Mjolnir could intercept the /report endpoint to do fancy things with it

[turt2live]

Stuff like sending to moderators (a popular request) first, approve/disapprove of recommended actions, and general cataloguing.

---

We'd intercept the /report endpoint from Matrix at the reverse proxy level for the homeserver, and do things with it. Common requests are documented in the comment below.

[turt2live]

Rough sketch of how this could work:

• The bot has config options to enable this, as well as what homeserver it should assume the caller is from.
• When the report API is called, the bot checks the access token with /account/whoami against the configured homeserver.
• The bot sends a message to the moderation room with a legend for what reactions do which:
  • 👀 sends the message to the room moderators/admins.
  • A room is created to be a mini management room. The room is reused for future messages too.
  • When power levels change, new mods/admins are invited/kicked from the room.
  • Moderators will have options to redact/ban the user (see the next couple emoji reactions)
  • Status changes invoked by moderators will be communicated back to the main management room.
  • 🔇 redacts the message.
  • 🚫 bans the user (for "spam" or some other configurable message)
• In addition to the message to the moderation room, the bot optionally passes the report on to the homeserver for logging.
• Whenever the status of the message changes (ie: user banned, sent to mods, etc) the original message is edited in place to show this status. When it's been resolved, a ✅ gets prepended so other moderators know it has been dealt with.

[Half-Shot]

FYI the synapse admin API now has a report endpoint. You could in theory do a poor mans poll of the endpoint without having to intercept it.

[turt2live]

Something like this would be best to work on all homeserver implementations, not just Synapse.

[Yoric]

I think that we could start with a semi-trivial implementation that displays the (unformatted) abuse report in a room, then grow from there.

[mhoye]

Thanks for taking a look at this. Some things that I would find helpful in in "enhanced" reports might include:

• a way to see the offending message, in some way that doesn't display it by default to the moderation channel.
• a way to know whether or not I can redact the message in question - is our Mjolnir in that channel?
• a way to act on the report directly, with a click. e.g. a ban user button, maybe with a "redact?" checkbox

I explicitly don't think we should have anything like ban-a-whole-server in there, that is a bigger decision that shouldn't be something you can accidentally click on.

[turt2live]

for hiding the message, we have spoilers we can leverage (click-to-reveal)

[Yoric]

a way to see the offending message, in some way that doesn't display it by default to the moderation channel.

We can send this as <span data-mx-spoiler="">spoiler</span>. Would that do the trick for you?

You can test the result by writing the following in your element-web:

/html This is a <span data-mx-spoiler="">spoiler</span>

a way to act on the report directly, with a click. e.g. a ban user button, maybe with a "redact?" checkbox

Not sure we can read the value of a checkbox from a bot... but we might be able to fake it by making it a <a href="..."><img></a> of a checkbox.

[Gnuxie]

Not sure we can read the value of a checkbox from a bot... but we might be able to fake it by making it a <a href="..."><img></a> of a checkbox.

You could just have mjolnir place a reaction on the message and then ban if someone sends the same reaction (so it is the equivalent of a button press), some other bots already use reactions like this iirc.

[Yoric]

I'll try and prototype something.

[Yoric]

I've just opened a PR for the first part: intercepting /report and displaying human-readable abuse reports.

The next step will be simplifying user interactions.

I see three ways of doing this:

1. We can actually list the most common actions as Mjölnir commands and let the moderator copy&paste, e.g.

- To mute the author of event X, write `!mjolnir mute ...`.
- To ban the author of event X, write `!mjolnir ban ....`.
- ...

2. We can use stickers, e.g. _"To mute the author of event X, click on :zipper_mouthface:, to kick them, click on :door:, to ban them click on :lock:, to redact click :broom:, ... ".
3. We can ask the moderator to respond to the message with a single word, e.g.

   You may respond with `~mute`, `~ban`, `~handled`, `~redact`...

Options 1. and 3. are more verbose but they preserve some kind of timeline and authorship. I also hope that 3. will play nicely with threads once we have them. Option 2. is concise but I fear that there's a risk of accidentally clicking on the wrong sticker. This probably doesn't matter all that much if there's a good way to cancel such operations.

Not sure which one is best, tbh.