Rocket.Chat for Web 3 Communities

[engelgabriel]

We invite all member of cryptocurrency communities to help us create a wishlist of new features, integrations apps and preset configurations that would make Rocket.Chat best suited for this use case.

• [ ] URL filtering (what spam/phish filtering services should be supported?)
• [ ] IP based user banning
• [x] E2E message encryption, DM or group, supporting offline users
• [ ] Custom roles and permissions for cryptocurrency use cases
• [ ] Improved administrative tools
• [ ] Robust support for multiple servers on native mobile apps
• [ ] Ability to disable user name changes
• [x] Ability to 100% disable DMs
• [ ] Ability to disable users from posting URLs (Golem's modification of Rocket already solved this)
• [x] Totally hiding other users' email addresses from other users

REF: https://github.com/aragon/governance/issues/7

---

Update on November 14th

Follow the issues to check the progress on RC for Crypto Communities

• Allow User Profile Change without changing Name field #7126
  • Related to "Ability to disable user name changes"
• Anti-abuse features need to improve (logging and access control) #8026
  • Related to "IP based user banning" and "Improved administrative tools"
• Improvements to message filtering #8860
  • Related to "URL Filtering, disable users from posting URLs"
• Administration Roles Hierarchy #8865

[lunitic]

The IP based user banning and storage of IP addess is a super needed function.

[onbjerg]

If we could expand URL filtering with address filtering as well, that would be neat. Some phishing attempts do not use URLs, they just paste a public address posing as a "hidden" contribution wallet.

[luisivan]

I'd also add a secure way to sign up that empowers users vs spammers. Login methods like Twitter or Google already do that, but I think a universal, open, anonymous method such as staking some ETH would be a wonderful way to prevent spammers. This could get really complex easily, so I wouldn't say this is urgent for now, just something to keep in mind.

[ludmila-omlopes]

Instead of address filtering, it could be a keywords blacklist.

[onbjerg]

@ludmila-omlopes This wouldn't work, as we'd have to blacklist every address that could ever exist.

[ludmila-omlopes]

@onbjerg you don't need to block every address, just block hash codes in general.

[ludmila-omlopes]

And making it general for adding keywords we could also block (or at least alert) some common words used for phishing

[onbjerg]

Sure, if your proposed mechanism supports regular expressions, then it could work.

[Smokyish]

One thing i would like to see either as Rocket Chat functionality or as a app/bot, would be to blacklist/remove all links/addresses that are confirmed as phishing/scamming at https://etherscamdb.info/, https://github.com/409H/EtherAddressLookup and/or https://github.com/MyEtherWallet/ethereum-lists or a cross-reference of all.

[janferme]

I would like to see KYC implementation and then we give users some rewards and that's that :)

[crsCR]

A way to block registering with temp/disposable emails - scammers and esp' trolls love them.

[cyclops24]

I also suggest SMS based KYC approach. Like Telegram messenger. It's send SMS verification code to mobile number that got from user sign up and use that for verification, password recovery,... Maybe related to: #8322

[janferme]

I wouldn't suggest SMS but Google Authenticator or Authy instead. It's much more secure just like MEW said https://myetherwallet.groovehq.com/knowledge_base/topics/protecting-yourself-and-your-funds

[ethereater]

The ability for blocking certain types of usernames, for example, 'golem-team', 'golem.ico'or 'golem(...something)' etc. for Golem Project Chat.

[ethereater]

I would like to have 2FA option for login

[rasos]

The FairCoin community is currently evaluating Rocket.Chat. They have monthly general assemblies and would need a non-anonymous voting tool to support consensus decisions.

[skoria]

Can you allow for payment in crypto via chat?

[dgsus]

building on to url filtering -> a possibility to configure regex expressions to filter out/delete messages that match the regex... we could create regex that could match ethereum wallet addresses, or ethereum wallet private keys, bitcoin wallet addresses, etc...

thanks!

[gdelavald]

Issue updated to add the issues created to track development.

[Sing-Li]

We are attempting to gather enough ideas and issues (feature requests and enhancements) that will allow us to define a Phase 1 for the Rocket.Chat for Cryptocurrency Communities project.

Please feel free to add your input to the individual issues that are created and tracked - in order to help us to better scope this phase of work.

We hope to freeze the Phase I requirements by early December (3rd).

[Gandalf-the-Grey]

Aside from already listed features like:

• [ ] IP based user banning
• [ ] Improved administrative tools

We would love to see also features like:

• [ ] Way better logging (including IP)
• [ ] Anti-spam / anti-flood features (like on IRC realized by eggdrop bots, i.e. 5 messages in 60 seconds is considered as flood and user is temporarily muted, etc)

In our use case scenario we are fighting with various abuse like phishing / scam / impersonating (easy do to as it's super easy to register using disposable e-mail provider) and try to impersonate usernames that exist on the blockchain, even if names are slightly different it still might work. What could help? Different levels of user authentication / verification. We have currently 30k users on chat and 400k on the blockchain. We have working test instance that can do OAuth against posting authorities stored on the blockchain but then it doesn't require working e-mail. Ideally it would be to have trusted accounts that are able to authenticate via OAuth (prove that they have control over specific account name on the blockchain) AND then being able to use standard e-mail verification. Both required to be verified user with a nickname from the blockchain/OAuth.

Existing users (with e-mail verification only, without confirmed blockchain identity) would be migrated to something like: ~~~unverified~~~nickname. That would also allow guest users to register (prior to having blockchain level verification)

[PhABC]

Things that have been mentioned that I want to emphasize ;

• Anti-spam / Anti-flood
• 2 FA (very very important)
• Prevent certain words for usernames

For URL filtering, I am personally more of a fan of whitelists instead of blacklists, since it's impossible apriori to know what new phishing domains will appear. You can only react to new phishing domains, but it might already be too late. Some permissions could allow to post any links (like admins or moderators), but others would only be able to post from a list of URLs that the team built over time. When a user post a new URL, it could be reported in a private channels and admins could click on whether to allow this URL domain or not. This is just a suggestion, there might be simpler and just as efficient solution.

[gdelavald]

@Gandalf-the-Grey @PhABC Awesome to hear the suggestions. Rocket.Chat already supports a number of requested features, some of them:

• Keyword blacklist (your can check the badwords list on Admin panel)
• New users only from enabled domains (Allowed/Blocked domains list inside the Accounts menu on Admin Panel)
• Block certain usernames (Blocked Username List from the Accounts menu also)
• Two-Factor Authentication (although we still need some improvements in the mobile apps for this)
• Anti-Flood, only allowing certain amount of messages within a space of time

We'll continue to hear your feedback on this until we have a starting point for the project. Thanks.

[Gandalf-the-Grey]

Guys, lack of anti abuse features makes it unusable at scale because such chat is simply becoming scam-nest. Apache-style flat file logs would help and should be fairly simple to implement for core team. Please make this high priority.

[ghost]

Add reCAPTCHA - IP LOGGING for DMCA requests #10542

[gatesyp]

Hello - Crypto runs on telegram, but as a platform it isnt suited for scaled business needs (unlike Rocket Chat).

It would be extremely powerful if Rocket Chat could use the Telegram messaging protocol and serve as a new front end client for it.