Matrix Moderation¶
Note: This session was held quite informally and no notes were taken, so this document consists mainly of prep notes with background info instead.
Current state¶
Moderation bots¶
The main moderation tooling aimed at communities is moderation bots. There are mainly two relevant options here, Draupnir and Meowlnir. I have not used either, so I can't really make any judgements, but supposedly Draupnir is slightly more featureful. Draupnir is a fork of the original moderation bot implementation Mjolnir, whereas Meowlnir is an alternative written from scratch in Python. These tools allow community moderators to maintain lists of rules and protections that are applied across all rooms belonging to the community. Moderation actions carried out by moderation bots are reactive by nature, as such they can only mute/kick/ban users and optionally redact their messages.
PolicyServ¶
This is the most recent moderation tooling in matrix, specified in MSC4284 and somewhat recently merged into spec. PolicyServ can be self-hosted, but matrix.org also run an instance of PolicyServ that can be used by other communities. Policy Servers is basically a complement to existing moderation tooling, with the goal of preventing unwanted events from reaching clients. Unlike the moderation bots, this means that action can be taken preemptively, before the offending content reaches the user. This is achieved by advertising a policy server in a room, which well-behaved homeservers should reach out to to authorize events they receive. If the policy server considers the event spammy, servers should "soft-fail" the event, keeping it in the room state but never sending it to clients. Servers should also send local events to the policy server before federating them, completely rejecting them if the polict server considers them spammy.
Protections¶
Bots¶
Some automated protections, some of which rely on a also running a Synapse instance with a particular antispam module to manipulate events. Draupnir has a few more options than Meowlnir.
PolicyServ¶
- Frequency filter: Rate limits individual users within a given room.
- Keyworld filter: What it says on the tin.
- Keyword template filter: Advanced keyword filtering with Go templates.
- Mention filter: Sets a limit on how many pings a message can contain.
- Mention frequency filter: Same as above but across multiple messages.
- Media filter: Deny media events.
- Untrusted media filter: More configurable media filter.
- Policy list filter: Applies a filter from a moderation bot.
- Density filter: Filter messages with a high proportion of non-whitespace characters.
- Length filters: What it says on the tin.
- Sticky events filter: Filter sticky events for f.x. VoIP events which are not relevant to rooms that do not use VoIP features.
- OpenAI Filter: Let OpenAI decide whether events are spammy or not. Future plans for locally run LLM filters.
- Hasher-Matcher-Actioner filter: Detecting known content, f.x. comparing media to lists of hashes of known CSAM from NCMEC.
- Link filter: What it says on the tin. Configurable.
- Unsafe signing key filter: Block events signed by compromised/unsafe signing keys.
Where to go from here¶
The most effective combination of tooling is to use both PolicyServ and a moderation bot, as they generally complement each other. The debian.social Mjolnir is already used, but Tor community moderators have no direct control over it. The hosted matrix.org PolicyServ could be used to avoid having to self host. I have not tried it but this appears to still be fully configurable. However, this does introduce a SPOF if the policy server is down, as this will cause significant problems with normal event processing.
Setting up a community controlled moderation bot is probably the strongest recommendation. If maintaining it is not desired, another option could be to request an instance from https://asgard.chat, a hosted offering run by well known Matrix community members. Draupnir or Meowlnir seem like the best options here, but that's just opinion. PolicyServ can improve the UX, particularly for IRC users if it means that spam can be stopped before it reaches IRC where it cannot be redacted, but at a cost of a potential SPOF.