Let's Talk About Policy Servers

In the recent v0.5.0-rc.7 release of the Continuwuity Matrix server, we’ve rolled out support for Policy Servers (MSC4284).

What does that mean, though, and why does it matter?

What’s the Idea Behind Policy Servers?

Policy Servers are a way to decide what content is allowed in a Matrix room - before it reaches your timeline.

Existing large Matrix communities often use moderation bots like Draupnir, Meowlnir and Mjolnir to keep things tidy. They control normal Matrix accounts with high permissions and automatically manage bans, server blocks and redacting messages. These bots are good at reactive moderation – they help clean up unwelcome content after it’s been sent.

So what's the problem?

There are a couple problems with this method of moderation.

Firstly, redacted messages still appear as disruptive (Message deleted) entries in your timeline. When dealing with a wave of spam, this can make a room almost as unreadable as the spam itself.

Message deleted by Administrator
Message deleted by Administrator
Message deleted by Administrator

Secondly, because Matrix is a decentralised protocol, there’s no guarantee that every server in a room learns about a ban at the same time. This can lead to situations where messages slip past the moderation bot because on the bot’s server some messages came after the user was banned (and never made it to the timeline), but on other servers got the messages before learning the user was banned. This leaves spam visible to some users in the room, and moderators have to manually check other servers to clean up.

What if we could move from reacting to problems to proactively preventing them? That’s what Policy Servers aim to do.

How Do They Work?

  1. Community Chooses a Policy Server: A room’s administrators can decide to “opt-in” to using a Policy Server. They do this by adding a setting in their room, pointing to the server they want to use.

  2. Your Homeserver Asks for Advice: When you (or anyone else) sends a message or event in a room that uses a Policy Server, your Continuwuity homeserver will first send that event to the chosen Policy Server for a quick check.

  3. The Policy Server Gives a Recommendation: The Policy Server then quickly evaluates the event against its rules. These rules can be anything the community decides on – maybe it’s blocking certain keywords, preventing too many messages in a row, or limiting mentions. It then sends back a simple “recommendation”: either ”ok” (go ahead and deliver it!) or ”spam” (this looks suspicious!).

  4. Continuwuity Acts on the Recommendation:

    • If the Policy Server says ”ok,” your message goes through as usual. You won’t even notice anything happened!

    • If the Policy Server says “spam,” Continuwuity will act to prevent that content from being delivered to you and other users in the room. For messages you send, you’d simply get an error. For messages from other servers, they just wouldn’t appear in your client.

Seems simple enough.
It isn't too bad! The challenge is creating useful policies. Small mistakes in that can have frustrating consequences!

What Policy Servers Exist Today?

Right now we’re aware of two being used on the public network.

  • Meowlnir - Continuwuity team member Nexus implemented a policy server into this moderation bot, and it’s what protects our rooms.
  • The Matrix.org Foundation’s private implementation - mentioned in their blog post, this protects many of the Foundation’s rooms.
Meowlnir is open source, and you can deploy it on your own server right now.
If you want to protect your community with the Foundation's implementation, you'll need to contact them.

So, How Does This Affect You?

For most of your day-to-day Matrix usage on Continuwuity, you might not notice Policy Servers at all.

If a public room you’re in has opted for a Policy Server, you might find that less abusive or spammy content makes it to your timeline. The policy server is keeping that content away, so you can’t see when it works, and that’s the way we like it.

For community moderators, Policy Servers can significantly reduce the amount of reactive work they have to do. No longer do they have to manually find spam that’s been missed on some servers, and less spam to redact means more time for engaging with the community.

Policy Servers are entirely optional. Communities decide if and when to use them. Community leaders and moderators are in control of your community’s moderation strategy - and rooms are still decentralised by default.

Our implementation ensures that if we can’t reach a Policy Server, we default to assuming the event is ”ok.” This means your messages won’t get lost just because a Policy Server is temporarily offline. They might be delayed though - we’ll wait up to 10 seconds for a response, by default.

Looking Ahead

Moderation is still a rapidly evolving area in Matrix, and the tools are being refined. We’re happy to be building the tools to create a safer network. This isn’t the only thing we’re working on, and we’re still tacking other forms of spam and abuse.

If you have any questions or just want to chat, feel free to drop by our community rooms! (or here’s our main room, if your client doesn’t support spaces)

Happy chatting!

Jade