Start bridging SMS content from new contacts only after user confirmation #59
Comments
MurzNN
changed the title
|
Adding the extra confirmation step sounds like something that would decrease the usability somewhat. Maybe we could add a filter for texts containing confirmation codes that won't be sent over the bridge. On the other hand: Since I run my own server, I actually like it that I get met 2FA texts on matrix via the bridge. |
|
Not all regular Matrix users have own private Matrix homeservers. Automatically bridging all sms to other Matrix server will create large security hole, so each admin of Matrix server can get access to message text (in database), eg, telegram account login confirmation code, bank account one-time password, etc. |
|
Other solution for described security problem is implementing e2ee, here is feature request #26 |
|
the e2ee request was sent for this reason, indeed. As for filters: I would argue for a user-configurable filter list. |
|
I proposed white/black listing some time ago #18 |
|
Or add an option to the app: »automatic open matrix room when message arrives« |
Many services sends verification codes, passwords and other confidential info to phone, that not good to share via Matrix bridge. But if we totally ignore them, this was not so good, because user will not informed that new sms is received and unbridged.
For solve this problem, will be good to implement mode for bridge sms from new contacts only after user confirmation.
So, SmsMatrix must handle list of whitelisted/blacklisted contacts and bridge all sms from them normally.
But when received sms from new contact - SmsMatrix bot will write in some "Status" room message to user: "Received new sms from {phone_number} contact. Allow bridge it to Matrix? [yes/no]".
And bridge sms content only after receiving
yesanswer.What do you think about this idea?
The text was updated successfully, but these errors were encountered: