search

element-hq / element-integration-manager

Element Integration Manager related issues
6 stars 1 forks source link

The integration manager decides to talk home without permission #51

Closed msrd0 closed 1 year ago

msrd0 commented 1 year ago

Describe the bug The second I click on the "Add widgets, bridges & bots" link in a room in element an HTTP request gets trigger that is eaten by UBlock Origin:

Screenshot_2023-03-23-10-56-29

To Reproduce Steps to reproduce the behavior:

  1. Open a room
  2. Click on "Add widgets, bridges & bots"

Expected behavior

No calls to any sentry or other logging servers without my explicit permission.

Desktop (please complete the following information):

Half-Shot commented 1 year ago

Hi there, thanks for logging an issue.

This functionality is intended to log failures back to us in case the integration manager fails for some reason. This is logged to the same infrastructure as the application is running on (and is entirely kept within the same organisation), rather than sending tracking to a third party.

Since we're hosting our own Sentry instance, we could have bundled this information onto the same domain as the integration manager and send the information in a different way to evade blocking systems, but ultimately sending this information via standard Sentry routes on an explicit domain means users have the option to block the information if they wish (via an extension, browser controls or otherwise).

Hopefully that makes sense.

msrd0 commented 1 year ago

I am still concerned about privacy here. Some of the running integrations will gain access to the messages sent in the room they are added to. This is no problem with public rooms, but private and/or encrypted rooms might contain sensitive data that must not be sent to your sentry instance. From my point of view, you are a 3rd party, as I am self-hosting my matrix server, but I appreciate you not using any tricks to mask the sentry requests.

Also, I am not against error reporting, at all. I have opened issues when I found problems in the past and I intend to keep doing that in the future. If I was asked by your application if I want to report this very error, and it shows me all details it's going to submit, I am likely to approve it. What I am against is error reporting in an automated way that makes it impossible for me to know if sensitive information were included or not.

If you are not willing to provide an option to disable sentry logging, is there a way to self-host instance of your integration server?