Element adds voice messaging and new Matrix-native VoIP
stevenicr 2021-08-17 05:46:17 +0000 UTC [ - ]
I wonder about IP addys and this, Element (and other clients I guess) with their apps and features..
Should I assume that if someone now uses element and intiates a call to one of my matrix/synapse users - that ip addys will be able to be discovered by the users?
I first saw this happen on a win2k box with limewire chat and zonelarm - I have seen similar techniques with some flash hacking, and am concerned this is likely a thing now with matrix / element (?)
Should I also assume this will pull a real IP past any VPN as well?
Sadly I'd like to use/abuse that to identify a particularly pesty troll - but I worry about my users being blackmailed / hacked / harassed more than anything.
I also noticed that even if I disable features on my matrix-synapse and via the element-web I installed - people who download the apps bypass those things being turned off.
Granted my current setup is out of date - I actually put a few hours in today getting prepared for another update attempt. Now that a backup has been made I may give it go - but I may need to find how to move the whole install to a new server and not sure how that goes -
So I don't know if these turn-off features have been a thing or it's just me that needs to contend with it.
Ultimately I'd like to use voice for my users, but force all webrtc to go through a turn/stun or whatever so that ips are never shared to end users.
I also need a way to limit the video ability for sure.
I read through the doc and some of the linked docs.. I'm not sure what "addresses remain in the room in candidates, " means -
but I do appreciate a note being made about security!
ptman 2021-08-17 07:13:35 +0000 UTC [ - ]
Arathorn 2021-08-17 10:09:13 +0000 UTC [ - ]
stevenicr 2021-08-18 01:26:10 +0000 UTC [ - ]
Not sure of other matrix usage.. but my users are like 95% never going to voice, and if they knew the privacy implications, would choose to use vacaroo rather than p2p and expose.
Seems like it's a security hole that is likely to be exploited by others more than a feature that is used by the masses.
Again I want the option, and would run a turn/stun server just to make it more private for my users.. I understand for some folks they'd be better off trusting the person they are talking to more than a server in the middle.. so I think options are great.
But defaults can be dangerous.
Now I'm in the boat of weighing options for warning my users to disable this - but then it's more likely going to teach some bad actors that an issue exists - and they are more likely to use it as opposed to a majority of my users that will ignore it (the warning).
boring_twenties 2021-08-17 19:04:16 +0000 UTC [ - ]
Arathorn 2021-08-17 23:19:15 +0000 UTC [ - ]
vlmutolo 2021-08-18 00:35:53 +0000 UTC [ - ]
Anecdotally, most non-gamers, non-programmers prefer the bubbles. And it's a strong enough preference that I basically hear that people can't use an app for normal communication unless it has the bubbles.
There's a reason WhatsApp, Telegram, iMessage, etc are all designed that way. They're meant for interpersonal communication more than giant chat rooms, and it seems like people generally prefer bubbles for that use case.