Restrict directory searches and joins for certain users #5301
Description
This issue has been migrated from #5301.
My kids are on my homeserver. Today I found that nowadays, all users in public rooms known to the server are returned when creating a new 1:1 room in the Android app and searching for the chat partner.
This is a good thing for me, but a bad thing for my kids. My son who got his Matrix account today wanted to chat with his grandfather and started typing "jochen" into the search box, and for the first few characters, lots of Jochens showed up, but not the one on the local server who is his grandfather. At "joc" or "joch", the local result was at least among the first few, and the profile picture was easily recognizable for my son, but before that, he might have chosen any Jochen from all over the world. Without even trying to contact unknown people, he might have done so by accident.
This wasn't a problem before when search results were limited to people the user knew from their rooms. (But at that time, my son wouldn't have been able to find his grandfather without help at all.)
In order to able to more or less safely let kids on our own homeservers, I propose to create settings for certain users that will
- restrict user directory searches to local results
- restrict user directory searches to local results and identity server results (so that they are able to contact friends on remote servers)
- forbid listing room directories of other servers
- forbid listing the room directory of the local server
- forbid connecting to users on other servers
- forbid joining rooms the user is not invited to
A separate setting for each of those, of course, so that the admin can allow more and more as the kids grow older.
Matrix is a nice thing to give to kids before they demand WhatsApp. But in fact, it's less safe than WhatsApp. I'd like to have an environment where I can not only let my own kids, whom I trust, on my server, but also their friends, and still be sure that nothing bad will happen.