Matrix Metadata Leaks

To demonstrate the information leaked in E2EE Matrix chats, I have collected the following information from an E2EE chat between my own accounts. The information you see is what would be visible to an attacker with access to (or control of) a participating homeserver.


Note: For the purposes of these examples, it's assumed users are communicating using end-to-end encryption (E2EE). In non-E2EE rooms, you can expect everything mentioned here to be leaked, as well as actual message contents.

A message I sent in a test room:

{
  "type": "m.room.encrypted",
  "sender": "@babba27:tchncs.de",
  "content": {
    "algorithm": "m.megolm.v1.aes-sha2",
    "sender_key": "9uxzirWKc7YAHWRvQUvmHUR9suLWNUUrdBeTb1spcg8",
    "ciphertext": "AwgCEoABcstKoltMZk/wlRcwyq9be31Bqkh6SECNNpKU0DyzuUdOgahl9VzOY25McIoPl6E+R9hufHh/ph2Hj49QKpE135tJieHe3tZTWC8hHAAtut5jQ+MANdmVRk7Fww78779Xoe0lEWgBy/CnLwPFoF0oAFPagOu0BrOqFSV3LkQX5xb9fTsypAZG4gGMmWzb0EJUVO8GBrrXc72sKLZdSoZc8lZEYSNKEBGxN6ng5Jdd74axZjV5K6XkshDRPjU0+mvkwe1tLk4nEgU",
    "session_id": "5g5PlLHau95Ns6j1GpndEX8yZ/1L5VrAZQRl202FWpE",
    "device_id": "EUARBFHLKH"
  },
  "origin_server_ts": 1611901370970,
  "unsigned": {
    "age": 951,
    "transaction_id": "m1611901363879.4"
  },
  "event_id": "$nC787BTKMtJ3k9iOqFJbhH7Y_D3LChco3Ua997rsa2A",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

A reaction to the previous message:

{
  "type": "m.reaction",
  "sender": "@babba27:tchncs.de",
  "content": {
    "m.relates_to": {
      "rel_type": "m.annotation",
      "event_id": "$nC787BTKMtJ3k9iOqFJbhH7Y_D3LChco3Ua997rsa2A",
      "key": "👍️"
    }
  },
  "origin_server_ts": 1611901455979,
  "unsigned": {
    "age": 378,
    "transaction_id": "m1611901448809.5"
  },
  "event_id": "$r1qcoe-vbU-6UzKZHOd8J1LXNfl2LDehq_y2czN3w8g",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

An edit made to the original message:

{
  "type": "m.room.encrypted",
  "sender": "@babba27:tchncs.de",
  "content": {
    "algorithm": "m.megolm.v1.aes-sha2",
    "sender_key": "9uxzirWKc7YAHWRvQUvmHUR9suLWNUUrdBeTb1spcg8",
    "ciphertext": "AwgDErABX57aP9LanGeYMBm4ahO07LKkt+d13wqAqSOP7RcOg0eCeH+/3Ph3OrsTM3C6qHY9Td7vbAybchkCYdvAMnoKvlsb1emPaIjjTkCtgtN00olcS6T8zRb08R4yxU728e0PG+3H57qwzvTgAC4aQPn+yXDMGL1EGcOYi2YN2AblZvj7I/HP4Mf2RgHBAThTmB33KtZnAekwEgnbp/36rabmAixPrfTOKyA5a1vRmhdgp4yNhwTwbhwK/KpoTQUE4dfPCQ2h8FpGhZTe411RjNZvlIsA7Cvn1C+hx7clir+bz3BcmLvkQUJKV7yILuIKIZu8tZDV9pGPMw0",
    "session_id": "5g5PlLHau95Ns6j1GpndEX8yZ/1L5VrAZQRl202FWpE",
    "device_id": "EUARBFHLKH",
    "m.relates_to": {
      "rel_type": "m.replace",
      "event_id": "$nC787BTKMtJ3k9iOqFJbhH7Y_D3LChco3Ua997rsa2A"
    }
  },
  "origin_server_ts": 1611901515929,
  "unsigned": {
    "age": 42,
    "transaction_id": "m1611901508601.6"
  },
  "event_id": "$-qlUTOZPjKmNyn0_vBacyTHt7LqGhG0xVn0r5R6wIPA",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

Someone joining an encrypted room:

{
  "type": "m.room.member",
  "sender": "@babba27:fantasycookie17.onederfultech.com",
  "content": {
    "membership": "join",
    "displayname": "DriftNotSkid",
    "avatar_url": "mxc://fantasycookie17.onederfultech.com/uLqqZhJdYHRNvNWWIFeJbDlP"
  },
  "state_key": "@babba27:fantasycookie17.onederfultech.com",
  "origin_server_ts": 1611901567921,
  "unsigned": {
    "replaces_state": "$xEr7yGLdOVOxF7NxEEFHK-ToDTDMAW2PqPqhwA6XqFg",
    "prev_content": {
      "avatar_url": "mxc://fantasycookie17.onederfultech.com/uLqqZhJdYHRNvNWWIFeJbDlP",
      "displayname": "DriftNotSkid",
      "is_direct": true,
      "membership": "invite"
    },
    "prev_sender": "@babba27:tchncs.de",
    "age": 724
  },
  "event_id": "$AsXIuazCSM7liww5v_ZUntbAFDx8kXDH0-11QaS3UGQ",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

A message reply:

{
  "type": "m.room.encrypted",
  "sender": "@babba27:tchncs.de",
  "content": {
    "algorithm": "m.megolm.v1.aes-sha2",
    "sender_key": "9uxzirWKc7YAHWRvQUvmHUR9suLWNUUrdBeTb1spcg8",
    "ciphertext": "AwgFEuADXgptMRUy0QE8bM4yzWYKzorPHZdSwDM0EIroXDSoy494AjPA6O8czk0zGapS0yOEOdlTvEXyHxfI3L3In4nIrR27H1B4htJKWJM5CyrNP1dHZ2Ygv3eTreFw+H1O5R6OxeLUtnXnX/q442TMEVEHOjrIogWb5Wx20u7UZl2gKMrlLrgfFackd/m9JkyLO3u3TfHfAsf2HGjZPa12mGDlavHneNgPVRjf9c3G6ky8to8sKUW92Qh+4YYCW03XzQkr1Any7gkitN6SEmWDkHyb4s0d0fLGXkQTW9/t9KH1zcT32zXsPDKQ8m8Aw4tyKGnxA0BI/C6vQ6AKPVN+CRquDk3HhBlNBs/bD32rPGiCr/9cce+qZN/pnLBjvhKVAgpYPadWDhNdqGEK5vWQ2OqUhKJ8imyeTNb3khgxUUEfHkiKiBBx3LjIDYTyQvLGByRgGNkMTTK1DT11NKyiTHTb2bKhv7cDMTteuvjmnI50zq3t46NiKtBbtGLXltYSVNzR2FuKuEeeBI+gsiQx0JgwE/GIkXLrk3dVry6biben/uwfAiElmDWQIC1Gcz0meDH+92RwixbeCHoJJfSdBJrm76PY0NeTnnjkQcgG412MHfX/n97VGwl3tAaXhuH1kfeV2epKo1WUFcRlXUQfAvR1tQv2mjkzOS6CY4VFNOB5++3vBqVUw9inOn46SPgV1by3kSZ6n3JpOpVT6yqDMmvEZDquRS6hbLkG",
    "session_id": "5g5PlLHau95Ns6j1GpndEX8yZ/1L5VrAZQRl202FWpE",
    "device_id": "EUARBFHLKH",
    "m.relates_to": {
      "m.in_reply_to": {
        "event_id": "$nC787BTKMtJ3k9iOqFJbhH7Y_D3LChco3Ua997rsa2A"
      }
    }
  },
  "origin_server_ts": 1611901691331,
  "unsigned": {
    "age": 188,
    "transaction_id": "m1611901684040.8"
  },
  "event_id": "$CMShHiyKe4oLCLy5V2yVNK0UbXNe-aG5nlVsEFJhbng",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

Someone leaving a room:

{
  "content": {
    "membership": "leave",
    "avatar_url": "mxc://fantasycookie17.onederfultech.com/uLqqZhJdYHRNvNWWIFeJbDlP",
    "displayname": "DriftNotSkid"
  },
  "origin_server_ts": 1611901728707,
  "sender": "@babba27:fantasycookie17.onederfultech.com",
  "state_key": "@babba27:fantasycookie17.onederfultech.com",
  "type": "m.room.member",
  "unsigned": {
    "replaces_state": "$AsXIuazCSM7liww5v_ZUntbAFDx8kXDH0-11QaS3UGQ",
    "prev_content": {
      "avatar_url": "mxc://fantasycookie17.onederfultech.com/uLqqZhJdYHRNvNWWIFeJbDlP",
      "displayname": "DriftNotSkid",
      "membership": "join"
    },
    "prev_sender": "@babba27:fantasycookie17.onederfultech.com",
    "age": 347
  },
  "event_id": "$UE0WYXcVrWxznkR18gBozJn_p0iSF6bhgXE2M8sZFF0",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

Changing a nickname in a room:

{
  "type": "m.room.member",
  "sender": "@babba27:tchncs.de",
  "content": {
    "membership": "join",
    "displayname": "New Nickname",
    "avatar_url": "mxc://tchncs.de/GFjvfticjBswUsLqpZAKSKZd"
  },
  "state_key": "@babba27:tchncs.de",
  "origin_server_ts": 1611901779085,
  "unsigned": {
    "replaces_state": "$9J4AUK_FqeRFSeWc4ZaWOXqktpkEyyMCc4w0RhpCIho",
    "prev_content": {
      "membership": "join",
      "displayname": "DriftNotSkid",
      "avatar_url": "mxc://tchncs.de/GFjvfticjBswUsLqpZAKSKZd"
    },
    "prev_sender": "@babba27:tchncs.de",
    "age": 370
  },
  "event_id": "$AzHYPZwfpaForN0hiVUIUzNao5wCYFpMS9lQpyyOqlY",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

Changing a profile picture:

{
  "type": "m.room.member",
  "sender": "@babba27:tchncs.de",
  "content": {
    "membership": "join",
    "displayname": "DriftNotSkid",
    "avatar_url": "mxc://tchncs.de/ddGgcphfCKthKlEoInfOlotR"
  },
  "state_key": "@babba27:tchncs.de",
  "origin_server_ts": 1611902143554,
  "unsigned": {
    "replaces_state": "$1LrTvUG1VvV5fAc1IoUR2U8GGQOBs-HQuZQMbJcrmCo",
    "prev_content": {
      "membership": "join",
      "displayname": "DriftNotSkid",
      "avatar_url": "mxc://tchncs.de/fpGjfMbMSZqQYUJFJVnttREk"
    },
    "prev_sender": "@babba27:tchncs.de",
    "age": 1885
  },
  "event_id": "$1WEgsTwxD-N-hebV0zH1qZYatKaPs4Mmfu5uLuKMWRY",
  "room_id": "!ADDxogcQLsbRpVWTLR:tchncs.de"
}

All original non-code/non-software content is committed to the public domain, except where otherwise explicitly stated. Code/software is licensed under the BSD 3-clause license, except where otherwise explicitly stated. Content not originally created by Serpent Security may be subject to separate licensing terms.