Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Displayname disambiguation #2215

Closed
stefanceriu opened this issue Jan 12, 2024 · 0 comments · Fixed by #2221
Closed

Displayname disambiguation #2215

stefanceriu opened this issue Jan 12, 2024 · 0 comments · Fixed by #2221
Assignees
@bmarty
Labels
T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements X-Security

Comments

@stefanceriu
Copy link
Member

From element-x-ios created by ara4n: element-hq/element-x-ios#1845

Steps to reproduce

  1. Two users called Alice join a room with the same avatar; a benign one and and a malicious one
  2. The only way to spot messages from the malicious one is to tap on their avatar and read their mxid in the membership list.
  3. Instead, when two users have the same (homomorphic) displayname, they should be disambiguated from each other by appending the mxid (in a different text format) so you can spot impersonation attacks.

Outcome

What did you expect?

disambiguated displaynames

What happened instead?

no disambiguation; security flaw

Your phone model

No response

Operating system version

No response

Application version

396

Homeserver

No response

Will you send logs?

Yes
@stefanceriu stefanceriu added T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements X-Needs-Product Issue needs input from Product team X-Needs-Rust This issue needs a Rust SDK change. It must have a link to a Rust SDK issue Z-Schedule X-Security and removed X-Needs-Rust This issue needs a Rust SDK change. It must have a link to a Rust SDK issue labels Jan 12, 2024
@manuroe manuroe removed the X-Needs-Product Issue needs input from Product team label Jan 12, 2024
@bmarty bmarty self-assigned this Jan 12, 2024
bmarty added a commit that referenced this issue Jan 12, 2024
@bmarty
Display name disambiguation #2215.
14d5274 
Applied to:
- timeline message
- detail of timeline message
- reply preview of timeline message
- rendering of state Event
Not applied to:
- room last message
- room member list (we display the MatrixId here)
- room member detail page
This was referenced Jan 12, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bmarty bmarty

Labels
T-Enhancement New features, changes in functionality, performance boosts, user-facing improvements X-Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Display name disambiguation element-hq/element-x-android
3 participants
@stefanceriu @bmarty @manuroe