Implement white / grey / black list

oxen-io / session-pysogs

Python implementation of the Session community server

GNU General Public License v3.0

73 stars 33 forks source link

Implement white / grey / black list #184

Open ghost opened 1 year ago

ghost commented 1 year ago

We need a system of white / grey / black list.

Be default, any new user should be on grey list first.

Any messages sent from grey list users should be routed to a queue which is only visible to admins and moderators, waiting for approval.

Admins and mods can:

approve or decline a single message but keep the user on the grey list, or
upgrade a user from grey list to white list, or
downgrade a user from grey list to black list

This can effectively prevent spam attackers

majestrate commented 1 year ago

this can be done already by with a room having the default state have users given no write permissions. this forbids users from posting until manually given permission to do so by a moderator. there is currently no client side ui for doing this yet but the server side is done.

ghost commented 1 year ago

this can be done already by with a room having the default state have users given no write permissions. this forbids users from posting until manually given permission to do so by a moderator. there is currently no client side ui for doing this yet but the server side is done.

Thanks for review, but I'm quite confused. Can you clarify if this is strictly equivalent to what a greylist does?

In my opinion, the most significant advantage of having a greylist is that it provides a new user with a probationary period during which they can communicate or interact. This serves as a honeypot for malicious actors without overwhelming the entire channel with spam messages. Throughout this period, a moderator can assess whether a particular new user is a good or bad actor.

If a new user lacks write permissions by default, how can a moderator determine whether this user will be a good actor or not?

ghost commented 1 year ago

Hi @majestrate, can I ask for reopening this issue? Thanks.

majestrate commented 1 year ago

this can be done already in the existing code, we just need to wire up the tooling to orchestrate the ungrey listing.

ghost commented 1 year ago

this can be done already in the existing code, we just need to wire up the tooling to orchestrate the ungrey listing.

Thanks. What is your recommendation for tracking and discussing this issue? For instance, would it be advisable to create an issue or initiate a discussion in (one/all of) the Session client's GitHub repository for the UI change? Regardless, a place for discussing and monitoring progress is necessary.

majestrate commented 1 year ago

we plan on putting all of this into our bot api which lets external automation do programmatic actions like moderation and more. see #174