Follow

Heads up if you have a semi-private IRC channel with bridged users in it. Once the channel logs arrive at the Matrix server hosting the bridge, every Matrix user can join this channel and the Matrix sever will happily provide the complete channel logs without anyone on the IRC side ever noticing.

(tested with matrix.org & freenode)

This is a HUGE privacy concern and I don’t understand why anyone would consider using Matrix. It’s flawed in so many ways.

@buckket the IRC bridges run by matrix.org preserve IRC history semantics (i.e. you can't see history from before you joined), unless the chanops explicitly special-case the channel to share history. If you're seeing anything else it's a bug or a regression. Please DM us the channel you're talking about so we can investigate.

@matrix The point is that anybody can join the channel without necessarily creating an IRC connection. The user can than follow the channel activity without anyone on the IRC side ever noticing that someone joined on the matrix side and is now being able to read along.

@buckket no, if a user joins on the Matrix side, the bridge spins up an IRC client (just like a bouncer) and connects them on the IRC side, before sharing any room history with them. You should never be able to have invisible users on the Matrix side of the bridge who are not matches to IRC clients on the IRC side (unless the chanop explicitly authorised it that way).

@matrix Please don’t tell me it’s not possible when in fact I’m currently being able to do just that.

@buckket let's get out of the accusations and towards facts. Since @matrix so far provided insight into the configurations, could you provide the steps to reproduce?

That would easily work constructively towards a solution, thanks :)

@sheogorath No accusations. I’ve provided a POC and showed it to them. Plus: This has nothing to do with misconfiguration on our (meaning IRC) part as we (chan ops) never used Matrix to begin with.

@buckket can you provide a link to the PoC as I would like to check it out, that would be great :)

@sheogorath It's all in the OP. Connect (from a foreign matrix server) to the matrix.org IRC bridge and join a IRC channel where other matrix.org users are already present. There's a bug where your IRC connection then fails but you see the IRC activity anyway. I don't know how to reproduce the last part reliably. Just always happened to me and my self-hosted matrix instance.

@buckket Did you join through portaled or a plummed matrix room?

github.com/matrix-org/matrix-a

Because for the latter that's semi expected behaviour, for the former it would be a bug.

@sheogorath portal room, our IRC channel has no business with matrix except that some matrix users joined through the matrix irc bridge

@buckket What exactly has this to do with the Matrix protocol?

@KitKat It has to do with matrix.org hosting and advertising this bridge service. Additionally it seems like a deeper problem of their software architecture.

@buckket What has this to do with software architecture? You can do the same thing with almost any protocol

@KitKat Good software architecture would prevent undesired information leakage when a minor side component malfunctions. AFAIK there's a bug in the bridge component so that the IRC connection fails but the Matrix server does not care that you're not in fact connect and shares the IRC logs with you anyway. There should be checks in place to prohibit this.

@buckket how should Matrix prevent that?
Can you name a chat protocol that does not have that problem?

@KitKat The Matrix sever should check if the bridged matrix user has successfully joined the IRC channel and is not banned or otherwise prohibited from accessing this channel and only then start forwarding the IRC content. It's that simple.

@buckket How would the Matrix server even know about IRC?
What about relay bridges?

Again: Can you name any chat protocol that does not have that problem?

@KitKat The matrix server is running the bridge or is at the very least connected to it in some way. So it's definitely a flaw in the design if they don't check or don't communicate. All XMPP to IRC bridges I know of don't suffer from this.

@buckket well, you would be surprised if you knew that XMPP servers don't check as well

@buckket thr reason XMPPs IRC bridges don't have the problem is bc. they themselves check it

Sign in to participate in the conversation
Mastodon/buckket

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!