search

mautrix / whatsapp

A Matrix-WhatsApp puppeting bridge
https://maunium.net/go/mautrix-whatsapp
GNU Affero General Public License v3.0
1.29k stars 175 forks source link

Hash phone number in MXIDs #579

Open Gredin67 opened 1 year ago

Gredin67 commented 1 year ago

Problem Currently Localpart template of MXIDs includes the phone number of the WhatsApp contact.

Solution Would be nice to be able to hash the number to prevent people on Matrix to get access to it.

Gredin67 commented 1 year ago

It looks like there is some solution here https://github.com/KrzysztofMadejski/matterbridge/blob/master/bridge/whatsapp/handlers.go#L49

@tulir @sumnerevans Would hiding the phone number be possible/easier if the bridge is only linked to one unique whatsapp account?

Gredin67 commented 1 year ago

Reading public.puppet (jid, avatar, displayname, name_quality, custom_mxid, access_token, next_batch, avatar_url, enable_presence, enable_receipts) I see that there is already a custom_mxid raw in the public.puppet table, but which is empty, thus seems to be unused. If not implemented, what would be the procedure (postgresql command) to set a custom_mxid ?

sumnerevans commented 1 year ago

custom_mxid is used for double puppeting.

Gredin67 commented 1 year ago

OK, if I understand well, double puppeting is not relevant when relaybot is active. Therefore, this parameter could be "re-used to anonymize whatsapp puppet mxid for the relaybot users", e.g. by adding an option with username_template: whatsapp_$custom_mxid where $custom_mxid could be a random number outside the range of msidsn. instead of the current only username_template: whatsapp_{{.}}

Having this $custom_mxid for whatsapp puppets would also allow to handle phone number change of a whatsapp account.

samip5 commented 1 year ago

OK, if I understand well, double puppeting is not relevant when relaybot is active.

It is relevant if the same whatsapp bridge has both enabled, eg people can be double puppeted (signed in to Whatsapp with their account) and also have other people that are not eg though the relay.

centralscrutinizer21 commented 1 year ago

I would also like to know a viable solution not to expose users mobile number (in my case in a relayed group)

Gredin67 commented 1 year ago

both enabled

I'm talking about the use-case where to have only one user with relaybot enabled. No individual user of the bridge. Maybe some users, each with relaybot enabled, but no double-pupetting activated.

centralscrutinizer21 commented 5 months ago

Hello! anyone found a viable solution to this issue?