url-bot leaks +s channels

[dabukalam]

url-bot should probably mask/hide displaying channel names on output if the channel in question is or was +s, to avoid leaking channel existence.

[nuxeh]

Yes, good idea.

There are a couple of nuances considering how this might work, though.

Assuming you can get the channel mode (see below)...

The easiest solution might be to disable pre-posts entirely in secret channels. This would, however, cause pre-post functionality in secret channels to be lost.

Another possible option could be to store an empty name in the database for secret channels, and give a pre-post message with channel name omitted, no matter what channel the notification is sent to. This will still leak links, but since these are being posted again for them to be notified, that doesn't seem like a problem.

A more complicated approach could be to add a field to the database for "secret", and then:

• posting sanitised pre-post messages to any other channels (or even, not posting at all in other channels)
• keeping the same behaviour as before, as long as re-posts occur in the same (secret) channel they were originally posted in

With respect to getting the modes of a channel, the irccrate can send mode commands, but it seems to be for setting the mode:
https://docs.rs/irc/0.13.6/irc/client/ext/trait.ClientExt.html#method.send_mode

It's not immediately obvious how to query the mode settings of a channel, from this. This needs a bit more research.

Also it adds some network overhead/potential to fail if each target channel has to have its mode detected for every message received. And if the safe option is to fall back to secret if modes can't be obtained for a channel due to error, or not being available from the server, then that effectively drops channel information in pre-posts altogether.

Need to think about this some more... it might even be an idea to have a global configuration option for "no cross-channel pre-posts".

[dabukalam]

The no-cross channel pre-posts thing definitely makes sense to me and might be worth being opt-out by default as that should probably be enabled on most public IRC servers.

I basically agree with everything you've said. The complicated approach makes the most sense. No idea how you'd get it out of the irc crate though. I'd be surprised if it doesn't exist somewhere as there is an IRC client written in rust.

If it really doesn't exist and an upstream contribution to irc doesn't make sense then maybe one hack could be to just run /mode when connecting to channels and grep for +s.

[nuxeh]

Yep... The feature is easy to do, even have a default false cross_channel_history.

I had another idea that it could be possible to just add an IRC command for the bot itself to manually flag a channel as secret, e.g.

<user> url-bot: /secret [channel]

This would additionally require saving extra channel data in the configuration, however... and implementing commands, which is in the backlog already.

[nuxeh]

Opened an issue in irc... aatxe/irc#200