Matrix-doc: Extensible Profiles. (SPEC-93)

Created on 19 Jan 2015  路  19Comments  路  Source: matrix-org/matrix-doc

Documentation: https://docs.google.com/document/d/1jXMElbQR-5ldt_yhWuqzLFBO3-TEJWhRyWF5Y_gGSsc/edit#heading=h.h8vj3b7rllw9
Author: @erikjohnston

We need to decide how to do user profiles, and all the associated "persona" fun, or whatever that was called (e.g., displaying different info to different people).

(Imported from https://matrix.org/jira/browse/SPEC-93)

(Reported by @erikjohnston)

feature core proposal

Most helpful comment

It looks like I have already commented about rel=me without getting any feedback, so I will append on it.

Could clients or homeservers be recommended to implement rel=me checking on top of extensible profiles? If I link to mikaela.info from my profile, then I wish something to check mikaela.info in case it has a rel=me link back to my Matrix account (currently <a href="https://riot.im/app/#/user/@mikaela:privacytools.io" rel="me">@mikaela:privacytools.io on Riot/Matrix</a>) and seeing it tells the client that I am verified as the owner of that domain or Mastodon account or Gitlab account or anything else implementing rel=me.

My usecase is that currently there are several people who are registered on a high amount of homeservers and thus it would be easy to troll by pretending to be them by simply registering on yet another homeserver with the account they usually use and no one would be the wiser as those people could well have registered on that homeserver and thus be that user.

Do you see this as in-scope for this issue or should I open a new one?

All 19 comments

Jira watchers: @erikjohnston @ara4n

This is something we are interested in as well. Any chance you could up the prio?

-- Stefan 脜lund

Yup, we need it too in the very near future as part of implementing group ACLs at last (and needing somewhere to track what users are in).

-- @ara4n

Thanks!

-- Stefan 脜lund

We still need extensible profiles :(

@erikjohnston started work on this a while back at https://docs.google.com/document/d/1jXMElbQR-5ldt_yhWuqzLFBO3-TEJWhRyWF5Y_gGSsc/edit but the implementation has got displaced by other activity.

Hello.

Any news?

Came here from discussions why bridged users have the bridge name embedded in their nicknames instead of a separate field that could be displayed by client separately if needed. For example (IRC) or (Telegram) after the nick.

User normally doesn't care what service is used by anothers and for example tab-completing a nickname includes the bridge name which is completely wrong.

So please, include the bridge name in the extensible profiles so we could have clean nicknames and display the bridge separately as needed.

@vranki absolutely agree that the best way forward to show bridged users is to put a flag inside the profile.

For now, bridges are encouraged to put their users inside groups. All matrix.org IRC users are in the group/community according to the network they are part of.

Where would those profiles be stored? On identity servers?
Maybe E2EE can be used to present a different level of details to specific users.

It would be nice if some of the fields (e.g. phone number, address, email, etc) would be private.

Telegram handles this in an interesting way: only my contacts can see my phone number, but anyone can send me a message with my @username.

heads up that #1769 may replace this.

Yup, we need it too in the very near future as part of implementing group ACLs at last (and needing somewhere to track what users are in).

-- @ara4n

This also makes me think that there might be a need for access control on some profile data as well, like only allowing members of some rooms/communities to see parts of it.

Possible use cases:

  • Full name/custom display name, community or room-based.
  • Detailed bio that caters to a specific group, like work or project-specific information. Think like sharing multiple phone numbers or (mail/physical) addresses.

Found this issue when discussing Signal's Encrypted Profiles implementation, might be worth checking out.

Could rel=me be also supported by this? If I link from my Matrix account to my homepage which links to my Matrix account, show a green checkmark or something similar to show that the two are verified to be the same person. This is how Mastodon does it, example.

It looks like I have already commented about rel=me without getting any feedback, so I will append on it.

Could clients or homeservers be recommended to implement rel=me checking on top of extensible profiles? If I link to mikaela.info from my profile, then I wish something to check mikaela.info in case it has a rel=me link back to my Matrix account (currently <a href="https://riot.im/app/#/user/@mikaela:privacytools.io" rel="me">@mikaela:privacytools.io on Riot/Matrix</a>) and seeing it tells the client that I am verified as the owner of that domain or Mastodon account or Gitlab account or anything else implementing rel=me.

My usecase is that currently there are several people who are registered on a high amount of homeservers and thus it would be easy to troll by pretending to be them by simply registering on yet another homeserver with the account they usually use and no one would be the wiser as those people could well have registered on that homeserver and thus be that user.

Do you see this as in-scope for this issue or should I open a new one?

Profiles could have also something like "liked by: " and Facebook style friends information. With likes list, there could be dating rooms where you could like people's profiles and mutual like would result a match. Clients could implement Tinder-style left and right swipes for such rooms. Friends list would allow you to set different privacy and visibility settings for your profile depending on who is user your friend or not.

@Mikaela, I would like to note that in light of #915, and #778, it think it would be best to use the URL to pin the public key. Of course, #1769 will likely replace the current issue, and for this to happen we need #913 (MSC #1777). Going forward, if identities were truly distributed, one would only need the public key (we could do it with the public key and one/more "seed" servers for now :))

What is the public key I should pin in my website, how do I get it?

From discussion in #synchronicity:mozilla.org:

the code sheriffs would have a better life if we'd see a user's [...] time zone

Seems to me that local time zone would be a good fit for a profile field (similarly to Slack).

Was this page helpful?
0 / 5 - 0 ratings