Bots should only receive messages targeted at them #1109
Labels
A-Client-Server
Issues affecting the CS API
A-E2EE
Issues about end-to-end encryption
feature
Suggestion for a significant extension which needs considerable consideration
Comments
turt2live
added
feature
|
I'm intrigued by this as a spec. How do we plan to target specific messages to bots, and are you going to leave the option open for bots that need access to all messages? |
|
This issue exists because there's isn't even an MSC for it yet, so no idea how it'll be solved. As for leaving the option open for access to all message - please see the first line of the issue description ;)
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note: Some bots legitimately need access to all messages, and we should still permit those cases.
The general case for a bot is that it responds to commands by reading every message and doing something if it thinks the message matches a predetermined set. This is obviously not great as less trusted bots could become loggers too, though there is certainly an argument about only adding trusted bots to rooms.
This is more of an issue with encrypted rooms, where the bot has no reason to see messages not directed at it and can even be excluded more easily.
A challenge is doing this in a way where the bot can identify itself from a regular user (given bots are just user accounts), and not exposing metadata to the bot (ie: in an encrypted room, the bot doesn't need to know that a message was sent either).
Related:
The text was updated successfully, but these errors were encountered: