Improve fraudulent unbind notification
This commit is contained in:
Max Dor
@@ -23,24 +23,31 @@ If you do not understand this email, please forward it to your System administra
|
||||
|
||||
As the system administrator:
|
||||
|
||||
If you are using synapse as a Homeserver, this is a known issue and abuse of separation of concerns. As a privacy-centric
|
||||
product and given that it is not possible to remove 3PIDs using mxisd as those only exists in your Identity stores, the
|
||||
request was actively blocked.
|
||||
If you are using synapse as a Homeserver, this is a known issue related to MSC1194 [1] and abuse of separation of concerns.
|
||||
As a privacy-centric product and to protect your privacy, the request was actively blocked. We have written a more detailed
|
||||
explanation on our Privacy wiki page [2] (Direct link [3]) so you can fully grasp the impact for you and your users.
|
||||
|
||||
We have open an issue on the synapse repos to reflect the related privacy concerns and GDPR violation(s) and would
|
||||
We have open an issue [4] on the synapse repos to reflect the related privacy concerns and GDPR violation(s) and would
|
||||
appreciate if you could comment on it or simply adds a thumbs up so the concerns are finally dealt with by the synapse dev team.
|
||||
Issue: https://github.com/matrix-org/synapse/issues/4540
|
||||
|
||||
If you are using another Homeserver or this came following no action from your own users, then you have been the target
|
||||
of an unbind attack from a rogue entity which was blocked. You may want to check your logs to see the exact source of
|
||||
the attack and take relevant actions following your policy.
|
||||
|
||||
If you would like to disable these notifications, please see the 3PID sessions configuration documentation.
|
||||
If you would like to disable these notifications, please see the 3PID sessions configuration documentation [5].
|
||||
|
||||
Thanks,
|
||||
|
||||
%DOMAIN_PRETTY% Admins
|
||||
|
||||
---
|
||||
|
||||
[1] https://github.com/matrix-org/matrix-doc/issues/1194
|
||||
[2] https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy
|
||||
[3] https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy#msc1194-synapse-and-impacts-on-your-privacy
|
||||
[4] https://github.com/matrix-org/synapse/issues/4540
|
||||
[5] https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#configuration
|
||||
|
||||
--7REaIwWQCioQ6NaBlAQlg8ztbUQj6PKJ
|
||||
Content-Type: multipart/related;
|
||||
boundary="M3yzHl5YZehm9v4bAM8sKEdcOoVnRnKR";
|
||||
@@ -97,9 +104,11 @@ If you are the system administrator of the Matrix installation, read the second
|
||||
|
||||
<p>As the system administrator:</p>
|
||||
|
||||
<p>If you are using synapse as a Homeserver, this is a known issue and abuse of separation of concerns. As a privacy-centric
|
||||
product and given that it is not possible to remove 3PIDs using mxisd as those only exists in your Identity stores, the
|
||||
request was actively blocked.</p>
|
||||
<p>If you are using synapse as a Homeserver, this is a known issue related to <a href="https://github.com/matrix-org/matrix-doc/issues/1194">MSC1194</a>
|
||||
and abuse of separation of concerns. As a privacy-centric product and to protect your privacy, the request was actively
|
||||
blocked. We have written a more detailed explanation on our <a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy">Privacy wiki page</a>
|
||||
(<a href="https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy#msc1194-synapse-and-impacts-on-your-privacy">Direct link to section</a>)
|
||||
so you can fully grasp the impact for you and your users.</p>
|
||||
|
||||
<p>We have open an issue on the synapse repos to reflect the related privacy concerns and GDPR violation(s) and would
|
||||
appreciate if you could comment on it or simply adds a thumbs up so the concerns are finally dealt with by the synapse dev team.<br/>
|
||||
@@ -109,7 +118,8 @@ If you are the system administrator of the Matrix installation, read the second
|
||||
of an unbind attack from a rogue entity which was blocked. You may want to check your logs to see the exact source of
|
||||
the attack and take relevant actions following your policy.</p>
|
||||
|
||||
<p>If you would like to disable these notifications, please see the 3PID sessions configuration documentation.</p>
|
||||
<p>If you would like to disable these notifications, please see the
|
||||
<a href="https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/session/session.md#configuration">3PID sessions configuration documentation.</a></p>
|
||||
|
||||
<p>Thanks,</p>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user