Skip to content

MSC4014: Pseudonymous Identities #4014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

MSC4014: Pseudonymous Identities #4014

wants to merge 5 commits into from

Conversation

kegsay
Copy link
Member

@kegsay kegsay commented May 10, 2023
edited
Loading

Rendered

Server impl in Dendrite:

Clients can join pseudo ID rooms with no changes if they are already using a compatible Dendrite server. This is the public pseudo ID room: !FMyU3BBTFJ0j2Ab0:dendrite.matrix.org

Screenshot 2023-11-14 at 10 04 43

@turt2live turt2live added requires-room-version An idea which will require a bump in room version proposal A matrix spec change proposal identity service client-server Client-Server API room-spec Something to do with the room version specifications unassigned-room-version Remove this label when things get versioned. kind:core MSC which is critical to the protocol's success needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels May 10, 2023
ara4n
ara4n reviewed May 10, 2023
View reviewed changes
@turt2live turt2live changed the title MSC4014: Pseudonymous Identities [WIP] MSC4014: Pseudonymous Identities May 10, 2023
@turt2live turt2live marked this pull request as draft May 10, 2023 17:01
ara4n
ara4n reviewed May 11, 2023
View reviewed changes
proposals/4014-pseudonymous-identities.md
##### Addressing the "Problems" section in MSC1228
- The state keys in the room aliases event is unimportant since v6 rooms removed them from the specification.
- matrix.to links remain as they are, with the `via=` params formed using verified mxid mappings.
- Redacting an `m.room.member` event should not remove the `mxid_mapping` field in the case where the `displayname` or `avatar_url` is malicious. In order to remove the `mxid_mapping` field (e.g for PII removal), the account in question should be deactivated or the room in question should be "purged", which would cause the mapping to be removed. This more severe form of redaction has side-effects as deleting the `mxid_mapping` potentially alters routing information as that user may be the last user in the room for that server, and hence should not be triggered by a CSAPI `/redact` call. How this functions at a protocol level is undetermined at this point. The redaction algorithm will remain the same for the purposes of signing events / hashes (so the `mxid_mapping` is removed in this case). This implies 2 kinds of redaction for `m.room.member` events.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't sound good - shouldn't we allow users to remove the mxid_mapping of their messages without deactivating their account or nuking the room?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The semantics are unclear here. If you remove the mxid mapping you not only remove routing information but you effectively are no longer part of the room in that E2EE will break as other users won't know your user ID, which has ramifications beyond PII removal. If we allow clients to remove the mxid mapping then this is roughly equivalent to leaving the room, in which case just do that?

@kegsay kegsay mentioned this pull request May 23, 2023
Open
@kegsay kegsay changed the title [WIP] MSC4014: Pseudonymous Identities MSC4014: Pseudonymous Identities Nov 14, 2023
@kegsay kegsay removed the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Nov 14, 2023
@kegsay kegsay marked this pull request as ready for review November 14, 2023 10:05
@ara4n ara4n mentioned this pull request Apr 28, 2024
Draft
@S7evinK S7evinK mentioned this pull request Sep 20, 2024
Closed
@matrixbot matrixbot mentioned this pull request Nov 2, 2024
Closed
@kegsay kegsay mentioned this pull request Apr 2, 2025
Open
@franzitrone
Copy link

There's not a lot of work going into this at the moment. Historical investigation into this back in 2023 was done by a few people, including myself. This resulted in the following MSCs:

  • MSC4014: Pseudonymous Identities: where events use public keys instead of user IDs for the sender property in events.
  • MSC4080: Cryptographic Identities: where the responsibility for those keys is shifted to the clients (which requires clients to be cryptographically aware).

The point of these changes is to lay the groundwork1 by moving identity to client-controlled keys. Assuming these landed, the final piece of this was to make an MSC for "Portable Accounts", which would declare how users would migrate themselves and their data between homeservers. Unfortunately, this work never got funding to see it to completion, hence why nothing has happened for a few years.

Considering that matrix-org/matrix-spec#246 has stagnated, is this proposal still being considered? What is missing to get this into the spec and into the servers?

@kegsay
Copy link
Member Author

kegsay commented May 7, 2025

It needs an implementation in Synapse, and then thorough testing, as well as SCT review of the proposal itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ara4n ara4n ara4n left review comments

@BillCarsonFr BillCarsonFr BillCarsonFr left review comments

Assignees
No one assigned
Labels
client-server Client-Server API identity service kind:core MSC which is critical to the protocol's success proposal A matrix spec change proposal requires-room-version An idea which will require a bump in room version room-spec Something to do with the room version specifications unassigned-room-version Remove this label when things get versioned.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kegsay @franzitrone @ara4n @BillCarsonFr @turt2live