User Directory leaks Per-room Nicknames and Avatars #5677
Description
This issue has been migrated from #5677.
Update: October 2021
This issue has been resolved for a homeserver's local users.
We still need to address leaking per-room nicknames and avatars for remote users. This is complicated as we do not have an easy, obvious way to retrieve or keep up-to-date the public profile metadata for remote users.
Description
The User Directory leaks display names and avatars for a user that are sent in only one room.
For example, by manually crafting a m.room.member state event – or recently using the /myroomnick command in Riot/Web, even if the state event is sent in a private room.
Steps to reproduce
- Using Riot/Web with account
@alice:example.org, open a private chat (such as a direct chat with a close friend) - Issue the command
/myroomnick Freddy, which sends am.room.memberstate event into only that room with a custom nickname. - From another account, say
@bob:example.org, open up the User Search - Search for 'Freddy' or 'alice' —
@alice:example.orgwill be listed with the name 'Freddy'- Note: this assumes that alice is visible to bob in the user directory – i.e. alice is in a public room known to the homeserver AND/OR alice and bob share a private room together.
- (Note that Synapse's user_directory table also reflects the change)
Expected Behaviour
alice's original display name should be shown in the user search.
Implications
This has privacy implications – a nickname set in a private room with a close friend may be quite personal and perhaps embarrassing if seen by other users.
Version information
- Homeserver: librepush.net
If not matrix.org:
- Version: 1.1.0+bionic1
not really relevant, I suspect:
- Install method: Debian packages
- Platform: Ubuntu 18.04 in an LXC container on NixOS