This does present a slightly tricky UX problem of how we handle the idea of a 'default' identity server, though I think that's fine, too - default identity servers can be set at the client level or in the .well-known, and all that will mean is that the default identity server is the one that your client will prompt you to accept the terms and conditions of if and when you try and do something identity-servery (e.g. invite by email or publicly link your mxid with your email).

We might want to maintain separate identity server choice states for this - i.e. "don't use an identity server" as distinct from "this is the identity server I would use, but I won't send it any data because I haven't accepted its terms and conditions". Even though they're materially the same (from a data processing perspective), it would be nice for people to feel like they're not at risk of accidentally accepting the terms and conditions of an identity server they don't want to use.

jonaharagon referenced this issue in privacytools/privacytools.io Jul 29, 2019
Related Issues: #1047, #1049
@lampholder
Copy link

Hi all,

I've updated some of the relevant issues to get them into our privacy project tracking tool. I've tried to summarise clearly:

Things which have been added to the plan:

Issues from your list which I think are mitigated by other issues:

Things which haven't been added to the plan:

@Mikaela
Copy link
Author

Mikaela commented Jul 30, 2019

Thanks for the update,

element-hq/element-web#7649 is being addressed by matrix-org/matrix-spec-proposals#2134

I added matrix-org/matrix-spec-proposals#2134 with a slash.

If this is a hard blocker for a privacytools recommendation then I understand, though are you are able to recommend alternative homeservers/self hosting instead?

I am not sure as I don't think anyone (in the team or commenting actively) is checking for Cloudflared domains and in privacytoolsIO/privacytools.io#1054 (ICANNnet DNS servers) half of the suggestions are using Cloudflare. I think a bigger issue would be Riot not exposing the default homeserver matrix.org by default, do you have an issue tracking it? From that issue I also get impression that you have a wish to shut down Matrix.org homeserver (matrix-org/matrix.org#342 (comment)) which I imagine would resolve these issues unless you would replace it with another homeserver that is suggested by default unless the user knows to click advanced/additional/similar settings.

Personally my main concerns with Cloudflare is

I understand this to mean that Cloudflare can one way or another read all traffic going through Matrix.org including IRC users who have never even heard of Matrix if someone happens to use Matrix on the same IRC channel? Matrix.org is quite big compared to an individual Cloudflaring their IRC client, I have heard a number 1500 connections associated with a I-line request from third party bridge admin.

@lampholder
Copy link

I think a bigger issue would be Riot not exposing the default homeserver matrix.org by default, do you have an issue tracking it?

I think there might be crossed wires here - the queued up privacy work has a few items to better highlight the default identity server and integration manager, but the default homeserver is already pretty well highlighted:

image

and

image

Or do you mean Riot's not highlighting that the default homeserver is behind cloudflare?

@Mikaela
Copy link
Author

Mikaela commented Jul 30, 2019

Your screenshots look good to me (other than not mentioning the identity server), but they seem to be from Riot Desktop, while the currently recommended Riot Android app looks like this:

Riot Android screenshot

I have misremembered or am thinking of older version which had advanced settings while currently there is "edit server settings" and I don't see matrix.org/vector.im mentioned without checking it, even if I click login.

I am currently not able to get Riot X login screen as I don't want to regenerate keys yet again.

@lampholder
Copy link

Oh, yes - I'm Delivery Manager for Riot Web, so I sometimes have something of a Riot Web bias, sorry.

It would be better if the mobile apps made it clearer you were logging into/registering on matrix.org, though of course users registering on matrix.org will be sent past the matrix.org terms and conditions before that registration is completed.

I'll make an issue for this, too.

@lampholder
Copy link

I am currently not able to get Riot X login screen as I don't want to regenerate keys yet again.

Key backup works on Riot X, so you could back your keys up to save regenerating. The backups are encrypted locally and stored on the homeserver encrypted (without the homeserver ever having access to the encryption key).

@Mikaela
Copy link
Author

Mikaela commented Jul 30, 2019

I'll make an issue for this, too.

Please give the link here when you are done.

Key backup works on Riot X, so you could back your keys up to save regenerating. The backups are encrypted locally and stored on the homeserver encrypted (without the homeserver ever having access to the encryption key).

Doesn't this however give me a separate device ID and fingerprint that I would need to reverify with people again?

@afonari
Copy link

afonari commented Jul 30, 2019

I have misremembered or am thinking of older version which had advanced settings while currently there is "edit server settings" and I don't see matrix.org/vector.im mentioned without checking it, even if I click login.

This is fixed in https://github.com/LiMium/mini-vector-android (LiMium/mini-vector-android#27) Custom options is checked by default and Identity server set to localhost.

@ara4n
Copy link

ara4n commented Jul 31, 2019

Yes, however identity server is currently not changeable after logging in (and yesterday I missed it entirely in login, if it even was there in RiotX)

vector-im/riotX-android#20

they don't want people to change it.

@afonari There is massive confusion about this - the reason RiotX didn't expose UI for configuring the identity server is that it does not yet implement any identity functionality(!) The default setting was hanging around the codebase unused, and got removed in element-hq/element-android#446.

@afonari
Copy link

afonari commented Jul 31, 2019

@ara4n This is great news, thanks! Hopefully, if it is added back, it will be chageable from GUI.

@ara4n
Copy link

ara4n commented Jul 31, 2019

of course! this has always been the plan.

@lampholder
Copy link

Please give the link here when you are done.

Riot iOS: element-hq/element-ios#2614
RiotX: element-hq/element-android#450 (issue already closed, RiotX actually shows the default homeserver already)
Riot Android: element-hq/riot-android#3238 - not sure we'll actually want to make the changes to Riot Android - it depends how quickly we can replace Riot Android with RiotX.

Doesn't this however give me a separate device ID and fingerprint that I would need to reverify with people again?

Sorry, yes it does. As an aside, cross signing will solve this problem and is very much inbound - the backend support is basically complete (but there's still a lot of UX to do yet).

@Mikaela
Copy link
Author

Mikaela commented Aug 11, 2019

Hi, I am not sure where this would be the most topical, but have you had time to see and read The Metadata Trap? It's very long, but interesting and included some suggestions that even Signal doesn't do yet, mainly

It’s not enough that these apps encrypt messages. They also need to do better at promptly deleting data that’s no longer needed. End-to-end encryption protects messages as they travel from one phone to another, but each phone still has a copy of the plain text of all these messages, leaving them vulnerable to physical device searches. Disappearing messages features are a great start, but they need to be improved. Users should have the option to automatically have all their chats disappear without having to remember to set disappearing messages each time they start a conversation, and they should be asked if they’d like to enable this when they first set up the app. And when all messages in a conversation disappear, all forensic traces that a conversation with that person happened should disappear too.

Are you thinking or going to think about it, or is it out-of-scope (if you are focusing more on team chat and bridging, but I guess it would be a nice addition to E2EE-by-default-private-chats though)?

If you are following this repository you may already have seen https://github.com/privacytoolsIO/privacytools.io/issues/1134 where I have been wondering how do other instant messengers treat this and linking to their issues.

@ghost
Copy link

ghost commented Sep 13, 2019

element-hq/element-web#4426 - riot does not scrub exif data from upload

I don't think anything else does this either, please correct me.

Discord does or used to do this.

@afonari
Copy link

afonari commented Sep 13, 2019

LiMium/mini-vector-android#32 was merged into mini-vector for android. I think this removes all the integrations. @maxidorius based on your research are there any other "hidden" integrations in the riot-android?

@maxidorius
Copy link

@afonari There are others like the Integration manager. I didn't dig into android specifically, but from network activity I saw, the identity server is the tip of the iceberg, as being the only configurable item.

@afonari
Copy link

afonari commented Sep 22, 2019

Max, they exposed quite a few in the config.xml: https://github.com/vector-im/riot-android/blob/develop/vector/src/main/res/values/config.xml

I searched for "vector.im" in the riot-android repo, I couldn't find anything that it is leaking except those from the config.xml.

@ara4n
Copy link

ara4n commented Sep 30, 2019

See https://matrix.org/blog/2019/09/27/privacy-improvements-in-synapse-1-4-and-riot-1-4, which solves many of the issues touched on in the OP.

@blacklight447
Copy link

so, do you guys have a estimated release date for e2ee other then Soon™ (which has been its status for what, 2 maybe 3 years now?)

@afonari
Copy link

afonari commented Oct 1, 2019

@ara4n I can still reproduce https://github.com/privacytoolsIO/privacytools.io/issues/1338 with Riot-web 1.4. My config is:

{
    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://chat.privacytools.io",
            "server_name": "chat.privacytools.io"
        },
        "m.identity_server": {
            "base_url": "https://chat.privacytools.io"
        }
    },
    "disable_custom_urls": false,
    "disable_guests": false,
    "disable_login_language_selector": false,
    "disable_3pid_login": false,
    "brand": "Riot",
    "integrations_ui_url": "https://chat.privacytools.io/",
    "integrations_rest_url": "https://chat.privacytools.io/api",
    "integrations_widgets_urls": [
        "https://chat.privacytools.io/_matrix/integrations/v1"
    ],
    "integrations_jitsi_widget_url": "https://chat.privacytools.io/api/widgets/jitsi.html",
    "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
    "defaultCountryCode": "GB",
    "showLabsSettings": false,
    "features": {
        "feature_pinning": "labs",
        "feature_custom_status": "labs",
        "feature_custom_tags": "labs",
        "feature_state_counters": "labs"
    },
    "default_federate": true,
    "default_theme": "light",
    "roomDirectory": {
        "servers": [
            "matrix.org"
        ]
    },
    "welcomeUserId": false,
    "piwik": false,
    "enable_presence_by_hs_url": {
        "https://matrix.org": false
    }
}

@jryans
Copy link

jryans commented Oct 2, 2019

@afonari Homeservers like Synapse used to require an identity server for some operations such as adding an email. This has been fixed as part of the privacy work, but it requires both Riot 1.4 and Synapse 1.4. Synapse 1.4 is not yet released (currently in RC), so I am guessing it is not used on the privacytools.io HS yet. You can test HS support on matrix.org which includes the latest server changes if you’d like to check it out.

@afonari
Copy link

afonari commented Oct 2, 2019

@jryans can you please clarify. When I add an email address from riot web 1.4 running on localhost with HS pointing to somehost1.org and IS pointing to somehost2.org, where does this request go?

Homeservers like Synapse used to require an identity server for some operations such as adding an email.

Maybe this means that my request goes to the HS and then HS creates a request to vector.im identity server?

@jryans
Copy link

jryans commented Oct 2, 2019

@jryans can you please clarify. When I add an email address from riot web 1.4 running on localhost with HS pointing to somehost1.org and IS pointing to somehost2.org, where does this request go?

Riot 1.4 behaves differently when adding an email to your HS account depending on whether the HS supports the new privacy changes, currently part of Synapse 1.4.

If your HS is older (without privacy work), then Riot passes the selected IS to the HS and the HS talks to IS on your behalf to trigger the email.

If your HS includes privacy work (such as Synapse 1.4), then the IS is not involved at all. The HS handles email validation internally (or chooses to delegate email sending elsewhere and should be explained in the privacy policy of that HS).

@afonari
Copy link

afonari commented Oct 2, 2019

If your HS is older (without privacy work), then Riot passes the selected IS to the HS and the HS talks to IS on your behalf to trigger the email.

Yes, I can see that:

POST to https://chat.privacytools.io/_matrix/client/r0/account/3pid/email/requestToken

What I don't understand is, how it is possible for IS to send email if IS is set to localhost (non existent IS, which is confirmed by the yellow warning at the login page). IS is set using:

"m.identity_server": {
            "base_url": "https://chat.privacytools.io"
        }

Identity server is not being picked up from this settings. In the Help & About it says:

Advanced
Homeserver is https://chat.privacytools.io
Identity Server is https://vector.im
Access Token: <click to reveal>

@jryans
Copy link

jryans commented Oct 2, 2019

What I don't understand is, how it is possible for IS to send email if IS is set to localhost (non existent IS, which is confirmed by the yellow warning at the login page). IS is set using:

"m.identity_server": {
            "base_url": "https://chat.privacytools.io"
        }

This bit of Riot config is only a default IS suggested to users of that Riot install. Each user can pick a different IS or use no IS at all. You should check the General tab of Settings which allows editing the current IS to see what value is currently used. The user’s chosen IS overrides the default from Riot config.

It’s possible you’ve hit a bug that only occurs when setting the IS to some unreachable server? If so, it would great to have a Riot issue with more detail on the steps you are taking so we can fix that edge case.

Anyway, this is all a legacy path for an old HS, so you should move to Synapse 1.4 once available, as it won’t need the IS for these flows, which seems like what you want to achieve anyway. 😄

@afonari
Copy link

afonari commented Oct 2, 2019

@jryans thanks for the explanations.

@afonari
Copy link

afonari commented Oct 7, 2019

Linking another privacy case: element-hq/element-web#10696

@jonaharagon
Copy link
Contributor

jonaharagon commented Oct 8, 2019

It’s possible you’ve hit a bug that only occurs when setting the IS to some unreachable server? If so, it would great to have a Riot issue with more detail on the steps you are taking so we can fix that edge case.

@jryans Possibly. This is a problem I noticed on my personal account and have since confirmed with a couple people. It seems like when Riot encounters an invalid IS it appears to default to Vector.im. This is something I did not realize until this latest update where the IS is clearly displayed in settings.

I would really like to see @joepie91's suggestion at matrix-org/matrix-spec-proposals#2284 (comment) implemented ASAP so we can clearly recommend to our users to not use an IS at all as opposed to setting the IS field to some invalid link which is a hacky workaround (and also does not appear to work, although I was advised by @maxidorius that setting it to a blank string also doesn't seem to work, so I don't know if there is any way to disable the IS by default currently).

@maxidorius
Copy link

@jonaharagon Recent changes in Riot code regarding auto-discovery made this quite complex. I would be very cautious with any approach you take and be sure to test it before hand.

@jryans
Copy link

jryans commented Oct 9, 2019

@jryans Possibly. This is a problem I noticed on my personal account and have since confirmed with a couple people. It seems like when Riot encounters an invalid IS it appears to default to Vector.im. This is something I did not realize until this latest update where the IS is clearly displayed in settings.

As far as the Riot core team is aware, when using Riot 1.4+ together with Synapse 1.4+, there should not be any case where Riot is defaulting back to https://vector.im as an IS.

If the Riot admin has supplied a default IS in Riot's config or if the HS admin has supplied a default IS in .well-known, then Riot will display that IS in Settings, but no user data is sent until the user has agreed terms.

If the Riot config supplies an invalid IS such as:

    "default_server_config": {
        "m.homeserver": {
            "base_url": "https://chat.privacytools.io"
        },
        "m.identity_server": {
            "base_url": "https://dev.null"
        }
    },

then Riot will display that IS in Settings (just like a real, working IS) and attempt to contact it to request terms, but that will of course fail.

If the HS .well-known supplies an invalid IS, we do hit the issue that matrix-org/matrix-spec-proposals#2284 is aimed at, as currently Riot would fail on registration in that scenario, but really it should change to a warning only and behave like the previous case where the invalid IS appears in Settings but fails on use.

If both the Riot config and HS .well-known do not configure any IS, then a new account will not have any associated IS. (This appears to achieve your goal as I understand it.)

If you or others are observing behaviour different from the above, then it sounds like a bug, and the Riot team would greatly appreciate an issue describing it so we can resolve the problem. 😄

@poperigby
Copy link

Why was this closed, @Mikaela? Are all the problems fixed?

@Mikaela
Copy link
Author

Mikaela commented Oct 11, 2019

Why was this closed, @Mikaela? Are all the problems fixed?

because @jonaharagon thought in privacytoolsIO/privacytools.io#1392 (which dngray and I approved before I merged it) that it/relisting resolves this issue. For the discussion resulting me to approve in the end, see https://github.com/privacytoolsIO/privacytools.io/issues/1389.

I am content with leaving this closed as there is that upstream privacy tracker and I am not following everything happening there and don't have the capability of keeping this up-to-date, and would consider https://github.com/privacytoolsIO/privacytools.io/issues/1395 as the successor.

@jonaharagon
Copy link
Contributor

Host Dimension instead of relying on vector.im

I know I said I wasn't going to do this, but I'm going to do this. I was actually going to do it tonight, but it took me too long to setup a homeserver (even though I've done it like 5 different times before), so I'll actually setup Dimension tomorrow 😴

@afonari
Copy link

afonari commented Oct 11, 2019

I agree with @poperigby, I think this should stay open. There are many unresolved issues.

@afonari
Copy link

afonari commented Oct 11, 2019

One important issue is element-hq/element-web#10696: Allow users to disconnect from an integration manager entirely in the same way that we support doing this for identity servers.

@Mikaela
Copy link
Author

Mikaela commented Oct 11, 2019

@privacytoolsIO/editorial Are there volunteers on keeping this up-to-date?

I will move that to privacytoolsIO/privacytools.io#1395, while another option would be to not use Riot as I think it's the only client that implements an integration manager.

@afonari
Copy link

afonari commented Oct 11, 2019

@privacytoolsIO/editorial Are there volunteers on keeping this up-to-date?

I'm OK posting here links to cases and following this thread.

not use Riot as I think it's the only client that implements an integration manager.

I agree. But currently PIO hosts riot-web.

@jonaharagon
Copy link
Contributor

FYI the default on our Riot install is now an integration manager that is 1) controlled by me, and 2) disabled by default until you specifically use it once and check an agreement box.

@Mikaela
Copy link
Author

Mikaela commented Oct 12, 2019

Is there more documentation about it somewhere and what is the address that can be given to Riot user settings?

@jonaharagon jonaharagon transferred this issue from privacytools/privacytools.io Feb 19, 2020
@dm17
Copy link

dm17 commented Apr 25, 2021

Are there any current Riot/Element clients (for Linux) that allow for proxies, VPNs, or Tor?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.