Evaluate and Implement User Contact Preferences for Enhanced Security
Opened this issue · 1 comments
Description
Recent news about a security incident involving Microsoft Teams, where attackers sent over 1,000 malicious group chat invites through what appeared to be a compromised user or domain. This incident underscores the importance of providing robust security measures to protect users from unsolicited and potentially harmful contact.
Objective
We need to assess our current security measures regarding how users are contacted and by whom. Specifically, we should consider implementing or enhancing user options to control who can contact them. This feature would allow users to choose whether they want to be contacted by anyone on the platform or only by users they know and trust.
Suggestion
We can introduce (if we don't have already) settings that allow users to specify who can contact them. Options could include:
- Anyone on Sphinx Chat
- Only users in their contact list
@tomsmith8 Omoniyi raised this as a security concern for people getting socially engineered to click on malicious links. Wanted to flag it for you as a feature request.