Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC4060: Accept room rules before speaking #4060

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 101 additions & 0 deletions proposals/4060-room-rules.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
# MSC4060: Accept room rules before speaking

A common feature among other chat platforms is a requirement for users to
acknowledge that they've read the room's rules before they're allowed to send
a message. It's typically a challenge to implement such a feature reliably as
there's rarely anything preventing an automated client from accepting the rules
and promptly spamming, however for the typical case a sufficient barrier is
simply one which appears *most* of the time in front of users.

This proposal introduces a feature where rooms can define rules that users must
accept before they're allowed to speak. Perhaps controversially, this MSC does
*not* require a new room version as it does not tie acceptance of the rules into
the event authorization rules. This is a deliberate choice as a change in rules
would constitute a requirement that all past agreements are rendered invalid,
which may be a desired trait in some communities but not all. This is explored
in a little bit more detail in the Alternatives section.

## Proposal

A new `m.room.rules` state event with empty string state key is defined to
contain the rules themselves. Like [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765),
this is done using Extensible Events:

```jsonc
{
"type": "m.room.rules",
"state_key": "",
"content": {
"m.text": [
{"body": "1. Don't be mean\n2. Be kind"},
{"mimetype": "text/html", "body": "<ol><li>Don't be mean</li><li>Be kind</li></ol>"}
]
}
// other fields not shown
}
```

A user "accepts" the rules by referencing the rules event. **TODO**: Pick method.

**TODO**: Options include:

1. [MSC4058](https://github.com/matrix-org/matrix-spec-proposals/pull/4058) -
the accepting user adds some structured metadata to the rules event.
2. [MSC4059](https://github.com/matrix-org/matrix-spec-proposals/pull/4059) -
if changed to support mutations from unoriginal senders, mutating the event
content in some way. This is probably dangerous though.
3. [Event relationships](https://spec.matrix.org/v1.8/client-server-api/#forming-relationships-between-events) -
like we've done for pretty much everything else.

When `m.room.rules` is present in a room, and the user hasn't accepted them, the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Presumably, if a new m.room.rules event is sent, everyone will need to accept the new rules, even if they had previously accepted the old rules. (Which means, among other things, that if a client sees a new m.room.rules state event, it should re-prompt the user to accept it.)

client SHOULD prompt the user to accept the rules before allowing them to send
a message. In this MSC, it is expected that a bot will enforce acceptance before
allowing the user to send a message. For example, redacting all of the user's
events.

Servers SHOULD require the user to accept the rules before allowing them to send
events in the room.

Notable exceptions for clients, servers, and moderation bots are events which
are required for accepting the rules and membership events (ie: leaving rather
than accepting).

It is expected that a future MSC will define a structure or system to *require*
acceptance of the rules at the room level, potentially tied into a
[MSC4056](https://github.com/matrix-org/matrix-spec-proposals/pull/4056)-style
role. Using a role would allow a subset of users to bypass the rules (in cases
where they can't be bridged, for example), require this MSC's soft limit
approach, or enforce the rules via event authorization.

## Potential issues

**TODO**: Detail.

## Alternatives

This MSC deliberately does not tie acceptance of the rules into the event
authorization algorithm. Doing so with the current power level structure in
Matrix rooms could potentially lead to over-imposed opinions on what it means
to "speak" in a room, as well as requiring users to frequently accept rule
changes.
Comment on lines +76 to +80
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my understanding this MSC is limited in this way to keep it small and simple?

As far as I see, there is a trade-off of initially not offering the customizability of

  • "what it means to speak"
  • how to deal with rule updates
  • maybe something I am not seeing or perhaps I am missing some specific context this is trying to address

and the worse UX and community admin effort of (creating,) setting up, and maintaining a bot that handles these.

While I think the additional effort is clear, the "worse UX" could mean e.g.

  • a bot redacts messages and posts a "please accept the rules" message -> spammy and disruptive to the rest of the community, especially if in a big community this happens constantly
  • a bot manages the PL to disallow sending at all, while no user feedback is possible (composer will only say "you can't send messages" and not "please accept the rules")

Most of this will then later become obsolete when a follow-up MSCs expands the possibilities.

Is this trade-off worth it to not make a bigger throw from the start? I would like to see further explanation why.


Instead, this MSC asks that a bot or local server make the decisions on what is
allowable before acceptance, and whether the rules need to be accepted every
time or not. It is expected that the protocol will eventually support many of
the constraints implemented by these servers and bots through future MSCs, such
as the role-based access control approach described in the proposal text above.

## Security considerations

**TODO**: Detail.

## Unstable prefix

While this MSC is not considered stable, implementations should use
`org.matrix.msc4060.room.rules` in place of `m.room.rules`.

**TODO**: Describe prefix for "accepting" the rules too.

## Dependencies

**TODO**: Declare.