search

oxen-io / session-desktop

Session Desktop - Onion routing based messenger
https://getsession.org
GNU General Public License v3.0
1.44k stars 186 forks source link

[BUG] <Unexpected 3rd party reactions on msgs in P2P conversation> #3086

Open eugenesan opened 2 months ago

eugenesan commented 2 months ago

Code of conduct

Self-training on how to write a bug report

Is there an existing issue for this?

Current Behavior

On Android and Desktop, since a few days ago, I am seeing unexpected 3rd party reactions to msgs sent to me inside P2P conversation. The other party of the conversion do not see the reactions.

Some of the reactions bleed to other clients.

Another person complained about the same issue on Session group chat. Interestingly, at leas one of the unexpected reactions were from that person. I have no contact with that person.

My current theory is that reactions somehow bleed between P2P and Group conversions.

Cross reporting Android Client as they are both affected: https://github.com/oxen-io/session-android/issues/1470

Update: Some of the reactions disappear if I am trying interact with them as if they were mine and the client did "-1".

Expected Behavior

No 3rd party anything in P2P conversions

Steps To Reproduce

There is nothing to do. Some msgs from other party in P2P conversion just shown with 3rd party reactions.

Desktop Version

1.12.2

Anything else?

No response

KeeJef commented 2 months ago

I did see reports of this from other user, haven't been able to find a case to reproduce yet though

pottsandpans commented 1 month ago

We are tracking this internally via Jira - SES-1807

jnorthrup commented 1 month ago

3103 [author sweeping under the rug] appears to be bleeding back to google personalization

eugenesan commented 1 month ago

@jnorthrup I don't think this issue is related to the issue you referenced, at least I hope so.

This issue is about session client/network leaking messages/reactions between chats open by the same client/identity.

That said, this issue is critical and I no longer can recommend using session for anything except public chats. Especially after developers didn't address it in any meaningful form for 3 weeks...

KeeJef commented 1 month ago

We need to investigate this issue further, but based on our observations, it appears to be a UI-specific problem that occurs rarely. Essentially, reactions received from communities or closed groups are being incorrectly assigned to the wrong messages at the UI level. This can result in reactions from a community appearing on a 1-1 message or a closed group message. However, the reaction is not actually being sent to your message, and doesn't appear for other users, its a UI assignment issue.

jnorthrup commented 1 month ago

| That said, this issue is critical and I no longer can recommend using session for anything except public chats.

responses like "stop using that OS" in response to a pretty clear leak of messages does underscore your quote as well, noone should ever want a secure messenger to write a "note to self" across platforms