From 83f13f07abecea03cdb1f1f684954765a2f14090 Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Tue, 9 Sep 2025 13:06:37 +0100 Subject: [PATCH 1/7] MSC4346 placeholder --- proposals/4346-emoji-verification-images.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 proposals/4346-emoji-verification-images.md diff --git a/proposals/4346-emoji-verification-images.md b/proposals/4346-emoji-verification-images.md new file mode 100644 index 00000000000..20bcd6bae02 --- /dev/null +++ b/proposals/4346-emoji-verification-images.md @@ -0,0 +1 @@ +# MSC4346: Emoji verification images From 9bfc34af9ace666efa06cda90e3f6f9d0f1e319c Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Tue, 9 Sep 2025 13:08:25 +0100 Subject: [PATCH 2/7] Update number to 4347 --- proposals/4346-emoji-verification-images.md | 1 - proposals/4347-emoji-verification-images.md | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 proposals/4346-emoji-verification-images.md create mode 100644 proposals/4347-emoji-verification-images.md diff --git a/proposals/4346-emoji-verification-images.md b/proposals/4346-emoji-verification-images.md deleted file mode 100644 index 20bcd6bae02..00000000000 --- a/proposals/4346-emoji-verification-images.md +++ /dev/null @@ -1 +0,0 @@ -# MSC4346: Emoji verification images diff --git a/proposals/4347-emoji-verification-images.md b/proposals/4347-emoji-verification-images.md new file mode 100644 index 00000000000..90b1b70db1f --- /dev/null +++ b/proposals/4347-emoji-verification-images.md @@ -0,0 +1 @@ +# MSC4347: Emoji verification images From edc2c86f224c4f62c7bac5248634cedd32400277 Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Tue, 9 Sep 2025 14:03:17 +0100 Subject: [PATCH 3/7] First draft of MSC4347 --- proposals/4347-emoji-verification-images.md | 135 ++++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/proposals/4347-emoji-verification-images.md b/proposals/4347-emoji-verification-images.md index 90b1b70db1f..93b40749229 100644 --- a/proposals/4347-emoji-verification-images.md +++ b/proposals/4347-emoji-verification-images.md @@ -1 +1,136 @@ # MSC4347: Emoji verification images + +I propose supplying exact images to be used within emoji verification, to avoid +confusion for users where clients use different emoji fonts. + +## Motivation + +During device or user verification, if the [emoji method of SAS +verification](https://spec.matrix.org/v1.15/client-server-api/#sas-method-emoji) +is used, users are asked to compare two lists of emoji characters across two +devices. + +Clients present these emoji to the user with a message like "Confirm that the +emojis below match those shown on your other session". + +The spec provides words to describe each character in various languages, and +also a Unicode code point for each character. Different devices and applications +render these characters differently, based on the fonts they have available. + +This causes confusion: especially for a user who has never seen this before, it +is not clear what exactly is being asked. (For all they know the list of symbols +is always the same and the important point is whether the font/rendering styles +are identical!) + +I suggest that a standard set of images and a standard layout to display them +will help users make a quick and confident judgement of whether they are the +same or different. + +## Proposal + +I propose providing a fixed set of images to use for emoji verification, and +recommending a fixed layout for display on screen. + +### Changes to the emoji table + +Currently the spec provides Unicode code points of emoji for each +number 0-63 along with translated names. It also provides this information as +JSON at a well-known URL +(`https://github.com/matrix-org/matrix-spec/blob/main/data-definitions/sas-emoji.json`). + +The table within the spec and the JSON file would be adjusted to add links to +URLs like: + +`https://github.com/matrix-org/matrix-spec/blob/main/data-definitions/sas-emoji/00.svg` + +... + +`https://github.com/matrix-org/matrix-spec/blob/main/data-definitions/sas-emoji/63.svg` + +And the spec would supply images at these URLs. + +I propose including both SVG and PNG format images, so `sas-emoji.json` would +contain entries like this: + +``` +{ + "number": 4, + "emoji": "🦄", + "svg": "https://github.com/matrix-org/matrix-spec/blob/main/data-definitions/sas-emoji/04.svg", + "png": "https://github.com/matrix-org/matrix-spec/blob/main/data-definitions/sas-emoji/04.png" + "description": "Unicorn", + "unicode": "U+1F984", + "translated_descriptions": { + "ar": "حصان وحيد القرن", + "bg": "Еднорог", + "ca": "Unicorn", + ... + } +}, +``` + +### Changes to the spec wording + +I propose updating the wording of the spec to say graphical clients SHOULD +include copies of these images in their distributions and display them instead +of the corresponding Unicode code points rendered using a font. They can choose +freely whether to use SVG or PNG images, but prefer SVG if both are possible. + +I also propose that graphical clients SHOULD display these images in two rows, +centred vertically, with 4 images on the first row and 3 images on the second, +with the local translation of the corresponding word below each image. + +### Non-graphical clients + +Non-graphical clients or other clients that are unable to use the supplied +images may continue to use Unicode code points as before. + +### Sourcing the images + +I propose taking a snapshot of the relevant images from +[OpenMoji](https://openmoji.org/) at the time of incorporating this proposal +into the spec, and freezing the set of images at that time. (Until/unless some +other MSC requires them to be changed.) + +These images are attractive and clear. + +These images are provided under the CC BY-SA 4.0 license so may be used with +proper attribution, which should be added to the spec text. + +## Potential issues + +* If existing clients use Unicode code points to aid accessibility (e.g. for + blind users), the use of an image might reduce accessibility. However, the + already-provided word forms of the emoji are intended to give clients an easy + way of exposing an accessible interface for the verification process, and + nothing about this proposal changes that. + +* The visual style of the OpenMoji emojis may not fit well with some client + applications. I consider this aesthetic disruption worth it if it makes the + verification process easier to use. + +## Alternatives + +* We could miss out the image URLs in `sas-emoji.json` and expect client + developers to figure out the correct URLs based on the pattern, but providing + explicit URLs avoids potential problems with misinterpretations, and provides + some future-proofing against URL changes in the future. + +* We could choose either SVG or PNG images and not supply both. This would + further improve consistency, but might make life difficult for client + developers who are not able to render certain image types. + +## Security considerations + +This proposal is intended to improve security by making it easier for users to +perform verification. + +If implemented correctly within clients, I can't see any security risks. + +## Unstable prefix + +None required. + +## Dependencies + +None. From 1091375350a942ebaa5f1b1e4462a6009b6fe94e Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Tue, 9 Sep 2025 14:21:20 +0100 Subject: [PATCH 4/7] Add discussion of the license on OpenMoji --- proposals/4347-emoji-verification-images.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/proposals/4347-emoji-verification-images.md b/proposals/4347-emoji-verification-images.md index 93b40749229..ab6b6a48801 100644 --- a/proposals/4347-emoji-verification-images.md +++ b/proposals/4347-emoji-verification-images.md @@ -109,6 +109,20 @@ proper attribution, which should be added to the spec text. applications. I consider this aesthetic disruption worth it if it makes the verification process easier to use. +* My understanding of the + [CC BY-SA 4.0 license](https://creativecommons.org/licenses/by-sa/4.0/) ("You + must give appropriate credit, provide a link to the license, ... If you remix, + transform, or build upon the material, you must distribute your contributions + under the same license as the original") is that both the Matrix foundation + and client developers are allowed to distribute these images unmodified so + long as they give attribution, even if they are distributed within a + proprietary application or one under another license. However, I am not a + lawyer, and the foundation would need to satisfy itself as to the situation + here, or obtain some alternative set of images. (It is even possible the <=64 + original authors of the relevant images on OpenMojo might grant permission for + use under a more permissive license if needed.) It would seem polite to + contact OpenMojo either way before incorporating this change into the spec. + ## Alternatives * We could miss out the image URLs in `sas-emoji.json` and expect client From 3ef9c96456736b3da225d934f313f7d9f44bc21d Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Tue, 9 Sep 2025 14:29:34 +0100 Subject: [PATCH 5/7] Add some alternative fonts with more permissive licenses --- proposals/4347-emoji-verification-images.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/proposals/4347-emoji-verification-images.md b/proposals/4347-emoji-verification-images.md index ab6b6a48801..06348b56adc 100644 --- a/proposals/4347-emoji-verification-images.md +++ b/proposals/4347-emoji-verification-images.md @@ -122,6 +122,8 @@ proper attribution, which should be added to the spec text. original authors of the relevant images on OpenMojo might grant permission for use under a more permissive license if needed.) It would seem polite to contact OpenMojo either way before incorporating this change into the spec. + See the alternatives section for some other emoji sets that are released under + the more permissive CC-BY license. ## Alternatives @@ -134,6 +136,14 @@ proper attribution, which should be added to the spec text. further improve consistency, but might make life difficult for client developers who are not able to render certain image types. +* We could use a different emoji set for the images, especially if the CC BY-SA + license of OpenMoji is judged to be too restrictive. These emoji sets are + released under more permissive licenses: + + * [Emojitwo](https://emojitwo.github.io) + * [twemoji](https://github.com/twitter/twemoji) + * [noto-emoji](https://github.com/googlefonts/noto-emoji) + ## Security considerations This proposal is intended to improve security by making it easier for users to From 7a23bd543cc1e17108d0e271848eab1ed05eee15 Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Tue, 9 Sep 2025 14:45:38 +0100 Subject: [PATCH 6/7] Switch to proposing twemoji since its license is more permissive --- proposals/4347-emoji-verification-images.md | 43 ++++++++++----------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/proposals/4347-emoji-verification-images.md b/proposals/4347-emoji-verification-images.md index 06348b56adc..4691601659e 100644 --- a/proposals/4347-emoji-verification-images.md +++ b/proposals/4347-emoji-verification-images.md @@ -88,14 +88,15 @@ images may continue to use Unicode code points as before. ### Sourcing the images I propose taking a snapshot of the relevant images from -[OpenMoji](https://openmoji.org/) at the time of incorporating this proposal +[twemoji](https://github.com/twitter/twemoji) at the time of incorporating this proposal into the spec, and freezing the set of images at that time. (Until/unless some other MSC requires them to be changed.) These images are attractive and clear. -These images are provided under the CC BY-SA 4.0 license so may be used with -proper attribution, which should be added to the spec text. +These images are provided under the CC BY 4.0 license so may be used with +proper attribution, which should be added to the spec text and client +applications. ## Potential issues @@ -105,25 +106,21 @@ proper attribution, which should be added to the spec text. way of exposing an accessible interface for the verification process, and nothing about this proposal changes that. -* The visual style of the OpenMoji emojis may not fit well with some client +* The visual style of the twemoji emojis may not fit well with some client applications. I consider this aesthetic disruption worth it if it makes the verification process easier to use. -* My understanding of the - [CC BY-SA 4.0 license](https://creativecommons.org/licenses/by-sa/4.0/) ("You - must give appropriate credit, provide a link to the license, ... If you remix, - transform, or build upon the material, you must distribute your contributions - under the same license as the original") is that both the Matrix foundation - and client developers are allowed to distribute these images unmodified so - long as they give attribution, even if they are distributed within a - proprietary application or one under another license. However, I am not a - lawyer, and the foundation would need to satisfy itself as to the situation - here, or obtain some alternative set of images. (It is even possible the <=64 - original authors of the relevant images on OpenMojo might grant permission for - use under a more permissive license if needed.) It would seem polite to - contact OpenMojo either way before incorporating this change into the spec. - See the alternatives section for some other emoji sets that are released under - the more permissive CC-BY license. +* Some client developers may be concerned at the legal ramifications of + incorporating CC-licensed artwork into their applications, but my + understanding of twemoji's license (CC BY 4.0) is that this is allowed for + applications distributed under any license, so long as they comply with the + attribution requirement. The + [README](https://github.com/twitter/twemoji#attribution-requirements) file for + twemoji lists multiple very easy ways of giving attribution that should be + possible for any client application. Of course, I am not a lawyer so the + foundation would need to satisfy itself as to the situation. Client developers + who really felt unable to adopt the images could continue to display emoji + using Unicode code points. ## Alternatives @@ -136,14 +133,14 @@ proper attribution, which should be added to the spec text. further improve consistency, but might make life difficult for client developers who are not able to render certain image types. -* We could use a different emoji set for the images, especially if the CC BY-SA - license of OpenMoji is judged to be too restrictive. These emoji sets are - released under more permissive licenses: +* We could use a different emoji set for the images, for example: * [Emojitwo](https://emojitwo.github.io) - * [twemoji](https://github.com/twitter/twemoji) * [noto-emoji](https://github.com/googlefonts/noto-emoji) + but twemoji is already in widespread use in Matrix clients, so seems the + least disruptive alternative. + ## Security considerations This proposal is intended to improve security by making it easier for users to From ae6a9f30b8db1cae87c45593812fcc58874f3f58 Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Thu, 11 Sep 2025 11:16:33 +0100 Subject: [PATCH 7/7] Mention using alt text to supply the actual characters --- proposals/4347-emoji-verification-images.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/proposals/4347-emoji-verification-images.md b/proposals/4347-emoji-verification-images.md index 4691601659e..3a6c3487737 100644 --- a/proposals/4347-emoji-verification-images.md +++ b/proposals/4347-emoji-verification-images.md @@ -100,11 +100,13 @@ applications. ## Potential issues -* If existing clients use Unicode code points to aid accessibility (e.g. for +* If existing clients use Unicode characters to aid accessibility (e.g. for blind users), the use of an image might reduce accessibility. However, the already-provided word forms of the emoji are intended to give clients an easy way of exposing an accessible interface for the verification process, and - nothing about this proposal changes that. + nothing about this proposal changes that. Clients may also use the standard + accessibility mechanisms for their platform (e.g. the `alt` or `aria-label` + properties in HTML) to supply the Unicode characters. * The visual style of the twemoji emojis may not fit well with some client applications. I consider this aesthetic disruption worth it if it makes the