RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.84k stars 10.76k forks source link

Rocket.Chat for Web 3 Communities #8284

Open engelgabriel opened 7 years ago

engelgabriel commented 7 years ago

We invite all member of cryptocurrency communities to help us create a wishlist of new features, integrations apps and preset configurations that would make Rocket.Chat best suited for this use case.

REF: https://github.com/aragon/governance/issues/7


Update on November 14th

Follow the issues to check the progress on RC for Crypto Communities

lunitic commented 7 years ago

The IP based user banning and storage of IP addess is a super needed function.

onbjerg commented 7 years ago

If we could expand URL filtering with address filtering as well, that would be neat. Some phishing attempts do not use URLs, they just paste a public address posing as a "hidden" contribution wallet.

luisivan commented 7 years ago

I'd also add a secure way to sign up that empowers users vs spammers. Login methods like Twitter or Google already do that, but I think a universal, open, anonymous method such as staking some ETH would be a wonderful way to prevent spammers. This could get really complex easily, so I wouldn't say this is urgent for now, just something to keep in mind.

ludmila-omlopes commented 7 years ago

Instead of address filtering, it could be a keywords blacklist.

onbjerg commented 7 years ago

@ludmila-omlopes This wouldn't work, as we'd have to blacklist every address that could ever exist.

ludmila-omlopes commented 7 years ago

@onbjerg you don't need to block every address, just block hash codes in general.

ludmila-omlopes commented 7 years ago

And making it general for adding keywords we could also block (or at least alert) some common words used for phishing

onbjerg commented 7 years ago

Sure, if your proposed mechanism supports regular expressions, then it could work.

Smokyish commented 7 years ago

One thing i would like to see either as Rocket Chat functionality or as a app/bot, would be to blacklist/remove all links/addresses that are confirmed as phishing/scamming at https://etherscamdb.info/, https://github.com/409H/EtherAddressLookup and/or https://github.com/MyEtherWallet/ethereum-lists or a cross-reference of all.

janferme commented 7 years ago

I would like to see KYC implementation and then we give users some rewards and that's that :)

crsCR commented 7 years ago

A way to block registering with temp/disposable emails - scammers and esp' trolls love them.

cyclops24 commented 7 years ago

I also suggest SMS based KYC approach. Like Telegram messenger. It's send SMS verification code to mobile number that got from user sign up and use that for verification, password recovery,... Maybe related to: #8322

janferme commented 7 years ago

I wouldn't suggest SMS but Google Authenticator or Authy instead. It's much more secure just like MEW said https://myetherwallet.groovehq.com/knowledge_base/topics/protecting-yourself-and-your-funds

ethereater commented 7 years ago

The ability for blocking certain types of usernames, for example, 'golem-team', 'golem.ico'or 'golem(...something)' etc. for Golem Project Chat.

ethereater commented 7 years ago

I would like to have 2FA option for login

rasos commented 7 years ago

The FairCoin community is currently evaluating Rocket.Chat. They have monthly general assemblies and would need a non-anonymous voting tool to support consensus decisions.

skoria commented 7 years ago

Can you allow for payment in crypto via chat?

dgsus commented 7 years ago

building on to url filtering -> a possibility to configure regex expressions to filter out/delete messages that match the regex... we could create regex that could match ethereum wallet addresses, or ethereum wallet private keys, bitcoin wallet addresses, etc...

thanks!

gdelavald commented 7 years ago

Issue updated to add the issues created to track development.

Sing-Li commented 7 years ago

We are attempting to gather enough ideas and issues (feature requests and enhancements) that will allow us to define a Phase 1 for the Rocket.Chat for Cryptocurrency Communities project.

Please feel free to add your input to the individual issues that are created and tracked - in order to help us to better scope this phase of work.

We hope to freeze the Phase I requirements by early December (3rd).

Gandalf-the-Grey commented 7 years ago

Aside from already listed features like:

We would love to see also features like:

In our use case scenario we are fighting with various abuse like phishing / scam / impersonating (easy do to as it's super easy to register using disposable e-mail provider) and try to impersonate usernames that exist on the blockchain, even if names are slightly different it still might work. What could help? Different levels of user authentication / verification. We have currently 30k users on chat and 400k on the blockchain. We have working test instance that can do OAuth against posting authorities stored on the blockchain but then it doesn't require working e-mail. Ideally it would be to have trusted accounts that are able to authenticate via OAuth (prove that they have control over specific account name on the blockchain) AND then being able to use standard e-mail verification. Both required to be verified user with a nickname from the blockchain/OAuth.

Existing users (with e-mail verification only, without confirmed blockchain identity) would be migrated to something like: ~~~unverified~~~nickname. That would also allow guest users to register (prior to having blockchain level verification)

PhABC commented 7 years ago

Things that have been mentioned that I want to emphasize ;

For URL filtering, I am personally more of a fan of whitelists instead of blacklists, since it's impossible apriori to know what new phishing domains will appear. You can only react to new phishing domains, but it might already be too late. Some permissions could allow to post any links (like admins or moderators), but others would only be able to post from a list of URLs that the team built over time. When a user post a new URL, it could be reported in a private channels and admins could click on whether to allow this URL domain or not. This is just a suggestion, there might be simpler and just as efficient solution.

gdelavald commented 7 years ago

@Gandalf-the-Grey @PhABC Awesome to hear the suggestions. Rocket.Chat already supports a number of requested features, some of them:

We'll continue to hear your feedback on this until we have a starting point for the project. Thanks.

Gandalf-the-Grey commented 6 years ago

Guys, lack of anti abuse features makes it unusable at scale because such chat is simply becoming scam-nest. Apache-style flat file logs would help and should be fairly simple to implement for core team. Please make this high priority.

ghost commented 6 years ago

Add reCAPTCHA - IP LOGGING for DMCA requests #10542

gatesyp commented 2 years ago

Hello - Crypto runs on telegram, but as a platform it isnt suited for scaled business needs (unlike Rocket Chat).

It would be extremely powerful if Rocket Chat could use the Telegram messaging protocol and serve as a new front end client for it.