-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login/register: allow to set home server and identity server urls #20
Comments
Quickly done, will have to make it better later. |
ID server is still vector.im |
Why identity server cannot be changed? This case was closed, is it not considered a bug? Workaround: Block riot.im and vector.im using Blokada and login to a server not hosted on matrix.org. |
Given the extensive research documents on privacy, @bmarty @ganfra could you please take privacy seriously and the time to do this right directly? We know how "later" will play out already. |
@maxidorius I don't they gonna do it. See https://github.com/vector-im/riot-web/issues/7757 |
Aye, any progress updated? |
Also could this issue be reopened until it's fixed so it's easier to track? |
RiotX doesn't use an identity server (there is a reference to vector.im in https://github.com/vector-im/riotX-android/blob/master/vector/src/main/res/values/config.xml, but it looks like that that's been copy+pasted from the original android app config - I'll file a bug to get that removed). |
#445 is the issue to track vaping the unused config. |
@lampholder RiotX does use Identity server, here (saved to Wayback machine) to be precise, which is used in the authenticate method. Funny enough it uses a hardcoded (yet again) value to |
Hi @maxidorius - in element-hq/element-web#445 I said that I found a reference to vector.im in the RiotX codebase easily, and there might be more, and all references to using vector.is should be removed becuase RiotX doesn't use an Identity Server.
I'm not sure what the lack of clarity is here, but I'm happy to try and elaborate. Identity Servers provide services to support contact discovery, namely: bulk contact lookup, individual contact lookup, and publicly binding your own email or phone number with your matrix ID. RiotX doesn't do any of that. So whilst as element-hq/element-web#445 says there are references to Of course, RiotX is open source software, and the benefit of open source software is that anyone can see precisely what the code is doing. So if despite our efforts and intentions you spot something that contradicts the above please do bring it to our attention! |
#446 removed confusing code. |
@lampholder You're right, RiotX itself doesn't do that, instead it will use that info in the create room code (that just got touched (but not removed!) by element-hq/element-web#446) which is sent to the Homeserver which in turn, can use it. That's still being used. You might tell me that because RiotX doesn't support inviting people to room, it's not used and you would be right. But as soon as that is added, it will use code which is already there, which comes back to my original comment:
This is the "later" I am talking about: there is communication that there is nothing Identity related in RiotX and so nothing to fear, nothing to consider, nothing to do. Please handle Identity server correctly and don't leave anything to chance. If Identity server is not used, then get rid of the code for it, or comment it out, or actually implement it right. Either way, having a hardcoded IS URL in the code itself is dangerous for privacy (and is still in there even after element-hq/element-web#446). The exact same issue exist in the current Riot: remove the config value in |
just to be clear, once again, RiotX does not implement any identity service functionality at all yet. This is why it does not expose an identity server URL. When it does get added, we will of course make it configurable and function in a privacy preserving manner in line with https://matrix.org/blog/2019/09/27/privacy-improvements-in-synapse-1-4-and-riot-1-4 |
@maxidorius And… where would that be? (I hope you're not referring to the one in the tests.) |
I linked to element-hq/element-web#607 (FTR) and close this one |
Currently
matrix.org
is hard-coded and so used by defaultThe text was updated successfully, but these errors were encountered: