Someone is scraping public #Matrix rooms for user data using a bot

@server_stats:nordgedanken.dev

stats.serverstats.nordgedanken

matrix.to/#/#server_stats:nord

I really don't think this is GDPR compatible somehow?

My advice, yeet the bot. Is there a way to de-federate from that domain? I haven't actually seen that in the docs.

Follow

@kawaiipunk server-wide defederating isn't really a thing, but you could set a server acl to ban that server from a specific room. That's the only account being used tho so a ban is easier

@kawaiipunk oh and afaik just like voyager.t2bot.io if you kick/ban the bot after joining it won't try to rejoin your room, and remove it from the stats

@f0x yep That seems to be the case. I'm not against the project as a whole. Shame it's not opt-in though.

@kawaiipunk yeah it would be so simple for it to send an opt-in message at join and only continue when an admin responds positively..

@f0x it's a sham Matrix doesn't have better moderation tools tbh.

@f0x @kawaiipunk Hi :) while I totally get where you are coming from I actually from people I talked to beforehand that this would actually be more annoying as that would result in spam. I am planning on implementing github.com/matrix-org/matrix-d which hopefully should improve the situation.

I can assure you however that bans will keep the room unlisted. ACL bans however may not work as my bot never sees them. This may be a bug though I am not sure if I can even see that as an appservice. I will 1/2

Sign in to participate in the conversation
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.