MSC4013: Poll history cache #4013
Conversation
alfogrillo
force-pushed
the
alfogrillo/poll_history_cache
branch
2 times, most recently
from
62637f9 to
e4037c6
Compare
alfogrillo
force-pushed
the
alfogrillo/poll_history_cache
branch
from
e4037c6 to
f79503a
Compare
alfogrillo
added
proposal
alfogrillo
force-pushed
the
alfogrillo/poll_history_cache
branch
from
f127517 to
3474452
Compare
turt2live
added
kind:feature
| ``` | ||
|
|
||
| ## Alternatives considered | ||
|
|
There was a problem hiding this comment.
It seems like using /search with "types": ["m.room.poll_history"] would be an alternative.
There was a problem hiding this comment.
Do you mean an alternative to the /state?
If yes, does it make any difference?
There was a problem hiding this comment.
I mean that, rather than creating a new state event and searching for relations on that state event, why not just use the /search endpoint to search for polls?
There was a problem hiding this comment.
I guess because search doesn't work on encrypted room. Poll events are actually sent as m.room.encrypted. 😕
Fwiw in the main proposal just one state event is required.
There was a problem hiding this comment.
That's a good reason. It might be worth mentioning that in the MSC.
There was a problem hiding this comment.
For unencrypted room /messages with a filter on event type would be better than /search, FWIW. But again doesn't work with encrypted events.
Co-authored-by: Travis Ralston <[email protected]>
| @@ -0,0 +1,183 @@ | |||
| # MSC4013: Poll history cache | |||
There was a problem hiding this comment.
I have to ask plain and simple where in this MSC do we dismiss the problem that users do not want metadata leaks like this. Or atleast a large group of quite loud users do not want metadata leaks like this.
Now This concern could be dismissed by the fact that polls already use relations, but atleast these relations cant tell you for sure its a poll you can only tell that the events are related. I personally would argue that its somewhat dubious why we even need relations to not respect encryption considering their current use.
Still do we need to add more metadata leaks? Matrix already gets bad articles/blog posts written about it for metadata leaking and MSCs like this one doesnt help that.
There was a problem hiding this comment.
Encrypting the state event (#3414) would help mitigate this in future.
There was a problem hiding this comment.
Encrypted state would mittigate a bit of the concerns but with plain text relations it would still leave a massive tell. as no other encrypted state event would be the target of this many relations, essentially undoing the whole point in encrypting the cache state event.
There was a problem hiding this comment.
I have to ask plain and simple where in this MSC do we dismiss the problem that users do not want metadata leaks like this. Or atleast a large group of quite loud users do not want metadata leaks like this.
This feature should considered optional.
In theory room's creators aren't obliged to send the m.room.poll_history state event for a room.
At the same time clients sending a poll may choose to opt out from this behaviour.
At the same time structures like this are very useful on clients that want navigate content by type (polls in this case) and willing to pay the price of a small metadata leak.
I personally would argue that its somewhat dubious why we even need relations to not respect encryption considering their current use.
I guess the may reason is the server being able to group related events together efficiently. Eg. the same problem is solved in the same way for the "threads" feature.
Encrypted state would mittigate a bit of the concerns but with plain text relations it would still leave a massive tell. as no other encrypted state event would be the target of this many relations, essentially undoing the whole point in encrypting the cache state event.
Yes, probably people could still guess what would be the m.poll_history state event could be in the end, but at least they couldn't be 100% sure I guess.
There was a problem hiding this comment.
If the state event is optional, the MSC should note that (I don't believe it does currently).
Aside from encrypting the whole state event though, the other option is encrypting the event relationship (like in MSC4019 or similar). I personally don't believe that encrypting the relationship on either end is a blocker for this MSC, however. Ideally we figure out how to encrypt both sides and then use both to protect metadata.
In the meantime, considering polls is quite far away from entering FCP itself, starting implementation unencrypted should be fine (as long as the client is comfortable with the risks). It may need to change in the future as other, adjacent, MSCs make forward progress though.
| @@ -0,0 +1,183 @@ | |||
| # MSC4013: Poll history cache | |||
There was a problem hiding this comment.
If the state event is optional, the MSC should note that (I don't believe it does currently).
Aside from encrypting the whole state event though, the other option is encrypting the event relationship (like in MSC4019 or similar). I personally don't believe that encrypting the relationship on either end is a blocker for this MSC, however. Ideally we figure out how to encrypt both sides and then use both to protect metadata.
In the meantime, considering polls is quite far away from entering FCP itself, starting implementation unencrypted should be fine (as long as the client is comfortable with the risks). It may need to change in the future as other, adjacent, MSCs make forward progress though.
alfogrillo
force-pushed
the
alfogrillo/poll_history_cache
branch
from
ebd68ff to
4623275
Compare
alfogrillo
force-pushed
the
alfogrillo/poll_history_cache
branch
from
4623275 to
2d2fa1c
Compare
| // reference to the state event of type "m.room.poll_history" | ||
| "m.relates_to": { | ||
| "event_id": "poll_history_id", | ||
| "rel_type": "m.reference" | ||
| } |
There was a problem hiding this comment.
Could it be an issue that the poll start event would no longer be a root event and therefore could not be the root of a thread?
From https://spec.matrix.org/v1.8/client-server-api/#threading
Threads [...] reference the thread root (the first event in a thread). It is not possible to create a thread from an event which itself is the child of an event relationship (i.e., one with an m.relates_to property).
There was a problem hiding this comment.
Yes, it looks like this would preclude a poll from being a reply in a thread.
There was a problem hiding this comment.
Yes, it looks like this would preclude a poll from being a reply in a thread.
This is also a potential problem, but I was actually referring to the fact that a thread root should not be related to any other event. What it means is that there is no way to discuss a poll in a thread, which I imagine is a natural use case for threads.
There was a problem hiding this comment.
Yes, it looks like this would preclude a poll from being a reply in a thread.
Fwiw polls aren't a supported inside threads atm on Element clients.
It doesn't seem to me interesting as a use case.
but I was actually referring to the fact that a thread root should not be related to any other event
Why is that?
There was a problem hiding this comment.
That was my understanding from the spec which states
It is not possible to create a thread from an event which itself is the child of an event relationship (i.e., one with an m.relates_to property).
I don't see why it shouldn't be possible though. Perhaps that part of the spec could be updated to accommodate this type of use case.
There was a problem hiding this comment.
Perhaps the documentation meant that you cannot create a thread from an event having already a rel_type of type m.thread?
@clokep do you know is the home server has checks that may reject this events (events starting a thread from an event with a rel_type equal to m.reference)?
There was a problem hiding this comment.
Perhaps the documentation meant that you cannot create a thread from an event having already a
rel_typeof typem.thread?
The documentation is correct AFAIK.
@clokep do you know is the home server has checks that may reject this events (events starting a thread from an event with a
rel_typeequal tom.reference)?
They will get rejected: https://github.com/matrix-org/synapse/blob/928e9648578d24dc9f5ed3476d629fca9a64b22a/synapse/handlers/message.py#L1382-L1386
There was a problem hiding this comment.
They will get rejected: https://github.com/matrix-org/synapse/blob/928e9648578d24dc9f5ed3476d629fca9a64b22a/synapse/handlers/message.py#L1382-L1386
Looking into the code the rejection seems to happens just if the relation type is m.thread?
If this is the case, polls having a m.reference rel_type can be still be used as root for a thread?
There was a problem hiding this comment.
Looking into the code the rejection seems to happens just if the relation type is
m.thread?
If the new event's relation is a thread then it checks that the parent event does not have any relations. I think this situation would be rejected, but I did not check it manually.
There was a problem hiding this comment.
I see, thanks for clarifying
Rendered