E2EE disabling plugin for Synapse

This Pluggable Module disables end-to-end encryption in a self-hosted Synapse servers. It works by stripping out requests for encryption from newly created rooms and filtering out events for enabling E2EE on already existing rooms if a user or a room belongs to a configured list of servers.

It should not affect federated servers, but that’s not tested.

Possible use-cases:

  • A legal requirement to provide auditable chat logs
  • Simplify deployments and operation for private homeservers where users don’t care about E2EE and want to avoid issues with device verification, server-backed-up-keys etc.

Once this feature is implemented on Synapse side (https://github.com/matrix-org/synapse/issues/4401) this plugin will become obsolete.

Example config:

Plugin will strip away encryption from newly created rooms.
In addition the plugin will filter out events for enabling encryption on room based on the server:

  • deny_encryption_for_users_of: if the event sender is on the server in the list (i.e. @user:example.org)
  • deny_encryption_for_rooms_of: if the room is on the server in the list (i.e. !room:example.org)

In your homeserver.yaml:

 - module: "matrix_e2ee_filter.EncryptedRoomFilter"
     deny_encryption_for_users_of: ['example.org']
     deny_encryption_for_rooms_of: ['example.org']

You may also want to add the following to your logging config to debug the plugin:

        level: INFO