ghost
commented
6 years ago There's a metadata leak there letting the homeserver know what sticker was sent to the room, what message it is in, and who can or cannot decrypt that message.
Implications include: an attacker who controls the homeserver can inject modified messages and see if the message can still be decryped.
Now I'd expect megolm to be much more robust in face of this, but that doesn't make it a good idea.
Merely encrypting the image won't fix this. Ideally decrypting and displaying an event should never trigger the loading of external resources. A solution might be to more agressively cache whole sticker packs, and only show stickers if they are already in cache.
Another solution is making stickers smaller and inlining them inside the event.
(Note that most of this applies to regular images as well.)
lampholder
Description
This poses a risk of the homeserver/media repo being able to correlate how often a sticker is used, although it's not directly related to the room itself. Some concerns were raised in the #megolm test room about the image itself not being encrypted.
To be absolutely clear: the event is encrypted, and must be decrypted to discover the sticker image. The image URL is not an encrypted version of the sticker, however.
Version information