This Pluggable Module disables end-to-end encryption in a self-hosted Synapse servers. It works by stripping out requests for encryption from newly created rooms, patching power levels to prevent users from enabling encryption and additionally filtering out events for enabling E2EE on already existing rooms if a user or a room belongs to a configured list of servers.
This logic will work also on federated servers as long as they verify and enforce power levels.
Possible use-cases:
Once this feature is implemented on Synapse side (https://github.com/matrix-org/synapse/issues/4401) this plugin will become obsolete.
Plugin will strip away encryption from newly created rooms.
If patch_power_levels
option is set to True
the plugin will additionally patch the m.room.power_levels
event
and set the required power level for enabling encryption to 150 which is higher than the room creator level (100),
effectively preventing anybody (locally or over federation) from enabling encryption for the lifetime of rooms created this way (irreversible).
In addition the plugin will filter out events for enabling encryption on room based on the server:
In your homeserver.yaml
:
modules:
- module: "matrix_e2ee_filter.EncryptedRoomFilter"
config:
deny_encryption_for_users_of: ['example.org']
deny_encryption_for_rooms_of: ['example.org']
You may also want to add the following to your logging config to debug the plugin:
loggers:
matrix_e2ee_filter:
level: INFO
This is not bullet-proof, a federated server that doesn't respect power levels may still allow users to enable encryption which will allow 3p users on other servers belonging to federation to freely use e2ee. This will create a divergence in room state and users on the server where this plugin is enabled won't be able to read encrypted messages - from their point of view the room will still be unencrypted.
The patch_power_levels
option may be incompatible with certain servers because power levels higher than 100 are not documented in the Matrix spec.