From b8ab3d0c87e4ef07eed3f9d8de0ae9636b566d86 Mon Sep 17 00:00:00 2001 From: Will Hunt Date: Wed, 5 May 2021 23:03:15 +0100 Subject: [PATCH] Remove point about Element showing unexpected devices --- proposals/2778-appservice-login.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/proposals/2778-appservice-login.md b/proposals/2778-appservice-login.md index e4583c00d..ce0828029 100644 --- a/proposals/2778-appservice-login.md +++ b/proposals/2778-appservice-login.md @@ -125,9 +125,6 @@ this is not a problem because: difference is that without a dedicated access token they are unable to receive device messages. While in theory this does make them unable to see encrypted messages, this is not designed to be a security mechanism. -- An appservice trying to log in as a user will always create a new device, which means the user would be informed of the - new device on their existing sessions. It should be very obvious if a malicous appservice is creating new devices on your account. - In conclusion this MSC only automates the creation of new devices for users inside an AS namespace, which is something a server admin could already do. Appservices should always be treated with care and so with these facts in mind the MSC should be considered secure.