account activity log

[uhoreg]

I think that Matrix should have a standard way of exposing an account activity log. This would allow users to view, for example:

• when they logged in/logged out from different devices
• when they changed cross-signing keys
• when they created key backups
• when they changed passwords
• when they added/removed email addresses, phone numbers, ...
• etc.

This could be done as a room shared with a server user, similar to the system alerts room. This would also probably benefit from extensible events.

[ara4n]

if the user is using such a room as a security audit log, then they are trusting their server implicitly. this might be suboptimal for e2e, where a malicious server admin could be creating devices etc.