Bots should only receive messages targeted at them #1109
Labels
A-Client-Server
Issues affecting the CS API
A-E2EE
Issues about end-to-end encryption
feature
Suggestion for a significant extension which needs considerable consideration
Note: Some bots legitimately need access to all messages, and we should still permit those cases.
The general case for a bot is that it responds to commands by reading every message and doing something if it thinks the message matches a predetermined set. This is obviously not great as less trusted bots could become loggers too, though there is certainly an argument about only adding trusted bots to rooms.
This is more of an issue with encrypted rooms, where the bot has no reason to see messages not directed at it and can even be excluded more easily.
A challenge is doing this in a way where the bot can identify itself from a regular user (given bots are just user accounts), and not exposing metadata to the bot (ie: in an encrypted room, the bot doesn't need to know that a message was sent either).
Related:
The text was updated successfully, but these errors were encountered: