E2EE disabling plugin for Synapse
This Pluggable Module disables end-to-end encryption in a self-hosted Synapse servers. It works by stripping out requests for encryption from newly created rooms and filtering out events for enabling E2EE on already existing rooms if a user or a room belongs to a configured list of servers.
It should not affect federated servers, but that’s not tested.
- A legal requirement to provide auditable chat logs
- Simplify deployments and operation for private homeservers where users don’t care about E2EE and want to avoid issues with device verification, server-backed-up-keys etc.
Once this feature is implemented on Synapse side (https://github.com/matrix-org/synapse/issues/4401) this plugin will become obsolete.
Plugin will strip away encryption from newly created rooms.
In addition the plugin will filter out events for enabling encryption on room based on the server:
- deny_encryption_for_users_of: if the event sender is on the server in the list (i.e. @user:example.org)
- deny_encryption_for_rooms_of: if the room is on the server in the list (i.e. !room:example.org)
modules: - module: "matrix_e2ee_filter.EncryptedRoomFilter" config: deny_encryption_for_users_of: ['example.org'] deny_encryption_for_rooms_of: ['example.org']
You may also want to add the following to your logging config to debug the plugin:
loggers: matrix_e2ee_filter: level: INFO