Documentation: https://docs.google.com/document/d/1jXMElbQR-5ldt_yhWuqzLFBO3-TEJWhRyWF5Y_gGSsc/edit#heading=h.h8vj3b7rllw9
Author: @erikjohnston
We need to decide how to do user profiles, and all the associated "persona" fun, or whatever that was called (e.g., displaying different info to different people).
(Imported from https://matrix.org/jira/browse/SPEC-93)
(Reported by @erikjohnston)
Jira watchers: @erikjohnston @ara4n
This is something we are interested in as well. Any chance you could up the prio?
-- Stefan 脜lund
Yup, we need it too in the very near future as part of implementing group ACLs at last (and needing somewhere to track what users are in).
-- @ara4n
Thanks!
-- Stefan 脜lund
We still need extensible profiles :(
@erikjohnston started work on this a while back at https://docs.google.com/document/d/1jXMElbQR-5ldt_yhWuqzLFBO3-TEJWhRyWF5Y_gGSsc/edit but the implementation has got displaced by other activity.
Hello.
Any news?
Came here from discussions why bridged users have the bridge name embedded in their nicknames instead of a separate field that could be displayed by client separately if needed. For example (IRC) or (Telegram) after the nick.
User normally doesn't care what service is used by anothers and for example tab-completing a nickname includes the bridge name which is completely wrong.
So please, include the bridge name in the extensible profiles so we could have clean nicknames and display the bridge separately as needed.
@vranki absolutely agree that the best way forward to show bridged users is to put a flag inside the profile.
For now, bridges are encouraged to put their users inside groups. All matrix.org IRC users are in the group/community according to the network they are part of.
Where would those profiles be stored? On identity servers?
Maybe E2EE can be used to present a different level of details to specific users.
It would be nice if some of the fields (e.g. phone number, address, email, etc) would be private.
Telegram handles this in an interesting way: only my contacts can see my phone number, but anyone can send me a message with my @username.
heads up that #1769 may replace this.
Yup, we need it too in the very near future as part of implementing group ACLs at last (and needing somewhere to track what users are in).
-- @ara4n
This also makes me think that there might be a need for access control on some profile data as well, like only allowing members of some rooms/communities to see parts of it.
Possible use cases:
Found this issue when discussing Signal's Encrypted Profiles implementation, might be worth checking out.
Could rel=me be also supported by this? If I link from my Matrix account to my homepage which links to my Matrix account, show a green checkmark or something similar to show that the two are verified to be the same person. This is how Mastodon does it, example.
It looks like I have already commented about rel=me without getting any feedback, so I will append on it.
Could clients or homeservers be recommended to implement rel=me checking on top of extensible profiles? If I link to mikaela.info from my profile, then I wish something to check mikaela.info in case it has a rel=me link back to my Matrix account (currently <a href="https://riot.im/app/#/user/@mikaela:privacytools.io" rel="me">@mikaela:privacytools.io on Riot/Matrix</a>) and seeing it tells the client that I am verified as the owner of that domain or Mastodon account or Gitlab account or anything else implementing rel=me.
My usecase is that currently there are several people who are registered on a high amount of homeservers and thus it would be easy to troll by pretending to be them by simply registering on yet another homeserver with the account they usually use and no one would be the wiser as those people could well have registered on that homeserver and thus be that user.
Do you see this as in-scope for this issue or should I open a new one?
Profiles could have also something like "liked by:
@Mikaela, I would like to note that in light of #915, and #778, it think it would be best to use the URL to pin the public key. Of course, #1769 will likely replace the current issue, and for this to happen we need #913 (MSC #1777). Going forward, if identities were truly distributed, one would only need the public key (we could do it with the public key and one/more "seed" servers for now :))
What is the public key I should pin in my website, how do I get it?
From discussion in #synchronicity:mozilla.org:
the code sheriffs would have a better life if we'd see a user's [...] time zone
Seems to me that local time zone would be a good fit for a profile field (similarly to Slack).
Most helpful comment
It looks like I have already commented about rel=me without getting any feedback, so I will append on it.
Could clients or homeservers be recommended to implement rel=me checking on top of extensible profiles? If I link to mikaela.info from my profile, then I wish something to check mikaela.info in case it has a rel=me link back to my Matrix account (currently
<a href="https://riot.im/app/#/user/@mikaela:privacytools.io" rel="me">@mikaela:privacytools.io on Riot/Matrix</a>) and seeing it tells the client that I am verified as the owner of that domain or Mastodon account or Gitlab account or anything else implementing rel=me.My usecase is that currently there are several people who are registered on a high amount of homeservers and thus it would be easy to troll by pretending to be them by simply registering on yet another homeserver with the account they usually use and no one would be the wiser as those people could well have registered on that homeserver and thus be that user.
Do you see this as in-scope for this issue or should I open a new one?