MSC4208: Adding User-Defined Custom Fields to User Global Profiles #4208
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,141 @@ | ||
| # MSC4208: Adding User-Defined Custom Fields to User Global Profiles | ||
|
|
||
| *This proposal depends on [MSC4133: Extending User Profile API](https://github.com/matrix-org/matrix-spec-proposals/pull/4133). | ||
| It introduces user-defined custom fields in the `u.*` namespace for user profiles.* | ||
|
|
||
| ## Proposal | ||
|
|
||
| This proposal aims to enable users to add arbitrary custom key:value pairs to their global user | ||
| profiles within the Matrix ecosystem. By leveraging the extended profile API introduced in | ||
| [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133), users can enrich their | ||
| profiles with additional public information such as preferred languages, organisational roles, or | ||
| other relevant details. | ||
|
|
||
| ### Key/Namespace Requirements | ||
|
|
||
| As per [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133), the profile API is | ||
| extended to allow additional fields beyond `avatar_url` and `displayname`. This MSC defines the use | ||
| of the `u.*` namespace for user-defined custom fields: | ||
|
|
||
| - **Namespace `u.*`**: Reserved for user-defined custom fields. The portion of the key name after | ||
| the `u.` defines the display name of this field (e.g., `u.bio`). The values in this namespace | ||
| must always be UTF-8 strings with content not exceeding 512 bytes. | ||
|
|
||
| ### Client Considerations | ||
|
|
||
| - Clients SHOULD provide a UI for users to view and edit their own custom fields in the `u.*` | ||
| namespace. | ||
|
|
||
| - When displaying other users' profiles, clients SHOULD retrieve and display custom fields in the | ||
| `u.*` namespace. | ||
|
|
||
| - Clients SHOULD be cautious about the amount of data displayed and provide options to limit or | ||
| filter the display of custom fields. | ||
|
|
||
| - Clients SHOULD implement appropriate content warnings and user education about the public nature | ||
| of profile fields. | ||
|
|
||
| ### Server Considerations | ||
|
|
||
| - Homeservers MAY impose limits on the number of custom fields, whether for storage reasons or to | ||
| ensure the total profile size remains under 64KiB as defined in [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133). | ||
|
|
||
| - Homeservers MAY validate that keys in the `u.*` namespace conform to the required format and | ||
| enforce size limits on values. | ||
|
|
||
| - Homeservers SHOULD use the existing `m.profile_fields` capability to control access to the `u.*` | ||
| namespace. For example: | ||
|
|
||
| ```json | ||
| { | ||
| "m.profile_fields": { | ||
| "enabled": true, | ||
| "disallowed": ["u.*"] | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| ### Trust & Safety Considerations | ||
|
|
||
| The ability for users to set arbitrary freetext fields in their profiles introduces several | ||
| significant trust and safety concerns that implementations must consider: | ||
|
|
||
| #### Content Moderation | ||
|
|
||
| - **Hate Speech and Harassment**: Users could use profile fields to spread hate speech or harass | ||
| others. Homeservers MUST implement appropriate content moderation tools. | ||
|
|
||
| - **Impersonation**: Custom fields could be used to impersonate others or create misleading | ||
| profiles. Homeservers SHOULD have mechanisms to handle impersonation reports. | ||
|
|
||
| - **Spam and Malicious Links**: Profile fields could be used to spread spam or malicious links. | ||
| Homeservers SHOULD implement link scanning and spam detection. | ||
|
|
||
| #### Privacy and Data Protection | ||
|
|
||
| - **Personal Information**: Users might inadvertently overshare personal information. Clients | ||
| SHOULD warn users about the public nature of profile fields. | ||
|
|
||
| - **Data Mining**: Public profile fields could be scraped for data mining. Homeservers SHOULD | ||
| implement rate limiting and monitoring for bulk profile access. | ||
|
|
||
| - **Right to be Forgotten**: Homeservers MUST ensure compliance with data protection regulations, | ||
| including the ability to completely remove profile data when requested. | ||
|
|
||
| #### Implementation Requirements | ||
|
|
||
| To address these concerns: | ||
|
|
||
| 1. **Content Filtering**: | ||
| - Homeservers MUST implement content filtering capabilities for custom fields | ||
| - Support for blocking specific patterns or content types | ||
| - Ability to quickly respond to emerging abuse patterns | ||
|
|
||
| 2. **Reporting Mechanisms**: | ||
| - Integration with [MSC4202](https://github.com/matrix-org/matrix-spec-proposals/pull/4202) | ||
| or similar reporting systems | ||
| - Clear processes for handling abuse reports | ||
| - Tools for moderators to review and action reported content | ||
|
|
||
| 3. **Rate Limiting**: | ||
| - Limits on frequency of profile updates | ||
| - Protection against automated abuse | ||
| - Monitoring for suspicious patterns | ||
|
|
||
| 4. **User Education**: | ||
| - Clear warnings about public nature of fields | ||
| - Guidelines for appropriate content | ||
| - Privacy implications documentation | ||
|
|
||
| ## Potential Issues | ||
|
|
||
| - **Privacy Concerns**: Users need to be aware that custom profile fields are public and visible to | ||
| anyone who can access their profile. | ||
|
|
||
| - **Abuse Potential**: As with any user-generated content, there is potential for misuse. Servers | ||
|
There was a problem hiding this comment. This section needs beefing up considerably - including both client and server considerations for preventing the creation of obviously harmful custom fields, mechanisms for identifying harmful user generated content in these fields, and client controls for choosing whether to display all, some or none custom fields, with sensible defaults. I'll aim to swing back with suggestions - happy to have conversations to help articulate the concerns more too! There was a problem hiding this comment. I totally agree! I've had a go at listing out some talking points (a22b9fc) but would definitely appreciate suggestions on what the Foundation would like to see enshrined in an MSC like this. New T&S section is here if you want a more readable copy! |
||
| and clients need to be prepared to handle offensive or inappropriate content. | ||
|
|
||
| - **Interoperability**: Until widespread adoption occurs, not all clients may support displaying | ||
| custom fields, leading to inconsistent user experiences. | ||
|
|
||
| ## Security Considerations | ||
|
|
||
| - **Content Moderation**: Homeservers SHOULD provide mechanisms to report and handle abusive | ||
| content in custom profile fields. [MSC4202](https://github.com/matrix-org/matrix-spec-proposals/pull/4202) | ||
| provides an example of one such mechanism. | ||
|
|
||
| - **Data Protection**: Homeservers SHOULD ensure compliance with data protection regulations, | ||
| especially regarding user consent and data retention. | ||
|
|
||
| ## Unstable Prefixes | ||
|
|
||
| ### Unstable Namespace | ||
|
|
||
| Until this proposal is stabilised, custom fields should use an unstable prefix in their keys: | ||
|
|
||
| - **Namespace `uk.tcpip.msc4208.u.*`**: For example, `uk.tcpip.msc4208.u.bio`. | ||
|
|
||
| ## Dependencies | ||
|
|
||
| This proposal depends on [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133), | ||
| which introduces the extended profile API to allow additional fields in user profiles. | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.